Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-25183 givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php. | 7.5 | HIGH | — | 0 |
| CVE-2026-22776 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of c... | 7.5 | HIGH | — | 0 |
| CVE-2026-20875 Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-69273 Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | 7.5 | HIGH | — | 0 |
| CVE-2025-69272 Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. | 7.5 | HIGH | — | 0 |
| CVE-2025-69271 Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. | 7.5 | HIGH | — | 0 |
| CVE-2026-20919 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-20921 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-68568 Missing Authorization vulnerability in integrationclaspo Popup Builder: Exit-Intent pop-up, Spin the Wheel, Newsletter signup, Email Capture & Lead Generation forms maker claspo allows Exploiting ... | 7.5 | HIGH | — | 0 |
| CVE-2025-53477 NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled as... | 7.5 | HIGH | — | 0 |
| CVE-2025-52435 J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection ... | 7.5 | HIGH | — | 0 |
| CVE-2025-13457 The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on... | 7.5 | HIGH | — | 0 |
| CVE-2026-28076 Missing Authorization vulnerability in Frenify Guff guff allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Guff: from n/a through <= 1.0.1. | 7.5 | HIGH | — | 0 |
| CVE-2026-20926 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2026-22697 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-22026 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-22023 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-20929 Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2018-25141 FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by ac... | 7.5 | HIGH | — | 0 |
| CVE-2018-25140 FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. A... | 7.5 | HIGH | — | 0 |
| CVE-2025-66744 In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within th... | 7.5 | HIGH | — | 0 |
| CVE-2025-66049 Vivotek IP7137 camera with firmware version 0200a is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring au... | 7.5 | HIGH | — | 0 |
| CVE-2025-56424 An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script | 7.5 | HIGH | — | 0 |
| CVE-2025-50334 An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | 7.5 | HIGH | — | 0 |
| CVE-2026-22245 Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mec... | 7.5 | HIGH | — | 0 |
| CVE-2018-25139 FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stre... | 7.5 | HIGH | — | 0 |
| CVE-2025-66877 Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. | 7.5 | HIGH | — | 0 |
| CVE-2026-20965 Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally. | 7.5 | HIGH | — | 0 |
| CVE-2025-69260 A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication i... | 7.5 | HIGH | — | 0 |
| CVE-2025-69259 A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authent... | 7.5 | HIGH | — | 0 |
| CVE-2019-25291 INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these pe... | 7.5 | HIGH | — | 0 |
| CVE-2019-25279 FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can direct... | 7.5 | HIGH | — | 0 |
| CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiab... | 7.5 | HIGH | — | 0 |
| CVE-2017-20213 FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can e... | 7.5 | HIGH | — | 0 |
| CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. ... | 7.5 | HIGH | — | 0 |
| CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe... | 7.5 | HIGH | — | 0 |
| CVE-2026-22190 Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for spri... | 7.5 | HIGH | — | 0 |
| CVE-2018-25137 FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability in the ExportConfig REST API that allows attackers to download sensitive configuration files. Attackers can exploit the getC... | 7.5 | HIGH | — | 0 |
| CVE-2025-14070 The Reviewify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'send_test_email' AJAX action in all versions up to, and including, 1.0.6... | 7.5 | HIGH | — | 0 |
| CVE-2026-22521 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in G5Theme Handmade Framework allows PHP Local File Inclusion.This issue affects H... | 7.5 | HIGH | — | 0 |
| CVE-2025-13801 The Yoco Payments plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.8.8 via the file parameter. This makes it possible for unauthenticated attackers to read ... | 7.5 | HIGH | — | 0 |
| CVE-2025-13493 The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in ... | 7.5 | HIGH | — | 0 |
| CVE-2025-11877 The User Activity Log plugin is vulnerable to a limited options update in versions up to, and including, 2.2. The failed-login handler 'ual_shook_wp_login_failed' lacks a capability check and writes f... | 7.5 | HIGH | — | 0 |
| CVE-2025-14770 The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied p... | 7.5 | HIGH | — | 0 |
| CVE-2018-25136 FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by... | 7.5 | HIGH | — | 0 |
| CVE-2025-9142 A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory. | 7.5 | HIGH | — | 0 |
| CVE-2025-12166 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versio... | 7.5 | HIGH | — | 0 |
| CVE-2020-36921 RED-V Super Digital Signage System 5.1.1 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive webserver log files. Attackers can visit multiple en... | 7.5 | HIGH | — | 0 |
| CVE-2020-36917 iDS6 DSSPro Digital Signage System 6.2 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept authentication credentials through cleartext cookie transmiss... | 7.5 | HIGH | — | 0 |
| CVE-2025-69387 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in whatwouldjessedo Simple Retail Menus simple-retail-menus allows PHP Local File ... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.