Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-41762 An unauthenticated attacker can abuse the weak hash of the backup generated by the wwwdnload.cgi endpoint to gain unauthorized access to sensitive data, including password hashes and certificates. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-41763 A low‑privileged remote attacker can directly interact with the wwwdnload.cgi endpoint to download any resource available to administrators, including system backups and certificate request files. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-41764 Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupdate.cgi endpoint to upload and apply arbitrary updates. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-41765 Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-61613 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | — | 0 |
| CVE-2025-61614 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | — | 0 |
| CVE-2025-61615 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | — | 0 |
| CVE-2025-61616 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | — | 0 |
| CVE-2025-40638 A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malici... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3814 A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in bu... | 8.8 | HIGH | — | 0 |
| CVE-2025-69219 A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct D... | 8.8 | HIGH | — | 0 |
| CVE-2026-25604 In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-3815 A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible... | 8.8 | HIGH | — | 0 |
| CVE-2025-15576 If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to... | 7.5 | HIGH | — | 0 |
| CVE-2025-14558 The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified. resolvconf(8) is a... | 7.2 | HIGH | — | 0 |
| CVE-2025-14769 In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is g... | 7.5 | HIGH | — | 0 |
| CVE-2025-15547 By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged u... | 8.8 | HIGH | — | 0 |
| CVE-2025-69647 GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readel... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-69648 GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes re... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-70059 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service. | 7.5 | HIGH | — | 0 |
| CVE-2025-70238 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52. | 7.5 | HIGH | — | 0 |
| CVE-2025-70243 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534. | 7.5 | HIGH | — | 0 |
| CVE-2025-70250 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup. | 7.5 | HIGH | — | 0 |
| CVE-2025-70040 An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29023 Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known sta... | 7.3 | HIGH | — | 0 |
| CVE-2026-30140 An incorrect access control vulnerability exists in Tenda W15E V02.03.01.26_cn. An unauthenticated attacker can access the /cgi-bin/DownloadCfg/RouterCfm.jpg endpoint to download the configuration fil... | 7.5 | HIGH | — | 0 |
| CVE-2025-62166 FreshRSS is a free, self-hostable RSS aggregator. Prior 1.28.0, a bug in the auth logic related to master authentication tokens, this restriction is bypassed. Usually only the default user's feed shou... | 7.5 | HIGH | — | 0 |
| CVE-2025-68402 FreshRSS is a free, self-hostable RSS aggregator. From 57e1a37 - 00f2f04, the lengths of the nonce was changed from 40 chars to 64. password_verify() is currently being called with a constructed strin... | N/A | NONE | — | 0 |
| CVE-2026-24310 Due to missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker could execute specific ABAP function module and read the sensitive information from database ... | 3.5 | LOW | — | 0 |
| CVE-2026-28432 Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerab... | 7.5 | HIGH | — | 0 |
| CVE-2026-28433 Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' da... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28493 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, an integer overflow vulnerability exists in the SIXEL decoer. The vulnerabili... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28494 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow exists in ImageMagick's morphology kern... | 7.1 | HIGH | — | 0 |
| CVE-2026-28686 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, A heap-buffer-overflow vulnerability exists in the PCL encode d... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28687 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap use-after-free vulnerability in ImageMagick's MSL decode... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28688 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a heap-use-after-free vulnerability exists in the MSL encoder, ... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28689 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/u... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-28690 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder... | 6.9 | MEDIUM | — | 0 |
| CVE-2026-28691 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an uninitialized pointer dereference vulnerability exists in th... | 7.5 | HIGH | — | 0 |
| CVE-2026-28692 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MAT decoder uses 32-bit arithmetic due to incorrect parenthesiz... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-28693 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an integer overflow in DIB coder can result in out of bounds re... | 8.1 | HIGH | — | 0 |
| CVE-2026-30883 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflo... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-30926 SiYuan is a personal knowledge management system. Prior to 3.5.10, a privilege escalation vulnerability exists in the publish service of SiYuan Note that allows low-privilege publish accounts (RoleRea... | 7.1 | HIGH | — | 0 |
| CVE-2026-30929 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, MagnifyImage uses a fixed-size stack buffer. When using a speci... | 7.7 | HIGH | — | 0 |
| CVE-2026-30931 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, a heap-based buffer overflow in the UHDR encoder can happen due to truncation... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-30935 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16, BilateralBlurImage contains a heap buffer over-read caused by an incorrect co... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-30936 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a crafted image could cause an out of bounds heap write inside ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30937 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a 32-bit unsigned integer overflow in the XWD (X Windows) encod... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-31802 node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink ta... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6, including 9.3.x and 8.3.x, do not restrict Groovy scripts in new PRPT reports published by users, allowing insertion of a... | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.