Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-38092 In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list is empty t... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-53664 Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Ite... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-38093 In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-52886 Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count an... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-20307 A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks aga... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-38096 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: don't warn when if there is a FW error iwl_trans_reclaim is warning if it is called when the FW is not alive. But i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38098 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Don't try to operate on a drm_wb_connecto... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-48913 If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to rej... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53606 Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-8748 MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary comman... | 8.8 | HIGH | — | 0 |
| CVE-2025-8749 Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-8733 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes:... | N/A | NONE | — | 0 |
| CVE-2025-8734 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes:... | N/A | NONE | — | 0 |
| CVE-2025-8735 A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null ... | 3.3 | LOW | — | 0 |
| CVE-2026-26092 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-55188 7-Zip before 25.01 does not always properly handle symbolic links during extraction. | 3.6 | LOW | — | 0 |
| CVE-2025-54998 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the aut... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-54999 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass ... | 3.7 | LOW | — | 0 |
| CVE-2025-55000 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, OpenBao's TOTP secrets engine ... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-50233 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL termi... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-41979 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 7.1 | HIGH | — | 0 |
| CVE-2025-11072 The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-58238 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stre... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-8851 A vulnerability was determined in LibTIFF up to 4.5.1. Affected by this issue is the function readSeparateStripsetoBuffer of the file tools/tiffcrop.c of the component tiffcrop. The manipulation leads... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8859 A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-42936 The SAP NetWeaver Application Server for ABAP does not enable an administrator to assign distinguished authorizations for different user roles, this issue allows authenticated users to access restrict... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-47444 Insertion of Sensitive Information Into Sent Data vulnerability in Liquid Web GiveWP allows Retrieve Embedded Sensitive Data.This issue affects GiveWP: from n/a before 4.6.1. | 7.5 | HIGH | — | 0 |
| CVE-2025-26398 SolarWinds Database Performance Analyzer was found to contain a hard-coded cryptographic key. If exploited, this vulnerability could lead to a machine-in-the-middle (MITM) attack against users. This v... | 5.6 | MEDIUM | — | 0 |
| CVE-2024-41980 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 3.1 | LOW | — | 0 |
| CVE-2024-41982 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-41983 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 3.5 | LOW | — | 0 |
| CVE-2024-41984 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 2.6 | LOW | — | 0 |
| CVE-2024-41985 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 2.6 | LOW | — | 0 |
| CVE-2024-41986 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506)... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-20053 Improper buffer restrictions for some Intel(R) Xeon(R) Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. | 7.2 | HIGH | — | 0 |
| CVE-2025-20109 Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2025-21090 Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58714 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-32086 Improperly implemented security check for standard in the DDRIO configuration for some Intel(R) Xeon(R) 6 Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially ... | 7.2 | HIGH | — | 0 |
| CVE-2025-48989 Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-... | 7.5 | HIGH | — | 0 |
| CVE-2025-8671 A mismatch caused by client-triggered server-sent stream resets between HTTP/2 specifications and the internal architectures of some HTTP/2 implementations may result in excessive server resource cons... | 7.5 | HIGH | — | 0 |
| CVE-2025-32451 A memory corruption vulnerability exists in Foxit Reader 2025.1.0.27937 due to the use of an uninitialized pointer. A specially crafted Javascript code inside a malicious PDF document can trigger this... | 8.8 | HIGH | — | 0 |
| CVE-2025-55154 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-27 and 7.1.2-1, the magnified size calculations in ReadOneMNGIMage (in coders/pn... | 8.8 | HIGH | — | 0 |
| CVE-2025-55668 Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Olde... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-53859 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the s... | 3.7 | LOW | — | 0 |
| CVE-2025-55163 Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the ... | 7.5 | HIGH | — | 0 |
| CVE-2025-8941 A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to ... | 7.8 | HIGH | — | 0 |
| CVE-2025-23295 NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerabil... | 7.8 | HIGH | — | 0 |
| CVE-2025-34154 UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl paramete... | N/A | NONE | — | 0 |
| CVE-2025-21064 Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.