Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-34195 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability duri... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34197 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named ubuntu... | 7.8 | HIGH | — | 0 |
| CVE-2025-34198 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951 and Application prior to 20.0.2368 (VA and SaaS deployments) contain shared, hardcoded SSH host private keys in t... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34200 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and... | 7.8 | HIGH | — | 0 |
| CVE-2025-34201 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) run many Docker containers on shared internal networks without firewalling or segmentation between... | 7.8 | HIGH | — | 0 |
| CVE-2025-34202 Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 25.2.169 and Application prior to 25.2.1518 (VA and SaaS deployments) expose Docker internal networks in a way that allows an attac... | 8.8 | HIGH | — | 0 |
| CVE-2025-57396 Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boole... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-34203 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1002 and Application versions prior to 20.0.2614 (VA and SaaS deployments) contain multiple Docker containers that in... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34204 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP worker... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34205 Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (VA and SaaS deployments) contains dangerous PHP dead code present in multiple... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-34206 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) mount host configuration and secret material under /var/www/efs_storage into many Docker container... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52159 Hardcoded credentials in default configuration of PPress 0.0.9. | 8.8 | HIGH | — | 0 |
| CVE-2025-59431 MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression chec... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-9079 Mattermost versions 10.8.x <= 10.8.3, 10.5.x <= 10.5.8, 9.11.x <= 9.11.17, 10.10.x <= 10.10.1, 10.9.x <= 10.9.3 fail to validate import directory path configuration which allows admin users to execute... | 8.0 | HIGH | — | 0 |
| CVE-2025-9081 Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using... | 3.1 | LOW | — | 0 |
| CVE-2025-10652 The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient esc... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-10002 The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the export_csv() function in all versions up to... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-10181 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'drafts' shortcode in all versions up to, and including, 2.6 due to insufficient input sanitization an... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-10305 The Secure Passkeys plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the delete_passkey() and passkeys_list() function in all versions up to, and includin... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10489 The SureForms – Drag and Drop Contact Form Builder – Multi-step Forms, Conversational Forms and more plugin for WordPress is vulnerable to unauthorized creation of forms due to a missing capability ch... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-9949 The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the lin... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-10658 The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 3.3.7. This is due to missing rate limiti... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-9882 The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function.... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-9883 The Browser Sniff plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on a function. This m... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-9887 The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8079 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.T... | 4.6 | MEDIUM | — | 0 |
| CVE-2025-10741 A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument u... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-40925 Starch versions 0.14 and earlier generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with a counter, the epoch time, the built-in rand function, the PID, and... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-10755 A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in un... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10758 A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulatio... | 2.4 | LOW | — | 0 |
| CVE-2025-10760 A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10761 A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive ... | 3.7 | LOW | — | 0 |
| CVE-2025-10762 A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10763 A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component ... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10764 A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action Syst... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10765 A security flaw has been discovered in SeriaWei ZKEACMS up to 4.3. This vulnerability affects the function CheckPage/Suggestions in the library cms-v4.3\wwwroot\Plugins\ZKEACMS.SEOSuggestions\ZKEACMS.... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10766 A weakness has been identified in SeriaWei ZKEACMS up to 4.3. This issue affects the function Download of the file EventViewerController.cs. Executing manipulation of the argument ID can lead to path ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-6544 A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handlin... | N/A | NONE | — | 0 |
| CVE-2025-10768 A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument co... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10009 Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja <= 5.11.72 allows attackers with admin credentials to execute arbitrary code on the server via uploaded .php files... | N/A | NONE | — | 0 |
| CVE-2025-10769 A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connecti... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-53692 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cross-S... | 7.1 | HIGH | — | 0 |
| CVE-2025-10767 A vulnerability was detected in CosmodiumCS OnlyRAT up to 3.2. The affected element is the function connect/remote_upload/remote_download of the file main.py of the component Configuration File Handle... | 4.5 | MEDIUM | — | 0 |
| CVE-2025-10770 A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manip... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10771 A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10772 A vulnerability was identified in huggingface LeRobot up to 0.3.3. Affected by this vulnerability is an unknown functionality of the file lerobot/common/robot_devices/robots/lekiwi_remote.py of the co... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-10773 A security flaw has been discovered in B-Link BL-AC2100 up to 1.0.3. Affected by this issue is the function delshrpath of the file /goform/set_delshrpath_cfg of the component Web Management Interface.... | 8.8 | HIGH | — | 0 |
| CVE-2025-10774 A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/sub_commit.php. This manipulation of the argument key causes os com... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10775 A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr lea... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-10776 A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component Login. Performing manipulation results in cleartext transmission of sens... | 3.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.