Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-61144 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function. | 7.3 | HIGH | — | 0 |
| CVE-2025-61143 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26464 Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2698 An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27514 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response i... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27513 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement ant... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27512 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27511 Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, al... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22568 Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare co... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-22567 Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios. | 7.6 | HIGH | — | 0 |
| CVE-2026-3016 A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads t... | 8.8 | HIGH | — | 0 |
| CVE-2026-3015 A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lea... | 8.8 | HIGH | — | 0 |
| CVE-2026-2697 An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter. | 6.3 | MEDIUM | — | 0 |
| CVE-2025-70058 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in t... | 7.4 | HIGH | — | 0 |
| CVE-2025-70045 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in H... | 7.4 | HIGH | — | 0 |
| CVE-2025-70044 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70043 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-14905 A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly... | 7.2 | HIGH | — | 0 |
| CVE-2026-21420 Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi... | 7.3 | HIGH | — | 0 |
| CVE-2025-69700 Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. | 7.5 | HIGH | — | 0 |
| CVE-2026-2985 A security flaw has been discovered in Tiandy Video Surveillance System 视频监控平台 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a ma... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2984 A vulnerability was identified in SourceCodester Student Result Management System 1.0. This affects an unknown function of the file /admin/core/drop_user.php. Such manipulation of the argument ID lead... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-59873 An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query para... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-40986 Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the ... | N/A | NONE | — | 0 |
| CVE-2025-40701 Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parame... | N/A | NONE | — | 0 |
| CVE-2026-2983 A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import... | 7.3 | HIGH | — | 0 |
| CVE-2025-41002 SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' pa... | N/A | NONE | — | 0 |
| CVE-2026-2981 A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffe... | 8.8 | HIGH | — | 0 |
| CVE-2026-2980 A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The... | 7.2 | HIGH | — | 0 |
| CVE-2026-2979 A flaw has been found in FastApiAdmin up to 2.2.0. This issue affects the function user_avatar_upload_controller of the file /backend/app/api/v1/module_system/user/controller.py of the component Sched... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-26365 Akamai Ghost on Akamai CDN edge servers before 2026-02-06 mishandles processing of custom hop-by-hop HTTP headers, where an incoming request containing the header "Connection: Transfer-Encoding" could... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-25747 Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository usin... | 8.8 | HIGH | — | 0 |
| CVE-2026-23552 Cross-Realm Token Acceptance Bypass in KeycloakSecurityPolicy Apache Camel Keycloak component. The Camel-Keycloak KeycloakSecurityPolicy does not validate the iss (issuer) claim of JWT tokens agains... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-2978 A vulnerability was detected in FastApiAdmin up to 2.2.0. This vulnerability affects the function upload_file_controller of the file /backend/app/api/v1/module_system/params/controller.py of the compo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2977 A security vulnerability has been detected in FastApiAdmin up to 2.2.0. This affects the function upload_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Sc... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1367 Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option. | 8.3 | HIGH | — | 0 |
| CVE-2026-2976 A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2975 A security flaw has been discovered in FastApiAdmin up to 2.2.0. Affected by this vulnerability is the function reset_api_docs of the file /backend/app/plugin/init_app.py of the component Custom Docum... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2974 A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file shared_prefs/aliasvault.xml of the component Backup Handler. The manip... | 2.5 | LOW | — | 0 |
| CVE-2026-2972 A vulnerability was determined in a466350665 Smart-SSO up to 2.1.1. This affects the function Save of the file smart-sso-server/src/main/java/openjoe/smart/sso/server/controller/admin/UserController.j... | 2.4 | LOW | — | 0 |
| CVE-2026-2971 A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the componen... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2970 A vulnerability has been found in datapizza-labs datapizza-ai 0.0.2. Affected by this vulnerability is the function RedisCache of the file datapizza-ai-cache/redis/datapizza/cache/redis/cache.py. Such... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-2969 A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Templat... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2998 ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrar... | 7.8 | HIGH | — | 0 |
| CVE-2026-2968 A vulnerability was detected in Cesanta Mongoose up to 7.20. This impacts the function mg_chacha20_poly1305_decrypt of the file /src/tls_chacha20.c of the component Poly1305 Authentication Tag Handler... | 3.7 | LOW | — | 0 |
| CVE-2026-2967 A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This affects the function getpeer of the file /src/net_builtin.c of the component TCP Sequence Number Handler. The manipulati... | 3.7 | LOW | — | 0 |
| CVE-2026-2997 Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2966 A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID Handler. Executing a manipul... | 3.7 | LOW | — | 0 |
| CVE-2026-2965 A security flaw has been discovered in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.9. The affected element is an unknown function of the file /admin/SysModule/edit.html of the component System Extensio... | 2.4 | LOW | — | 0 |
| CVE-2026-2964 A vulnerability was identified in higuma web-audio-recorder-js 0.1/0.1.1. Impacted is the function extend in the library lib/WebAudioRecorder.js of the component Dynamic Config Handling. Such manipula... | 5.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.