Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-9847 A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestrict... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-9848 A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to ... | 7.3 | HIGH | — | 0 |
| CVE-2025-58164 Rejected reason: This CVE is a duplicate of another CVE, CVE-2025-58163. | N/A | NONE | — | 0 |
| CVE-2025-58165 Rejected reason: This CVE is a duplicate of another CVE, CVE-2025-58163. | N/A | NONE | — | 0 |
| CVE-2025-58166 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-58167 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-58168 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-58169 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-58170 Rejected reason: This CVE is a duplicate of another CVE. | N/A | NONE | — | 0 |
| CVE-2025-58176 Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability trigg... | 8.8 | HIGH | — | 0 |
| CVE-2025-9785 PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer ha... | N/A | NONE | — | 0 |
| CVE-2023-21466 PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-21469 Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-21028 Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21029 Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-21030 Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the backgrou... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-21031 Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-21032 Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-21033 Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-21034 Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-21036 Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. | 5.0 | MEDIUM | — | 0 |
| CVE-2025-21037 Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerabili... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-21038 Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-21039 Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-9378 The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all versions up to, and includin... | 6.4 | MEDIUM | — | 0 |
| CVE-2024-13063 Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.This issue affects MyRezzta: from s2.02.02 before v2.05.01. | 6.8 | MEDIUM | — | 0 |
| CVE-2024-13064 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).This issue affects MyRezzta: from s2.02... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-13065 Improper Enforcement of Behavioral Workflow, Uncontrolled Resource Consumption vulnerability in Akinsoft MyRezzta allows Input Data Manipulation, CAPEC - 125 - Flooding.This issue affects MyRezzta: fr... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1740 Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass, Password Recovery Exploitation, Brute Force.This issue affects MyRezzta: from... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-2415 Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | 8.6 | HIGH | — | 0 |
| CVE-2025-9219 The Post SMTP – WP SMTP Plugin with Email Logs and Mobile App for Failure Notifications – Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES and more plugin for WordPress is vulnerable to unauthorized... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-9821 SummaryUsers with webhook permissions can conduct SSRF via webhooks. If they have permission to view the webhook logs, the (partial) request response is also disclosed DetailsWhen sending webhooks, t... | 2.7 | LOW | — | 0 |
| CVE-2025-41000 Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is ba... | N/A | NONE | — | 0 |
| CVE-2024-13066 Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-53691 Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Remote Code Execution (RCE).This issue affects Experience Manager (XM): fr... | 8.8 | HIGH | — | 0 |
| CVE-2025-53693 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53694 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP).This issue affects Sitecore Experience Manager ... | 7.5 | HIGH | — | 0 |
| CVE-2025-9901 A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on reque... | 5.9 | MEDIUM | — | 0 |
| CVE-2024-13068 Origin Validation Error vulnerability in Akinsoft LimonDesk allows Forceful Browsing.This issue affects LimonDesk: from s1.02.14 before v1.02.17. | 7.3 | HIGH | — | 0 |
| CVE-2025-0878 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft LimonDesk allows Cross-Site Scripting (XSS).This issue affects LimonDesk: from s1.... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-47421 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.... | N/A | NONE | — | 0 |
| CVE-2025-9822 SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have ac... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-56608 The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getIn... | 4.2 | MEDIUM | — | 0 |
| CVE-2009-1445 Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/... | N/A | NONE | — | 0 |
| CVE-2009-1446 Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a... | N/A | NONE | — | 0 |
| CVE-2009-1447 Unrestricted file upload vulnerability in admin/editor/image.php in e-cart.biz Free Shopping Cart allows remote attackers to execute arbitrary code by uploading a file with an executable extension, th... | N/A | NONE | — | 0 |
| CVE-2008-6755 ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the apache user account, and sets the permissions to 0600, which makes it easier for remote attackers to modify this file by access... | N/A | NONE | — | 0 |
| CVE-2008-6756 ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file. | N/A | NONE | — | 0 |
| CVE-2009-1190 Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 throug... | N/A | NONE | — | 0 |
| CVE-2009-1448 Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net APRICOT, probably 1.20, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.