Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data... | 8.1 | HIGH | — | 0 |
| CVE-2019-25650 River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc... | 8.4 | HIGH | — | 0 |
| CVE-2019-25649 River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input strin... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25648 MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. At... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25219 PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in t... | 8.4 | HIGH | — | 0 |
| CVE-2018-25218 PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. ... | 8.4 | HIGH | — | 0 |
| CVE-2018-25217 PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attacke... | 8.4 | HIGH | — | 0 |
| CVE-2018-25216 AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can past... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25215 Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail an... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25214 MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the Finger funct... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25213 Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Att... | 8.4 | HIGH | — | 0 |
| CVE-2018-25212 Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers ... | 8.4 | HIGH | — | 0 |
| CVE-2018-25211 Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string in the Licens... | 7.8 | HIGH | — | 0 |
| CVE-2026-4887 A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafte... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-4875 A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1961 A flaw was found in Foreman. A remote attacker could exploit a command injection vulnerability in Foreman's WebSocket proxy implementation. This vulnerability arises from the system's use of unsanitiz... | 8.0 | HIGH | — | 0 |
| CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the ap... | 2.6 | LOW | — | 0 |
| CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout. | 3.1 | LOW | — | 0 |
| CVE-2025-55275 HCL Aftermarket DPC is affected by Admin Session Concurrency vulnerability using which an attacker can exploit concurrent sessions to hijack or impersonate an admin user. | 3.7 | LOW | — | 0 |
| CVE-2025-55274 HCL Aftermarket DPC is affected by Cross-Origin Resource Sharing vulnerability. CORS misconfigurations includes the exposure of sensitive user information to attackers, unauthorized access to APIs, an... | 2.6 | LOW | — | 0 |
| CVE-2025-55273 HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Mali... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-55272 HCL Aftermarket DPC is affected by Banner Disclosure vulnerability where attackers gain insights into the system’s software and version details which would allow them to craft software specific attack... | 3.1 | LOW | — | 0 |
| CVE-2025-55271 HCL Aftermarket DPC is affected by HTTP Response Splitting vulnerability where in depending on how the web application handles the split response, an attacker may be able to execute arbitrary commands... | 3.1 | LOW | — | 0 |
| CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc. | 3.5 | LOW | — | 0 |
| CVE-2025-55269 HCL Aftermarket DPC is affected by Weak Password Policy vulnerability, which makes it easier for attackers to guess weak passwords or use brute-force techniques to gain unauthorized access to user acc... | 4.2 | MEDIUM | — | 0 |
| CVE-2025-55268 HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-55267 HCL Aftermarket DPC is affected by Unrestricted File Upload vulnerability, allows attacker to upload and execute malicious scripts, gaining full control over the server. | 5.7 | MEDIUM | — | 0 |
| CVE-2025-55266 HCL Aftermarket DPC is affected by Session Fixation which allows attacker to takeover the user's session and use it carry out unauthorized transaction behalf of the user. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-55265 HCL Aftermarket DPC is affected by File Discovery which allows attacker could exploit this issue to read sensitive files present in the system and may use it to craft further attacks. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-41359 Vulnerability related to an unquoted service path in Small HTTP Server 3.06.36, specifically affecting the executable located at 'C:\Program Files (x86)\shttps_mg\http.exe service'. This misconfigurat... | 7.8 | HIGH | — | 0 |
| CVE-2025-41027 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' paramet... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-41026 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' paramet... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-41368 Problem in the Small HTTP Server v3.06.36 service. An authenticated path traversal vulnerability in '/' allows remote users to bypass the intended restrictions of SecurityManager and display any file ... | 8.1 | HIGH | — | 0 |
| CVE-2018-25210 WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can subm... | 8.2 | HIGH | — | 0 |
| CVE-2018-25208 qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit maliciou... | 8.2 | HIGH | — | 0 |
| CVE-2018-25207 Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST... | 7.1 | HIGH | — | 0 |
| CVE-2018-25206 KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicio... | 8.2 | HIGH | — | 0 |
| CVE-2018-25205 ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can sub... | 8.2 | HIGH | — | 0 |
| CVE-2018-25204 Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST req... | 8.2 | HIGH | — | 0 |
| CVE-2018-25203 Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers ca... | 8.2 | HIGH | — | 0 |
| CVE-2018-25202 SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25201 School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username para... | 7.1 | HIGH | — | 0 |
| CVE-2018-25195 Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submi... | 8.2 | HIGH | — | 0 |
| CVE-2018-25185 Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers ... | 8.2 | HIGH | — | 0 |
| CVE-2018-25183 Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submi... | 8.2 | HIGH | — | 0 |
| CVE-2026-4809 plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload handling.... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4274 Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to restrict team-level access when processing membership sync from a remote cluster, which allows a m... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24068 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to ... | 8.8 | HIGH | — | 0 |
| CVE-2026-23398 In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_d... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.