Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-1808 The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1888 The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient i... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1909 The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1998 A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be la... | 3.3 | LOW | — | 0 |
| CVE-2025-7432 DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions. This may allow an attacker to eventually extract secret keys through a DPA attack. | N/A | NONE | — | 0 |
| CVE-2026-2010 A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/log... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-1252 The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1785 The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download an... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24916 Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-24927 Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24928 Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.8 | MEDIUM | — | 0 |
| CVE-2026-2013 A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql in... | 7.3 | HIGH | — | 0 |
| CVE-2026-2014 A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument I... | 7.3 | HIGH | — | 0 |
| CVE-2026-2015 A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1293 The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in all versions up to,... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-25299 RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can explo... | 7.1 | HIGH | — | 0 |
| CVE-2019-25300 thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, a... | 7.1 | HIGH | — | 0 |
| CVE-2019-25301 Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments ... | 6.4 | MEDIUM | — | 0 |
| CVE-2019-25302 Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can expl... | 7.8 | HIGH | — | 0 |
| CVE-2019-25303 TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, t... | 7.1 | HIGH | — | 0 |
| CVE-2019-25304 SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2019-25305 JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and e... | 7.8 | HIGH | — | 0 |
| CVE-2025-64111 Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, due to the insufficient patch for CVE-2024-56731, it's still possible to update files in the .git directory and achieve rem... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37109 aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a ... | 7.5 | HIGH | — | 0 |
| CVE-2026-2061 A vulnerability was determined in D-Link DIR-823X 250416. Affected by this issue is the function sub_424D20 of the file /goform/set_ipv6. Executing a manipulation can lead to os command injection. It ... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-69212 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file dec... | 8.8 | HIGH | — | 0 |
| CVE-2025-69214 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling t... | 8.8 | HIGH | — | 0 |
| CVE-2025-69216 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24416 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the ar... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24417 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the gl... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24418 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk op... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25635 calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven'... | 8.6 | HIGH | — | 0 |
| CVE-2026-25636 calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre... | 8.2 | HIGH | — | 0 |
| CVE-2026-25731 calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an eboo... | 7.8 | HIGH | — | 0 |
| CVE-2026-2066 A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffe... | 8.8 | HIGH | — | 0 |
| CVE-2026-2067 A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTimeGroupConfig. The manipulation of the argument year1 l... | 8.8 | HIGH | — | 0 |
| CVE-2026-1727 The Agentspace service was affected by a vulnerability that exposed sensitive information due to the use of predictable Google Cloud Storage bucket names. These names were utilized for error logs and ... | N/A | NONE | — | 0 |
| CVE-2020-37135 AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and... | 7.5 | HIGH | — | 0 |
| CVE-2020-37146 ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's co... | 7.5 | HIGH | — | 0 |
| CVE-2020-37147 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit... | 7.1 | HIGH | — | 0 |
| CVE-2020-37154 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l... | 7.1 | HIGH | — | 0 |
| CVE-2020-37155 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte p... | 7.5 | HIGH | — | 0 |
| CVE-2020-37157 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. A... | 7.5 | HIGH | — | 0 |
| CVE-2020-37159 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37160 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2025-12803 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'bt_bb_tabs' shortcode in all versions up to, and including, 5.5.1 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-13463 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post Grid component in all versions up to, and including, 5.5.3 due to insufficient input sanitization a... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15267 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_accordion_item shortcode in all versions up to, and including, 5.5.7 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15491 The Post Slides WordPress plugin through 1.0.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as wi... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.