Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-13648 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript by injec... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-13649 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the vulnerable software could ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-47205 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-8668 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd.... | 9.4 | CRITICAL | — | 0 |
| CVE-2019-25308 Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code wi... | 7.8 | HIGH | — | 0 |
| CVE-2025-69873 ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Poin... | 2.9 | LOW | — | 0 |
| CVE-2025-70296 A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-70297 A stored cross-site scripting (XSS) vulnerability in the recipe asset upload and media serving component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary web script or HTML via an... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2321 Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HT... | 8.8 | HIGH | — | 0 |
| CVE-2024-26477 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the api parameter of the oauth, amazon_sns, export endpoints. | 7.5 | HIGH | — | 0 |
| CVE-2024-26478 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-26479 An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the Command execution function. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26014 Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for r... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-26019 LangChain is a framework for building LLM-powered applications. Prior to 1.1.14, the RecursiveUrlLoader class in @langchain/community is a web crawler that recursively follows links from a starting UR... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-1669 Arbitrary file read in the model loading mechanism (HDF5 integration) in Keras versions 3.0.0 through 3.13.1 on all supported platforms allows a remote attacker to read local files and disclose sensit... | 7.5 | HIGH | — | 0 |
| CVE-2026-20601 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | 3.3 | LOW | — | 0 |
| CVE-2025-41117 Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack tra... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-21722 Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10969 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13002 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Cross-Site Scripting (X... | 8.2 | HIGH | — | 0 |
| CVE-2025-13004 Authorization Bypass Through User-Controlled Key vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Manipulating User-Controlled Variables.This issue affects E-Commer... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2003 Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confiden... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-26219 newbee-mall stores and verifies user passwords using an unsalted MD5 hashing algorithm. The implementation does not incorporate per-user salts or computational cost controls, enabling attackers who ob... | 9.1 | CRITICAL | — | 0 |
| CVE-2019-25344 Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original Mobil... | 7.8 | HIGH | — | 0 |
| CVE-2019-25346 TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25347 thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 t... | 7.5 | HIGH | — | 0 |
| CVE-2025-67433 A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service (DoS) via a crafted DATA packet. | 7.5 | HIGH | — | 0 |
| CVE-2026-24894 FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24895 FrankenPHP is a modern application server for PHP. Prior to 1.11.2, FrankenPHP’s CGI path splitting logic improperly handles Unicode characters during case conversion. The logic computes the split ind... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-25949 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint re... | 7.5 | HIGH | — | 0 |
| CVE-2026-26069 Scraparr is a Prometheus Exporter for various components of the *arr Suite. From 3.0.0-beta to before 3.0.2, when the Readarr integration was enabled, the exporter exposed the configured Readarr API k... | 7.5 | HIGH | — | 0 |
| CVE-2026-26075 FastGPT is an AI Agent building platform. Due to the fact that FastGPT's web page acquisition nodes, HTTP nodes, etc. need to initiate data acquisition requests from the server, there are certain secu... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-26076 ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enable... | 7.5 | HIGH | — | 0 |
| CVE-2026-26185 Directus is a real-time API and App dashboard for managing SQL database content. Before 11.14.1, a timing-based user enumeration vulnerability exists in the password reset functionality. When an inval... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-25321 FTP Navigator 8.03 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious ... | 9.8 | CRITICAL | — | 0 |
| CVE-2019-25329 FTP Navigator 8.03 contains a denial of service vulnerability that allows attackers to crash the application by overwriting Structured Exception Handler (SEH) with malicious input. Attackers can gener... | 7.5 | HIGH | — | 0 |
| CVE-2026-2026 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service (DoS) attacks. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26333 Calero VeraSMART versions prior to 2022 R1 expose an unauthenticated .NET Remoting HTTP service on TCP port 8001. The service publishes default ObjectURIs (including EndeavorServer.rem and RemoteFileR... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23115 In the Linux kernel, the following vulnerability has been resolved: serial: Fix not set tty->port race condition Revert commit bfc467db60b7 ("serial: remove redundant tty_port_link_device()") becaus... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-23120 In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot re... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23121 In the Linux kernel, the following vulnerability has been resolved: mISDN: annotate data-race around dev->work dev->work can re read locklessly in mISDN_read() and mISDN_poll(). Add READ_ONCE()/WRIT... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23122 In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestampi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23123 In the Linux kernel, the following vulnerability has been resolved: interconnect: debugfs: initialize src_node and dst_node to empty strings The debugfs_create_str() API assumes that the string poin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23140 In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Subtract size of xdp_frame from allowed metadata size The xdp_frame structure takes up part of the XDP frame headro... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23132 In the Linux kernel, the following vulnerability has been resolved: drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind Fix several issues in dw_dp_bind() error handling: 1. Missing return a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23133 In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_u... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23134 In the Linux kernel, the following vulnerability has been resolved: slab: fix kmalloc_nolock() context check for PREEMPT_RT On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current che... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23135 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix dma_free_coherent() pointer dma_alloc_coherent() allocates a DMA mapped buffer and stores the addresses in XXX_u... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27094 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through <= 3.1.1... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23147 In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix the folio leak on S390 hardware acceleration [BUG] After commit aa60fe12b4f4 ("btrfs: zlib: refactor S390x HW acc... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.