Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-67905 Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate... | 8.7 | HIGH | — | 0 |
| CVE-2026-23647 Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23648 Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable an... | 7.8 | HIGH | — | 0 |
| CVE-2025-13867 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutral... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14689 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special element... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36247 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML dat... | 7.1 | HIGH | — | 0 |
| CVE-2025-36425 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1452 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2024-43178 IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-12755 IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages a... | 4.0 | MEDIUM | — | 0 |
| CVE-2025-36018 IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36019 IBM Concert 1.0.0 through 2.1.0 for Z hub framework is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2630 A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted. | 8.8 | HIGH | — | 0 |
| CVE-2025-36243 IBM Concert 1.0.0 through 2.1.0 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to netw... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-36597 Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged atta... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-36598 Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged atta... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22762 Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in th... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26357 Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2620 A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2026-2621 A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.a... | 7.3 | HIGH | — | 0 |
| CVE-2025-33088 IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources. | 7.4 | HIGH | — | 0 |
| CVE-2025-33135 IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2627 A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Re... | 7.8 | HIGH | — | 0 |
| CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access right... | N/A | NONE | — | 0 |
| CVE-2026-1670 The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2570 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-22048 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible ... | 7.1 | HIGH | — | 0 |
| CVE-2026-23599 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attac... | 7.8 | HIGH | — | 0 |
| CVE-2026-27031 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27032 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27033 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27034 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27035 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27036 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27037 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27038 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12037 The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sani... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-12071 The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8308 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Key Software Solutions Inc. INFOREX- General Information Management System allows XSS Throu... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-12074 The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which post... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-12075 The Order Splitter for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wos_troubleshooting' AJAX endpoint in all versions up to,... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-13959 The Filestack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'filepicker' shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6460 The Display During Conditional Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘message’ parameter in all versions up to, and including, 1.2 due to insufficient inp... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1277 The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismi... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1296 The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection in all versions up to, and including, 1.2.7 due to insufficient validation on the 'requested_page' POST... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-12356 The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1714 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution plugin for WordPress is vulnerable to Email Relay Abuse in all versions up to, and including, 3.3.2. Th... | 8.6 | HIGH | — | 0 |
| CVE-2026-1925 The EmailKit – Email Customizer for WooCommerce & WP plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'update_template_data' function in al... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1931 The Rent Fetch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'keyword' parameter in all versions up to, and including, 0.32.4 due to insufficient input sanitization and out... | 7.2 | HIGH | — | 0 |
| CVE-2026-2576 The Business Directory Plugin – Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'payment' parameter in all versions up to, and including, ... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.