Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-24766 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the `/api/v2/meta/conne... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-23566 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23567 An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23568 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent n... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23569 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak sta... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23570 A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23571 A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated att... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-22764 Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1595 A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1596 A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes com... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-45160 A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24780 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platfor... | 8.8 | HIGH | — | 0 |
| CVE-2026-1453 A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1601 A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-47399 Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | 7.8 | HIGH | — | 0 |
| CVE-2026-1498 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed a... | N/A | NONE | — | 0 |
| CVE-2025-9226 Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | 4.6 | MEDIUM | — | 0 |
| CVE-2024-4027 A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. Th... | 7.5 | HIGH | — | 0 |
| CVE-2025-4686 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess... | 8.6 | HIGH | — | 0 |
| CVE-2025-7964 After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state... | N/A | NONE | — | 0 |
| CVE-2026-1686 A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argum... | 8.8 | HIGH | — | 0 |
| CVE-2026-1687 A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-1688 A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument U... | 7.3 | HIGH | — | 0 |
| CVE-2025-11175 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension a... | N/A | NONE | — | 0 |
| CVE-2026-23835 LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowin... | N/A | NONE | — | 0 |
| CVE-2025-24293 # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The d... | N/A | NONE | — | 0 |
| CVE-2026-1723 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498... | N/A | NONE | — | 0 |
| CVE-2026-25130 Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-36098 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resou... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36123 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36184 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unn... | 7.2 | HIGH | — | 0 |
| CVE-2025-36353 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special el... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-1705 A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argum... | 2.4 | LOW | — | 0 |
| CVE-2020-37032 Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send... | 8.8 | HIGH | — | 0 |
| CVE-2020-37033 Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulne... | 8.2 | HIGH | — | 0 |
| CVE-2020-37034 HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET re... | 7.5 | HIGH | — | 0 |
| CVE-2020-37035 e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject... | 8.2 | HIGH | — | 0 |
| CVE-2020-37036 RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payl... | 8.4 | HIGH | — | 0 |
| CVE-2020-37038 Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5... | 7.5 | HIGH | — | 0 |
| CVE-2020-37039 Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 800... | 7.5 | HIGH | — | 0 |
| CVE-2020-37040 Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vu... | 8.4 | HIGH | — | 0 |
| CVE-2025-47398 Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. | 7.8 | HIGH | — | 0 |
| CVE-2025-71186 In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux pl... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-71182 In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23038 In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versio... | N/A | NONE | — | 0 |
| CVE-2026-23039 In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets bo... | N/A | NONE | — | 0 |
| CVE-2025-14554 The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to... | 7.2 | HIGH | — | 0 |
| CVE-2026-1165 The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish_unpublish_popup... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25069 SunFounder Pironman Dashboard (pm_dashboard) version 1.3.13 and prior contain a path traversal vulnerability in the log file API endpoints. An unauthenticated remote attacker can supply traversal sequ... | N/A | NONE | — | 0 |
| CVE-2021-47856 Easy Cart Shopping Cart 2021 contains a non-persistent cross-site scripting vulnerability in the search module's keyword parameter. Remote attackers can inject malicious script code through the search... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.