Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-36855 A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota leads to stack... | 5.3 | MEDIUM | — | 0 |
| CVE-2022-4981 A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation result... | 3.3 | LOW | — | 0 |
| CVE-2025-57521 Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-59438 Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-60280 Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-60751 GeographicLib 2.5 is vulnerable to Buffer Overflow in GeoConvert DMS::InternalDecode. | 7.5 | HIGH | — | 0 |
| CVE-2025-61181 daicuocms V1.3.13 contains an arbitrary file upload vulnerability in the image upload feature. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-61194 daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60500 QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate You... | 7.2 | HIGH | — | 0 |
| CVE-2025-8050 External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper:... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60506 Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary Java... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-60772 Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrato... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62597 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edita... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-62598 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the edita... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-12031 HTTP Security Misconfiguration - Lacking Secure and HTTPOnly Attribute may allow reading the sensitive cookies from the javascript contextThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-60427 LibreTime 3.0.0-alpha.10 and possibly earlier is vulnerable to Broken Access Control, where a user with the DJ role can access analytics data via the Web UI and direct API calls. The backend does not ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-60790 ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-56799 Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a cra... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-56800 Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript w... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-56801 The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application envi... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-56802 The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stor... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-61255 Bank Locker Management System by PHPGurukul is affected by a Cross-Site Scripting (XSS) vulnerability via the /search parameter, where unsanitized input allows arbitrary HTML and JavaScript injection,... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-50074 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are af... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-50075 Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Security Management System). Supported versions that are af... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-31145 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | N/A | NONE | — | 0 |
| CVE-2025-52079 The administrator password setting of the D-Link DIR-820L 1.06B02 is has Improper Access Control and is vulnerable to Unverified Password Change via crafted POST request to /get_set.ccp. | 8.8 | HIGH | — | 0 |
| CVE-2025-53034 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53035 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-53036 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are... | 8.6 | HIGH | — | 0 |
| CVE-2025-53044 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-53037 Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53040 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulne... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-53041 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.5-12.2.14. Easily exploitable vulnerability allows unau... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53042 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulne... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-53043 Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite (component: Item Catalog). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows ... | 8.1 | HIGH | — | 0 |
| CVE-2019-11449 I, Librarian 4.10 has XSS via the notes.php notes parameter. | N/A | NONE | — | 0 |
| CVE-2025-53045 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-53046 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Analytics). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high pr... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-53047 Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows ... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-53048 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vu... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53049 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Administration). Supported versions that are affected are 7.6.0.0.0 and 8.2... | 8.4 | HIGH | — | 0 |
| CVE-2025-61138 Qlik Sense Enterprise v14.212.13 was discovered to contain an information leak via the /dev-hub/ directory. | 7.5 | HIGH | — | 0 |
| CVE-2025-53050 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Performance Monitor). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable... | 7.5 | HIGH | — | 0 |
| CVE-2025-53051 Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker h... | 2.7 | LOW | — | 0 |
| CVE-2025-53052 Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Notification Mailer). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerab... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53053 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerabili... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-53054 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability al... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-11086 The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin... | 8.1 | HIGH | — | 0 |
| CVE-2025-53055 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53056 Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Object and Environment Tech). Supported versions that are affected are 9.2.0.0-9.2.9.4. Easily exploitable... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.