Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-50191 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched i... | 7.2 | HIGH | — | 0 |
| CVE-2025-50190 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patch... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-50189 Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] an... | 8.8 | HIGH | — | 0 |
| CVE-2025-50188 Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts... | 7.2 | HIGH | — | 0 |
| CVE-2025-50187 Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been patched in versi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-50186 Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-50337 Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated blind SSRF. This i... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-47886 Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By abusing mult... | 7.2 | HIGH | — | 0 |
| CVE-2026-26698 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-26697 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-1628 Mattermost Desktop App versions <=5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functional... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-3432 On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` par... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-3431 On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endp... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14532 DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue was... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-12462 A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injecti... | N/A | NONE | — | 0 |
| CVE-2025-58406 The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, an... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-58405 The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-58402 The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages ... | 7.5 | HIGH | — | 0 |
| CVE-2025-30062 In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection. | N/A | NONE | — | 0 |
| CVE-2025-30044 In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogs... | N/A | NONE | — | 0 |
| CVE-2025-30042 The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access verificat... | 7.8 | HIGH | — | 0 |
| CVE-2025-30035 The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a password or any othe... | N/A | NONE | — | 0 |
| CVE-2025-10350 SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM... | N/A | NONE | — | 0 |
| CVE-2026-2584 A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially... | N/A | NONE | — | 0 |
| CVE-2026-20445 In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20444 In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User i... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20443 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20442 In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not n... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20441 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20440 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User int... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20439 In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20438 In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interacti... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-20437 In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not neede... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20436 In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System pri... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20435 In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no add... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-20434 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta... | 7.5 | HIGH | — | 0 |
| CVE-2026-20430 In wlan AP FW, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges n... | 8.8 | HIGH | — | 0 |
| CVE-2026-20429 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20428 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20427 In display, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20426 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20425 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20424 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20423 In wlan STA driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is n... | 7.8 | HIGH | — | 0 |
| CVE-2026-20416 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in... | 7.2 | HIGH | — | 0 |
| CVE-2026-3422 U-Office Force developed by e-Excellence has a Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3413 A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql i... | 7.3 | HIGH | — | 0 |
| CVE-2026-3000 IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary DLL files from a remot... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2999 IDExpert Windows Logon Agent developed by Changing has a Remote Code Execution vulnerability, allowing unauthenticated remote attackers to force the system to download arbitrary executable files from ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15597 A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads ... | 6.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.