Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-23490 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. T... | 7.5 | HIGH | — | 0 |
| CVE-2025-68675 In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treate... | 7.5 | HIGH | — | 0 |
| CVE-2025-37166 A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a... | 7.5 | HIGH | — | 0 |
| CVE-2025-37165 A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of inter... | 7.5 | HIGH | — | 0 |
| CVE-2019-25239 V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retr... | 7.5 | HIGH | — | 0 |
| CVE-2025-66377 Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinit... | 7.5 | HIGH | — | 0 |
| CVE-2025-66379 Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of servic... | 7.5 | HIGH | — | 0 |
| CVE-2025-66443 Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software ... | 7.5 | HIGH | — | 0 |
| CVE-2025-67014 Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint. | 7.5 | HIGH | — | 0 |
| CVE-2025-67015 Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmware v2.5.1 allows attackers to change the Administrator password and escalate privileges via sending a... | 7.5 | HIGH | — | 0 |
| CVE-2025-66862 A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | — | 0 |
| CVE-2025-66863 An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | — | 0 |
| CVE-2025-66864 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | — | 0 |
| CVE-2025-66865 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file. | 7.5 | HIGH | — | 0 |
| CVE-2025-69235 Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. | 7.5 | HIGH | — | 0 |
| CVE-2026-22698 RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret k... | 7.5 | HIGH | — | 0 |
| CVE-2026-0692 The BlueSnap Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.0. This is due to the plugin relying on WooCommerce's... | 7.5 | HIGH | — | 0 |
| CVE-2026-0669 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS ... | 7.5 | HIGH | — | 0 |
| CVE-2022-50800 H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_s... | 7.5 | HIGH | — | 0 |
| CVE-2025-70957 A Denial of Service (DoS) vulnerability was discovered in the TON Lite Server before v2024.09. The vulnerability arises from the handling of external arguments passed to locally executed "get methods.... | 7.5 | HIGH | — | 0 |
| CVE-2025-70956 A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initi... | 7.5 | HIGH | — | 0 |
| CVE-2025-70955 A Stack Overflow vulnerability was discovered in the TON Virtual Machine (TVM) before v2024.10. The vulnerability stems from the improper handling of vmstate and continuation jump instructions, which ... | 7.5 | HIGH | — | 0 |
| CVE-2025-70954 A Null Pointer Dereference vulnerability exists in the TON Virtual Machine (TVM) within the TON Blockchain before v2025.06. The issue is located in the execution logic of the INMSGPARAM instruction, w... | 7.5 | HIGH | — | 0 |
| CVE-2025-61557 nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal. | 7.5 | HIGH | — | 0 |
| CVE-2022-50792 SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the v... | 7.5 | HIGH | — | 0 |
| CVE-2025-43706 An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC... | 7.5 | HIGH | — | 0 |
| CVE-2025-69227 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS at... | 7.5 | HIGH | — | 0 |
| CVE-2026-21878 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is ... | 7.5 | HIGH | — | 0 |
| CVE-2020-36914 QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie tran... | 7.5 | HIGH | — | 0 |
| CVE-2020-36915 Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploi... | 7.5 | HIGH | — | 0 |
| CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmiss... | 7.5 | HIGH | — | 0 |
| CVE-2025-11877 The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes f... | 7.5 | HIGH | — | 0 |
| CVE-2025-13801 The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read ... | 7.5 | HIGH | — | 0 |
| CVE-2025-70123 An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setu... | 7.5 | HIGH | — | 0 |
| CVE-2025-70122 A heap buffer overflow vulnerability in the UPF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted PFCP Session Modification Request. The issue occurs in th... | 7.5 | HIGH | — | 0 |
| CVE-2025-70121 An array index out of bounds vulnerability in the AMF component of free5GC v4.0.1 allows remote attackers to cause a denial of service via a crafted 5GS Mobile Identity in a NAS Registration Request m... | 7.5 | HIGH | — | 0 |
| CVE-2019-25279 FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can direct... | 7.5 | HIGH | — | 0 |
| CVE-2026-22245 Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mec... | 7.5 | HIGH | — | 0 |
| CVE-2025-50334 An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | 7.5 | HIGH | — | 0 |
| CVE-2025-56424 An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script | 7.5 | HIGH | — | 0 |
| CVE-2019-25342 Centova Cast 3.2.12 contains a denial of service vulnerability that allows attackers to overwhelm the system by repeatedly calling the database export API endpoint. Attackers can trigger 100% CPU load... | 7.5 | HIGH | — | 0 |
| CVE-2019-25341 iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-... | 7.5 | HIGH | — | 0 |
| CVE-2025-61594 URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fix to CVE-2025-27221 that can expose user credentials... | 7.5 | HIGH | — | 0 |
| CVE-2025-69261 WasmEdge is a WebAssembly runtime. Prior to version 0.16.0-alpha.3, a multiplication in `WasmEdge/include/runtime/instance/memory.h` can wrap, causing `checkAccessBound()` to incorrectly allow the acc... | 7.5 | HIGH | — | 0 |
| CVE-2019-25339 GHIA CamIP 1.2 for iOS contains a denial of service vulnerability in the password input field that allows attackers to crash the application. Attackers can paste a 33-character buffer of repeated char... | 7.5 | HIGH | — | 0 |
| CVE-2019-25335 PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both ... | 7.5 | HIGH | — | 0 |
| CVE-2026-20934 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20875 Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2019-25333 Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit th... | 7.5 | HIGH | — | 0 |
| CVE-2019-25330 SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.