Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-52903 IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 5.3 | MEDIUM | — | 0 |
| CVE-2022-49928 In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-p... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-49930 In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer problem in free_mr_init() Lock grab occurs in a concurrent scenario, resulting in stepping on a NULL po... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-49931 In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-46565 Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project root that are denied by a file matching pattern can... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-45614 Incorrect access control in the component /api/user/manager of One v1.0 allows attackers to access sensitive information via a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-4191 A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.p... | 7.3 | HIGH | — | 0 |
| CVE-2024-58135 Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a wea... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-58134 Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited ... | 8.1 | HIGH | — | 0 |
| CVE-2025-4257 A vulnerability, which was classified as problematic, has been found in SeaCMS 13.2. This issue affects some unknown processing of the file /admin_pay.php. The manipulation of the argument cstatus lea... | 3.5 | LOW | — | 0 |
| CVE-2025-4258 A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu up to 4.2.0. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handle... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-45615 Incorrect access control in the /admin/ API of yaoqishan v0.0.1-SNAPSHOT allows attackers to gain access to Admin rights via a crafted request. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-4259 A vulnerability has been found in newbee-mall 1.0 and classified as critical. Affected by this vulnerability is the function Upload of the file ltd/newbee/mall/controller/common/UploadController.java.... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-4260 A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0 and classified as problematic. Affected by this issue is the function impsave of the file m\web\handler\admin\system\TemplateController.... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-2905 Due to the improper configuration of XML parser, user-supplied XML is parsed without applying sufficient restrictions, enabling XML External Entity (XXE) resolution in multiple WSO2 Products. A succe... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-28168 The Multiple File Upload add-on component 3.1.0 for OutSystems is vulnerable to Unrestricted File Upload. This occurs because file extension and size validations are enforced solely on the client side... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-45608 Incorrect access control in the /system/user/findUserList API of Xinguan v0.0.1-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-45609 Incorrect access control in the doFilter function of kob latest v1.0.0-SNAPSHOT allows attackers to access sensitive information via a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-45610 Incorrect access control in the component /scheduleLog/info/1 of PassJava-Platform v3.0.0 allows attackers to access sensitive information via a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-45611 Incorrect access control in the /user/edit/ component of hope-boot v1.0.0 allows attackers to bypass authentication via a crafted GET request. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45613 Incorrect access control in the component /user/list of Shiro-Action v0.6 allows attackers to access sensitive information via a crafted payload. | 7.5 | HIGH | — | 0 |
| CVE-2025-46813 Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. ... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-4291 A vulnerability, which was classified as critical, was found in IdeaCMS up to 1.6. Affected is the function saveUpload. The manipulation leads to unrestricted upload. It is possible to launch the atta... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-2509 Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via c... | 7.8 | HIGH | — | 0 |
| CVE-2025-46586 Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-46588 Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-46589 Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 4.4 | MEDIUM | — | 0 |
| CVE-2025-46591 Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-46593 Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-43489 A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could deserialize untrusted data without validation. HP has addresse... | 5.2 | MEDIUM | — | 0 |
| CVE-2025-4331 A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the ar... | 7.3 | HIGH | — | 0 |
| CVE-2025-4332 A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The mani... | 7.3 | HIGH | — | 0 |
| CVE-2025-4358 A vulnerability classified as critical has been found in PHPGurukul Company Visitor Management System 2.0. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argum... | 7.3 | HIGH | — | 0 |
| CVE-2025-25014 A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-20979 Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code. | 8.4 | HIGH | — | 0 |
| CVE-2025-20980 Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-36504 When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End o... | 7.5 | HIGH | — | 0 |
| CVE-2024-47619 syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcar... | 7.5 | HIGH | — | 0 |
| CVE-2025-46551 JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting i... | 3.7 | LOW | — | 0 |
| CVE-2025-31644 When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrat... | 8.7 | HIGH | — | 0 |
| CVE-2025-35995 When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed requests can cause the T... | 7.5 | HIGH | — | 0 |
| CVE-2025-36525 When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoT... | 7.5 | HIGH | — | 0 |
| CVE-2025-41399 When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which h... | 7.5 | HIGH | — | 0 |
| CVE-2025-41414 When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoT... | 7.5 | HIGH | — | 0 |
| CVE-2025-41433 When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the T... | 7.5 | HIGH | — | 0 |
| CVE-2025-46265 On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which hav... | 8.8 | HIGH | — | 0 |
| CVE-2025-3758 WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early ... | N/A | NONE | — | 0 |
| CVE-2025-4467 A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipu... | 7.3 | HIGH | — | 0 |
| CVE-2025-40627 Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This vulne... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-4469 A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of th... | 2.4 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.