Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2019-25330 SurfOffline Professional 2.2.0.103 contains a structured exception handler (SEH) overflow vulnerability that allows attackers to crash the application by manipulating the project name input. Attackers... | 7.5 | HIGH | — | 0 |
| CVE-2025-66608 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal file... | 7.5 | HIGH | — | 0 |
| CVE-2026-25235 PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verif... | 7.5 | HIGH | — | 0 |
| CVE-2025-57713 A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed the vulner... | 7.5 | HIGH | — | 0 |
| CVE-2026-25239 PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability in apidoc queue insertion can allow query manipulation if an attacker ca... | 7.5 | HIGH | — | 0 |
| CVE-2025-70956 A State Pollution vulnerability was discovered in the TON Virtual Machine (TVM) before v2025.04. The issue exists in the RUNVM instruction logic (VmState::run_child_vm), which is responsible for initi... | 7.5 | HIGH | — | 0 |
| CVE-2025-56225 fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file. | 7.5 | HIGH | — | 0 |
| CVE-2026-24477 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the ve... | 7.5 | HIGH | — | 0 |
| CVE-2026-21720 Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops li... | 7.5 | HIGH | — | 0 |
| CVE-2026-1022 Statistics Database System developed by Gotac has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | 7.5 | HIGH | — | 0 |
| CVE-2025-59946 NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This iss... | 7.5 | HIGH | — | 0 |
| CVE-2026-1023 Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly exploit a specific functionality to query database conte... | 7.5 | HIGH | — | 0 |
| CVE-2022-50932 Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ pat... | 7.5 | HIGH | — | 0 |
| CVE-2021-47824 iDailyDiary 4.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the preferences tab name field. Attackers can paste a 2,000,000 character buff... | 7.5 | HIGH | — | 0 |
| CVE-2025-71019 Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf... | 7.5 | HIGH | — | 0 |
| CVE-2025-64092 This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. | 7.5 | HIGH | — | 0 |
| CVE-2026-24827 Out-of-bounds Write vulnerability in gerstrong Commander-Genius.This issue affects Commander-Genius: before Release refs/pull/358/merge. | 7.5 | HIGH | — | 0 |
| CVE-2025-67364 fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fa... | 7.5 | HIGH | — | 0 |
| CVE-2026-24828 Missing Release of Memory after Effective Lifetime vulnerability in Is-Daouda is-Engine.This issue affects is-Engine: before 3.3.4. | 7.5 | HIGH | — | 0 |
| CVE-2020-36939 Cassandra Web 0.5.0 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating path traversal parameters. Attackers can exploit the disa... | 7.5 | HIGH | — | 0 |
| CVE-2020-36946 SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the login request to o... | 7.5 | HIGH | — | 0 |
| CVE-2025-69420 Issue summary: A type confusion vulnerability exists in the TimeStamp Response verification code where an ASN1_TYPE union member is accessed without first validating the type, causing an invalid or NU... | 7.5 | HIGH | — | 0 |
| CVE-2026-24831 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 7.5 | HIGH | — | 0 |
| CVE-2026-1472 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1473 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1474 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1475 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1476 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-15464 Exported Activity allows external applications to gain application context and directly launch Gmail with inbox access, bypassing security controls. | 7.5 | HIGH | — | 0 |
| CVE-2026-1477 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zozothemes Miion miion allows PHP Local File Inclusion.This issue affects Miion... | 7.5 | HIGH | — | 0 |
| CVE-2026-22240 The vulnerability exists in BLUVOYIX due to an improper password storage implementation and subsequent exposure via unauthenticated APIs. An unauthenticated remote attacker could exploit this vulnerab... | 7.5 | HIGH | — | 0 |
| CVE-2026-1478 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-59384 A path traversal vulnerability has been reported to affect Qfiling. The remote attackers can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fi... | 7.5 | HIGH | — | 0 |
| CVE-2025-66786 OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of... | 7.5 | HIGH | — | 0 |
| CVE-2025-65805 OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious ... | 7.5 | HIGH | — | 0 |
| CVE-2026-21889 Weblate is a web based localization tool. Prior to 5.15.2, the screenshot images were served directly by the HTTP server without proper access control. This could allow an unauthenticated user to acce... | 7.5 | HIGH | — | 0 |
| CVE-2025-68907 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AivahThemes Hostme v2 hostmev2 allows Path Traversal.This issue affects Hostme v2: from n/a through <= 7... | 7.5 | HIGH | — | 0 |
| CVE-2025-68905 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jegtheme JNews - Pay Writer jnews-pay-writer allows PHP Local File Inclusion.Th... | 7.5 | HIGH | — | 0 |
| CVE-2026-1479 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1480 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1481 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68703 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the same password wil... | 7.5 | HIGH | — | 0 |
| CVE-2025-68704 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack mitigation. T... | 7.5 | HIGH | — | 0 |
| CVE-2025-68931 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and cipher... | 7.5 | HIGH | — | 0 |
| CVE-2025-68870 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects Coo... | 7.5 | HIGH | — | 0 |
| CVE-2026-0889 Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147 and Thunderbird < 147. | 7.5 | HIGH | — | 0 |
| CVE-2026-22862 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed... | 7.5 | HIGH | — | 0 |
| CVE-2026-22868 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash using a specially crafted message. This vulnerability is fixed... | 7.5 | HIGH | — | 0 |
| CVE-2025-65888 A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.