Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-26712 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0031 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges nee... | 8.4 | HIGH | — | 0 |
| CVE-2026-0032 In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg... | 7.8 | HIGH | — | 0 |
| CVE-2026-0034 In setPackageOrComponentEnabled of ManagedServices.java, there is a possible notification policy desync due to improper input validation. This could lead to local escalation of privilege with no addit... | 8.4 | HIGH | — | 0 |
| CVE-2026-0035 In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of priv... | 8.4 | HIGH | — | 0 |
| CVE-2026-0037 In multiple functions of ffa.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed.... | 8.4 | HIGH | — | 0 |
| CVE-2026-0038 In multiple functions of mem_protect.c, there is a possible way to execute arbitrary code due to a logic error in the code. This could lead to local escalation of privilege with no additional executio... | 8.4 | HIGH | — | 0 |
| CVE-2026-0047 In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege... | 8.4 | HIGH | — | 0 |
| CVE-2026-26709 code-projects Simple Gym Management System v1.0 is vulnerable to SQL Injection in /gym/trainer_search.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26710 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26711 code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25884 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found. The vulnerability ... | 8.1 | HIGH | — | 0 |
| CVE-2026-22455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in foreverpinetree Thebe thebe allows Reflected XSS.This issue affects Thebe: from n/a through <= 1.3... | 7.1 | HIGH | — | 0 |
| CVE-2026-27596 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulne... | 7.5 | HIGH | — | 0 |
| CVE-2026-27631 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulne... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2256 A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived inp... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3336 Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the fina... | 7.5 | HIGH | — | 0 |
| CVE-2026-3337 Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-26885 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | 2.7 | LOW | — | 0 |
| CVE-2026-3338 Improper signature validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes. Customers of A... | 7.5 | HIGH | — | 0 |
| CVE-2026-0754 An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP service provider if ... | N/A | NONE | — | 0 |
| CVE-2026-26886 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | 2.7 | LOW | — | 0 |
| CVE-2025-47147 Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the s... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-20757 Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command C... | 2.5 | LOW | — | 0 |
| CVE-2026-20801 Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access t... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-3449 Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently pendi... | 3.3 | LOW | — | 0 |
| CVE-2026-3455 Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker ca... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1874 Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electri... | N/A | NONE | — | 0 |
| CVE-2026-1876 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denia... | N/A | NONE | — | 0 |
| CVE-2025-15598 A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a... | 3.7 | LOW | — | 0 |
| CVE-2026-2568 The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all versions up to, and ... | 7.2 | HIGH | — | 0 |
| CVE-2025-59059 Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this issue. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59060 Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions <= 2.7.0. Users are recommended to upgrade to version 2.8.0, which fixes this i... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3351 Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd ser... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3342 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. ... | 7.2 | HIGH | — | 0 |
| CVE-2026-3343 A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3344 A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-64736 An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70821 renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20777 A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to... | 8.1 | HIGH | — | 0 |
| CVE-2026-22891 A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24103 A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25673 An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. `URLField.to_python()` in Django calls `urllib.parse.urlsplit()`, which performs NFKC normalization on Windows th... | 7.5 | HIGH | — | 0 |
| CVE-2026-3136 An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment. This vu... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25674 An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29. Race condition in file-system storage and file-based cache backends in Django allows an attacker to cause file sy... | 3.7 | LOW | — | 0 |
| CVE-2026-2637 iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing... | 7.8 | HIGH | — | 0 |
| CVE-2025-62814 An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2021-35483 The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileuploa... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-62815 An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-66363 An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.