Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-50983 SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing ... | 8.3 | HIGH | — | 0 |
| CVE-2025-50984 diskover-web v2.3.0 Community Edition is vulnerable to multiple boolean-based blind SQL injection flaws in its Elasticsearch configuration form. Unsanitized user input in POST parameters such as ES_PA... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-20241 A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS ... | 7.4 | HIGH | — | 0 |
| CVE-2025-20262 A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenti... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-20290 A vulnerability in the logging feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches, Cisco Nexus 9000 Series Switches in standalone NX-OS mode, Cisco UCS 6400 Fabric Interconnects, Cis... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-20292 A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute a command injection attack on the underlying operating system of an affected device. To explo... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-20294 Multiple vulnerabilities in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with administrative privileges to perform command inj... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-20295 A vulnerability in the CLI of Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to read or create a file or overwrite any file on the file system o... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-20296 A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user o... | N/A | NONE | — | 0 |
| CVE-2025-20317 A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a... | 7.1 | HIGH | — | 0 |
| CVE-2025-20342 A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to co... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-20344 A vulnerability in the backup restore functionality of Cisco Nexus Dashboard could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. This vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-20347 A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive in... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-20348 A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive in... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-34157 Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a stored cross-site scripting (XSS) attack in the project creation workflow. An authenticated user with low privileges can create a projec... | 9.0 | CRITICAL | — | 0 |
| CVE-2025-51667 An issue was discovered in simple-admin-core v1.2.0 thru v1.6.7. The /sys-api/role/update interface in the simple-admin-core system has a limited SQL injection vulnerability, which may lead to partial... | 7.0 | HIGH | — | 0 |
| CVE-2025-34159 Coolify versions prior to v4.0.0-beta.420.6 are vulnerable to a remote code execution vulnerability in the application deployment workflow. The platform allows authenticated users, with low-level memb... | 8.8 | HIGH | — | 0 |
| CVE-2025-34161 Coolify versions prior to v4.0.0-beta.420.7 are vulnerable to a remote code execution vulnerability in the project deployment workflow. The platform allows authenticated users, with low-level member p... | 8.8 | HIGH | — | 0 |
| CVE-2025-50428 In RaspAP raspap-webgui 3.3.2 and earlier, a command injection vulnerability exists in the includes/hostapd.php script. The vulnerability is due to improper sanitizing of user input passed via the int... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-50977 A template injection vulnerability leading to reflected cross-site scripting (XSS) has been identified in version 1.7.1, requiring authenticated admin access for exploitation. The vulnerability exists... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-57821 Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.0, it is possible to craft a malformed URL that passes the "same origin" check, resulting in the user being re... | 4.2 | MEDIUM | — | 0 |
| CVE-2025-5187 A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-50979 NodeBB v4.3.0 is vulnerable to SQL injection in its search-categories API endpoint (/api/v3/search/categories). The search query parameter is not properly sanitized, allowing unauthenticated, remote a... | 8.6 | HIGH | — | 0 |
| CVE-2025-55495 Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58050 The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matchin... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-37777 O2OA v9.0.3 was discovered to contain a remote code execution (RCE) vulnerability via the mainOutput() function. | 8.8 | HIGH | — | 0 |
| CVE-2025-2246 An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have allowed unauthenticated users to access sensitive manual C... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-3601 An issue has been discovered in GitLab CE/EE affecting all versions from 8.15 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that could have could have allowed an authenticated user to caus... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-9344 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'uwp_profile' a... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-4225 An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthe... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-55582 D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authe... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-55618 In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered. | 7.3 | HIGH | — | 0 |
| CVE-2025-5101 An issue has been discovered in GitLab CE/EE affecting all versions before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that under certain conditions could have allowed an authenticated attacker... | 5.0 | MEDIUM | — | 0 |
| CVE-2023-7307 Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex e... | N/A | NONE | — | 0 |
| CVE-2023-7309 A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS b... | N/A | NONE | — | 0 |
| CVE-2024-13979 A SQL injection vulnerability exists in the St. Joe ERP system ("圣乔ERP系统") that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login en... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-13980 H3C Intelligent Management Center (IMC) versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState al... | N/A | NONE | — | 0 |
| CVE-2024-13981 LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This fla... | N/A | NONE | — | 0 |
| CVE-2024-13984 QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbit... | N/A | NONE | — | 0 |
| CVE-2024-13985 A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw... | N/A | NONE | — | 0 |
| CVE-2025-34160 AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input... | N/A | NONE | — | 0 |
| CVE-2025-34162 An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebS... | N/A | NONE | — | 0 |
| CVE-2025-34163 Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary... | N/A | NONE | — | 0 |
| CVE-2025-34520 An authentication bypass vulnerability in Arcserve Unified Data Protection (UDP) allows unauthenticated attackers to gain unauthorized access to protected functionality or user accounts. By manipulati... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34521 A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the Arcserve Unified Data Protection (UDP), where unsanitized user input is improperly reflected in HTTP responses. ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-34522 A heap-based buffer overflow vulnerability exists in the input parsing logic of Arcserve Unified Data Protection (UDP). This flaw can be triggered without authentication by sending specially crafted i... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34523 A heap-based buffer overflow vulnerability exists in the exists in the network-facing input handling routines of Arcserve Unified Data Protection (UDP). This flaw is reachable without authentication a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-36003 IBM Security Verify Governance Identity Manager 10.0.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are returned. This information could be used... | 7.5 | HIGH | — | 0 |
| CVE-2025-57845 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-34158. Reason: This candidate is a reservation duplicate of CVE-2025-34158. Notes: All CVE users should reference CVE-2025-34158... | N/A | NONE | — | 0 |
| CVE-2025-7812 The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.6. This is due to missing or incorrec... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.