Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-7304 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7305 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54439 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | 8.8 | HIGH | — | 0 |
| CVE-2025-7306 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7307 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7308 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7309 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54440 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7310 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7311 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7312 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irf... | N/A | NONE | — | 0 |
| CVE-2025-7313 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54441 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | 8.8 | HIGH | — | 0 |
| CVE-2025-7314 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7315 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7316 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7317 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54442 Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7318 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7319 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irf... | N/A | NONE | — | 0 |
| CVE-2025-7320 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7321 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54443 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects Magi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-7322 IrfanView CADImage Plugin DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irf... | N/A | NONE | — | 0 |
| CVE-2025-7323 IrfanView CADImage Plugin DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-7324 IrfanView CADImage Plugin DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irf... | N/A | NONE | — | 0 |
| CVE-2025-7325 IrfanView CADImage Plugin DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Irfa... | N/A | NONE | — | 0 |
| CVE-2025-54127 HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54129 HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application returns a 200 response when requesting the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-54134 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an AP... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-7941 A vulnerability, which was classified as problematic, was found in PHPGurukul Time Table Generator System 1.0. Affected is an unknown function of the file /admin/profile.php. The manipulation of the a... | 3.5 | LOW | — | 0 |
| CVE-2025-7942 A vulnerability has been found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile... | 3.5 | LOW | — | 0 |
| CVE-2025-7943 A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-autoortaxi.php. T... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-7944 A vulnerability was found in PHPGurukul Taxi Stand Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /search.php. The manipulation of the argument ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-8326 A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID l... | 7.3 | HIGH | — | 0 |
| CVE-2025-52567 GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 0.84 through 10.0.18, usage of RSS feeds or ext... | 3.5 | LOW | — | 0 |
| CVE-2025-52897 GLPI is a Free Asset and IT Management Software package. In versions 9.1.0 through 10.0.18, an unauthenticated user can send a malicious link to attempt a phishing attack from the planning feature. Th... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-53008 GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versio... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54410 Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. A firewalld vulner... | 3.3 | LOW | — | 0 |
| CVE-2025-54430 dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerabilit... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-8312 Deadlock in PAM automatic check-in feature in Devolutions Server allows a password to remain valid beyond the end of its intended check-out period due to a deadlock occurring in the scheduling service... | 7.1 | HIGH | — | 0 |
| CVE-2025-54824 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2024-45515 An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53111 GLPI is a Free Asset and IT Management Software package. In versions 0.80 through 10.0.18, a lack of permission checks can result in unauthorized access to some resources. This is fixed in version 10.... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-53112 GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 9.1.0 through 10.0.18, a lack of permission chec... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-53113 GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. I... | 2.7 | LOW | — | 0 |
| CVE-2025-53357 GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. I... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-53944 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents. In v0.6.15 and below, the external API's get_graph_execution_results endpoint has an au... | 7.7 | HIGH | — | 0 |
| CVE-2025-54433 Bugsink is a self-hosted error tracking service. In versions 1.4.2 and below, 1.5.0 through 1.5.4, 1.6.0 through 1.6.3, and 1.7.0 through 1.7.3, ingestion paths construct file locations directly from... | N/A | NONE | — | 0 |
| CVE-2025-54825 Rejected reason: Not used | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.