Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2023-53399 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() If share is , share->path is NULL and it cause NULL pointer dere... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53400 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names get_line_out_pfx() may trigger an Oops by overflowing the static array with more... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53401 In the Linux kernel, the following vulnerability has been resolved: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() KCSAN found an issue in obj_stock_flush_required(): stock->... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10723 The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks | 2.7 | LOW | — | 0 |
| CVE-2023-53402 In the Linux kernel, the following vulnerability has been resolved: kernel/printk/index.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() calle... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53403 In the Linux kernel, the following vulnerability has been resolved: time/debug: Fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, ot... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53404 In the Linux kernel, the following vulnerability has been resolved: USB: fotg210: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53405 In the Linux kernel, the following vulnerability has been resolved: USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-10874 The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for the stock photo import feature, allow... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-34726 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2023-53406 In the Linux kernel, the following vulnerability has been resolved: USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() cal... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53407 In the Linux kernel, the following vulnerability has been resolved: USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() cal... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53408 In the Linux kernel, the following vulnerability has been resolved: trace/blktrace: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53409 In the Linux kernel, the following vulnerability has been resolved: drivers: base: component: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() ca... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-9978 The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-34727 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2023-53411 In the Linux kernel, the following vulnerability has been resolved: PM: EM: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherw... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53412 In the Linux kernel, the following vulnerability has been resolved: USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() ca... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53413 In the Linux kernel, the following vulnerability has been resolved: USB: isp116x: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2023-53414 In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, ot... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-64132 Jenkins MCP Server Plugin 0.84.v50ca_24ef83f2 and earlier does not perform permission checks in multiple MCP tools, allowing attackers to trigger builds and obtain information about job and cloud conf... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn seg... | 7.5 | HIGH | — | 0 |
| CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an ... | 7.5 | HIGH | — | 0 |
| CVE-2025-68972 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signat... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-15117 A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserializa... | 3.1 | LOW | — | 0 |
| CVE-2025-15118 A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulatio... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15227 BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files. | 7.5 | HIGH | — | 0 |
| CVE-2025-15119 A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper au... | 3.1 | LOW | — | 0 |
| CVE-2025-15120 A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper auth... | 3.1 | LOW | — | 0 |
| CVE-2025-15121 A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument ... | 2.4 | LOW | — | 0 |
| CVE-2025-15122 A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId ... | 3.1 | LOW | — | 0 |
| CVE-2025-15123 A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It ... | 3.1 | LOW | — | 0 |
| CVE-2025-15124 A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to imprope... | 3.1 | LOW | — | 0 |
| CVE-2025-34976 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34977 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34978 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-15125 A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departI... | 3.1 | LOW | — | 0 |
| CVE-2025-15126 A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argu... | 3.1 | LOW | — | 0 |
| CVE-2025-15129 A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15130 A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.cla... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-15131 A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation re... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15132 A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-34979 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34980 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-15133 A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15134 A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing... | 3.5 | LOW | — | 0 |
| CVE-2025-15135 A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cook... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15136 A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulatio... | 8.8 | HIGH | — | 0 |
| CVE-2025-15137 A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934 of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The... | 8.8 | HIGH | — | 0 |
| CVE-2025-15138 A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes ... | 4.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.