Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-61728 archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructe... | 6.5 | MEDIUM | — | 0 |
| CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attackers can expl... | 8.2 | HIGH | — | 0 |
| CVE-2025-68933 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, non-admin moderators with the `moderators_change_post_ownership` setting enabled can ch... | 6.9 | MEDIUM | — | 0 |
| CVE-2025-68934 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause O(n^2) proce... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69218 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can access the `top_uploads` admin report which should be restricted to admi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69289 Discourse is an open source discussion platform. A privilege escalation vulnerability in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 allows a non-admin moderator to bypass email-change... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-71002 A floating-point exception (FPE) in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21865 Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, moderators can convert some personal messages to public topics when they shouldn't have... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71003 An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | HIGH | — | 0 |
| CVE-2025-71004 A segmentation violation in the oneflow.logical_or component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71005 A floating point exception (FPE) in the oneflow.view component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71006 A floating point exception (FPE) in the oneflow.reshape component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-71007 An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | HIGH | — | 0 |
| CVE-2026-1532 A vulnerability was identified in D-Link DCS-700L 1.03.09. The affected element is the function uploadmusic of the file /setUploadMusic of the component Music File Upload Service. The manipulation of ... | 2.4 | LOW | — | 0 |
| CVE-2026-1533 A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-24767 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unpro... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-24768 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an unvalidated redirect (open redirect) vulnerability exists in NocoDB’s login flow due to missing validation of th... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24769 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a stored cross-site scripting (XSS) vulnerability exists in NocoDB’s attachment handling mechanism. Authenticated u... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-24856 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue ... | 7.8 | HIGH | — | 0 |
| CVE-2026-1544 A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in os com... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-15550 birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET re... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1548 A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command inject... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1549 A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1550 A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the compo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24897 Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient vali... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-1551 A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can l... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-27069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23566 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23567 An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23568 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent n... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23569 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak sta... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23570 A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23571 A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated att... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-22764 Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-37005 TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject ... | 7.1 | HIGH | — | 0 |
| CVE-2020-37006 berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a craf... | 8.2 | HIGH | — | 0 |
| CVE-2020-37007 Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to c... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37008 EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak inp... | 7.5 | HIGH | — | 0 |
| CVE-2020-37009 MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpo... | 8.8 | HIGH | — | 0 |
| CVE-2020-37010 BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37011 Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cra... | 7.5 | HIGH | — | 0 |
| CVE-2020-37012 Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious La... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1589 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch cause... | 7.3 | HIGH | — | 0 |
| CVE-2026-1590 A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql... | 7.3 | HIGH | — | 0 |
| CVE-2026-1593 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipul... | 7.3 | HIGH | — | 0 |
| CVE-2026-1594 A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2025-13905 CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installat... | N/A | NONE | — | 0 |
| CVE-2025-71011 An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0936 An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is pro... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-63652 A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.