Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-6653 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-6654 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChan... | N/A | NONE | — | 0 |
| CVE-2025-6655 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-41418 Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-6656 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-6657 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-6658 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-6659 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChan... | N/A | NONE | — | 0 |
| CVE-2025-6660 PDF-XChange Editor GIF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PD... | N/A | NONE | — | 0 |
| CVE-2025-6661 PDF-XChange Editor App Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. ... | N/A | NONE | — | 0 |
| CVE-2025-6662 PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of P... | N/A | NONE | — | 0 |
| CVE-2025-6667 A vulnerability was found in code-projects Car Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of t... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-6668 A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /php_action/fetchSelectedBrand.php. The manipul... | 7.3 | HIGH | — | 0 |
| CVE-2025-6669 A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the inpu... | 3.7 | LOW | — | 0 |
| CVE-2025-6540 The web-cam plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slug’ parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escap... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-3863 The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to,... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-4334 The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5488 The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wmis' shortcode in all versions up to, and including, 2.2 due to insufficient input... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5535 The e.nigma buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5540 The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5559 The TimeZoneCalculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'timezonecalculator_output' shortcode in all versions up to, and including, 3.37 due to insuff... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5588 The Image Editor by Pixo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘download’ parameter in all versions up to, and including, 2.3.6 due to insufficient input sanitizati... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5590 The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user sup... | 8.8 | HIGH | — | 0 |
| CVE-2025-5812 The VG WORT METIS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gutenberg_save_post() function in all versions up to, and including, ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-6258 The WP SoundSystem plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpsstm-track shortcode in all versions up to, and including, 3.4.2 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6290 The Tournament Bracket Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bracket' shortcode in all versions up to, and including, 1.0.0 due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6378 The Responsive Food and Drink Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_pdf_menus shortcode in all versions up to, and including, 2.3 due to insuf... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6383 The WP-PhotoNav plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's photonav shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6538 The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitizatio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5275 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the privacy settings fields in all ve... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-5813 The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5929 The The Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘clientId’ parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5932 The Homerunner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.29. This is due to missing or incorrect nonce validation on the main_settings(... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-6537 The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘playicon_title’ parameter in all versions up to, and including, 1.2.00 due to insufficient input sanit... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-27361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in thhake Photo Express for Google allows Reflected XSS. This issue affects Photo Express for Google:... | 7.1 | HIGH | — | 0 |
| CVE-2025-6546 The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sani... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-6624 Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environme... | 7.2 | HIGH | — | 0 |
| CVE-2025-37101 A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical ... | 8.7 | HIGH | — | 0 |
| CVE-2025-52934 Rejected reason: Not a vulnerability. | N/A | NONE | — | 0 |
| CVE-2025-5338 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.7.1024 due to insufficient input sanitization ... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-5842 The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-49003 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" wh... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6212 The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Database module in versions 3.5.11 to 3.5.19 due to insufficient input sanitization and ou... | 7.2 | HIGH | — | 0 |
| CVE-2025-6561 Certain hybrid DVR models ((HBF-09KD and HBF-16NK)) from Hunt Electronic have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-6562 Certain hybrid DVR models (HBF-09KD and HBF-16NK) from Hunt Electronic have an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary OS commands and... | 8.8 | HIGH | — | 0 |
| CVE-2025-6693 A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sys_device_open/sys_device_read/sys_device_control/sys_device_init/sys_device_close/sys... | 7.8 | HIGH | — | 0 |
| CVE-2025-48921 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Open Social allows Cross Site Request Forgery.This issue affects Open Social: from 0.0.0 before 12.3.14, from 12.4.0 before 12.4.13. | 8.8 | HIGH | — | 0 |
| CVE-2025-48922 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal GLightbox allows Cross-Site Scripting (XSS).This issue affects GLightbox: from 0.0.0 before... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-48923 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Toc.Js allows Cross-Site Scripting (XSS).This issue affects Toc.Js: from 0.0.0 before 3.2.1... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-28993 Improper Control of Generation of Code ('Code Injection') vulnerability in Jose Content No Cache allows Code Injection. This issue affects Content No Cache: from n/a through 0.1.3. | 8.6 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.