Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2022-48912 In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released... | 7.8 | HIGH | — | 0 |
| CVE-2022-48913 In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debug... | 7.8 | HIGH | — | 0 |
| CVE-2022-48915 In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the the... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48918 In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses an... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48924 In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unrefere... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48925 In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immedi... | 7.8 | HIGH | — | 0 |
| CVE-2022-48926 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption i... | 7.8 | HIGH | — | 0 |
| CVE-2022-48927 In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all phy... | 7.8 | HIGH | — | 0 |
| CVE-2022-48928 In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48929 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel fu... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-32939 Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0, 9.8.x <= 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when ... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-48930 In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and si... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48931 In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() i... | 4.7 | MEDIUM | — | 0 |
| CVE-2022-48932 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-o... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-48933 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The trans... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-39810 Mattermost versions 9.5.x <= 9.5.7 and 9.10.x <= 9.10.0 fail to time limit and size limit the CA path file in the ElasticSearch configuration which allows a System Role with access to the Elasticsearc... | 4.9 | MEDIUM | — | 0 |
| CVE-2022-48934 In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_M... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23528 Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which wil... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21910 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthentic... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21912 A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-68671 lakeFS is an open-source tool that transforms object storage into a Git-like repositories. LakeFS's S3 gateway does not validate timestamps in authenticated requests, allowing replay attacks. Prior to... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-47779 Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12007 There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | 8.4 | HIGH | — | 0 |
| CVE-2025-68675 In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treate... | 7.5 | HIGH | — | 0 |
| CVE-2026-23490 pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.2, a Denial-of-Service issue has been found that leads to memory exhaustion from malformed RELATIVE-OID with excessive continuation octets. T... | 7.5 | HIGH | — | 0 |
| CVE-2026-23634 Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The defau... | 0.0 | NONE | — | 0 |
| CVE-2026-23744 MCPJam inspector is the local-first development platform for MCP servers. Versions 1.4.2 and earlier are vulnerable to remote code execution (RCE) vulnerability, which allows an attacker to send a cra... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23643 CakePHP is a rapid development framework for PHP. The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation. This issue has been fixed... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-15528 A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of s... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-11002 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction wit... | 7.8 | HIGH | — | 0 |
| CVE-2025-15529 A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-21223 Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | 7.1 | HIGH | — | 0 |
| CVE-2025-15530 A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipul... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15531 A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15532 A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1066 A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation resul... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1048 A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross s... | 3.5 | LOW | — | 0 |
| CVE-2026-1049 A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cros... | 3.5 | LOW | — | 0 |
| CVE-2026-1050 A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component R... | 7.3 | HIGH | — | 0 |
| CVE-2026-1061 A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1062 A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes serve... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-0865 User-controlled header names and values containing newlines can allow injecting HTTP headers. | N/A | NONE | — | 0 |
| CVE-2026-1106 A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Con... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1107 A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15533 A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-base... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15534 A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15535 A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The att... | 3.3 | LOW | — | 0 |
| CVE-2025-15536 A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes hea... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15537 A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1125 A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.