Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-23861 Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with r... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1072 The Keybase.io Verification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.5. This is due to missing nonce validation when updating plugin s... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1304 The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficien... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1368 The Video Conferencing with Zoom WordPress plugin before 4.6.6 contains an AJAX handler that has its nonce verification commented out, allowing unauthenticated attackers to generate valid Zoom SDK sig... | 7.5 | HIGH | — | 0 |
| CVE-2026-1639 The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, an... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1906 The PDF Invoices & Packing Slips for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.6.0 via the `wpo_ips_edi_save_order_cust... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2023 The WP Plugin Info Card plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2.0. This is due to missing nonce validation in the ajax_save_custom_pl... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1943 The YayMail – WooCommerce Email Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 4.3.2 due to insufficient input sanitiza... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-25421 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE. | N/A | NONE | — | 0 |
| CVE-2026-2112 The Dam Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing nonce verification on the pending comment deletion act... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2419 The WP-DownloadManager plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.69 via the 'download_path' configuration parameter. This is due to insufficient vali... | 2.7 | LOW | — | 0 |
| CVE-2026-1649 The Community Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ce_venue_name' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitizat... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1656 The Business Directory Plugin for WordPress is vulnerable to authorization bypass due to a missing authorization check in all versions up to, and including, 6.4.20. This makes it possible for unauthen... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14799 The Brevo - Email, SMS, Web Push, Chat, and more. plugin for WordPress is vulnerable to authorization bypass due to type juggling in all versions up to, and including, 3.3.0. This is due to the use of... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-7630 Improper Restriction of Excessive Authentication Attempts, Improper Authentication vulnerability in Doruk Communication and Automation Industry and Trade Inc. Wispotter allows Password Brute Forcing, ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-8781 The Bookster – WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘raw’ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-1317 The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 7.37. This is due to insufficient escaping on the `fil... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1582 The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling... | 3.7 | LOW | — | 0 |
| CVE-2026-2386 The The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and inclu... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-14340 Cross-site scripting in REST Management Interface in Payara Server <4.1.2.191.54, <5.83.0, <6.34.0, <7.2026.1 allows an attacker to mislead the administrator to change the admin password via URL Paylo... | N/A | NONE | — | 0 |
| CVE-2026-23545 Missing Authorization vulnerability in Aruba.it Dev Aruba HiSpeed Cache aruba-hispeed-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aruba HiSpeed Cac... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23549 Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20986 Path traversal in Samsung Members prior to Chinese version 15.5.05.4 allows local attackers to overwrite data within Samsung Members. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23804 Missing Authorization vulnerability in BBR Plugins Better Business Reviews better-business-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Better Bus... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25363 Missing Authorization vulnerability in FooPlugins FooGallery foogallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FooGallery: from n/a through <= 3.1.1... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25000 Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a thro... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61645 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files include... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25349 ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-c... | 7.5 | HIGH | — | 0 |
| CVE-2025-61652 Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1. | N/A | NONE | — | 0 |
| CVE-2025-61653 Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php. This issue affects TextExtracts: from * before 1.39.14, 1.43.4, ... | N/A | NONE | — | 0 |
| CVE-2026-25432 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in omnipressteam Omnipress omnipress allows Stored XSS.This issue affects Omnipress: from n/a through... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25004 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Business Directory cm-business-directory allows Stored XSS.This issue af... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-10465 Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sens... | 8.8 | HIGH | — | 0 |
| CVE-2025-66608 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly validate URLs. An attacker could send specially crafted requests to steal file... | 7.5 | HIGH | — | 0 |
| CVE-2026-25305 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25313 Missing Authorization vulnerability in Shahjahan Jewel FluentForm fluentform allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through <= ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1760 A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive heade... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24687 Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems file... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15288 Tanium addressed an improper access controls vulnerability in Interact. | 3.1 | LOW | — | 0 |
| CVE-2026-24845 malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 0.10.0 and prior to version 1.20.3, malcontent could be made to expose Docker regis... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0963 An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-25063 gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution w... | 7.8 | HIGH | — | 0 |
| CVE-2026-25116 Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote use... | 7.6 | HIGH | — | 0 |
| CVE-2026-25126 PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validat... | 7.1 | HIGH | — | 0 |
| CVE-2025-15322 Tanium addressed an improper access controls vulnerability in Tanium Server. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0805 An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path tr... | 8.2 | HIGH | — | 0 |
| CVE-2026-1682 A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executin... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1683 A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component P... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1684 A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint. The manipul... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25050 Vendure is an open-source headless commerce platform. Prior to version 3.5.3, the `NativeAuthenticationStrategy.authenticate()` method is vulnerable to a timing attack that allows attackers to enumera... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.