Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-22041 Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string type... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22042 RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allow... | 8.8 | HIGH | — | 0 |
| CVE-2025-63611 Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the a... | 8.7 | HIGH | — | 0 |
| CVE-2025-67089 A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize us... | 8.1 | HIGH | — | 0 |
| CVE-2025-67090 The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechan... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-67091 An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67858 A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration... | N/A | NONE | — | 0 |
| CVE-2026-22244 OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must ... | 7.2 | HIGH | — | 0 |
| CVE-2026-22245 Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mec... | 7.5 | HIGH | — | 0 |
| CVE-2026-22255 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | — | 0 |
| CVE-2025-50334 An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | 7.5 | HIGH | — | 0 |
| CVE-2025-55125 This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | 7.8 | HIGH | — | 0 |
| CVE-2025-56424 An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script | 7.5 | HIGH | — | 0 |
| CVE-2025-59468 This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-59469 This vulnerability allows a Backup or Tape Operator to write files as root. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-59470 This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | 9.0 | CRITICAL | — | 0 |
| CVE-2026-0671 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).T... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21638 A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affec... | 8.8 | HIGH | — | 0 |
| CVE-2026-21639 A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Af... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14505 The ECDSA implementation of the Elliptic package generates incorrect signatures if an interim value of 'k' (as computed based on step 3.2 of RFC 6979 https://datatracker.ietf.org/doc/html/rfc6979 ) h... | 5.6 | MEDIUM | — | 0 |
| CVE-2025-14436 The Brevo for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_connection_id’ parameter in all versions up to, and including, 4.0.49 due to insufficient inpu... | 7.2 | HIGH | — | 0 |
| CVE-2026-0732 A vulnerability was found in D-Link DI-8200G 17.12.20A1. This affects an unknown function of the file /upgrade_filter.asp. The manipulation of the argument path results in command injection. The attac... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-22714 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Monaco Skin allows Cross-Site Scripting (XSS).This iss... | N/A | NONE | — | 0 |
| CVE-2026-22630 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22631 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22632 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22633 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22634 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22635 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22636 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-14886 The Japanized for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `order` REST API endpoint in all versions up to, and incl... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-40977 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the ‘subject’ ... | N/A | NONE | — | 0 |
| CVE-2025-13749 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is du... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14803 The NEX-Forms WordPress plugin before 9.1.8 does not sanitise and escape some of its settings. The NEX-Forms WordPress plugin before 9.1.8 can be configured in such a way that could allow subscriber... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-14574 The weDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.15 via the `/wp-json/wp/v2/docs/settings` REST API endpoint. This makes it pos... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14718 The Schedule Post Changes With PublishPress Future plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.9.3. This is due to the plugin not properly verify... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14720 The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14736 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.28.25. This is due to insufficient validation of user-supplied role ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14782 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.49.1 via the 'listen_for_csv_... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14893 The IndieWeb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Telephone' parameter in all versions up to, and including, 4.0.5 due to insufficient input sanitization and outp... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-14980 The BetterDocs plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.3 via the scripts() function. This makes it possible for authenticated att... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15019 The BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bialty_cs_alt' post meta in all versio... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-15055 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'notes' and 'resource' parameters in all versions up to, and including, 5.3.4 due to insufficient input... | 7.2 | HIGH | — | 0 |
| CVE-2025-15057 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fh` (fingerprint) parameter in all versions up to, and including, 5.3.3. This is due to insufficient i... | 7.2 | HIGH | — | 0 |
| CVE-2025-70974 Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-0563 The WP Google Street View (with 360° virtual tour) & Google maps + Local SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpgsv_map' shortcode in all versions up to, and ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-20968 Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code. | 6.7 | MEDIUM | — | 0 |
| CVE-2026-20969 Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20970 Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs. | 7.8 | HIGH | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.