Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-29104 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload v... | 2.7 | LOW | — | 0 |
| CVE-2026-29105 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an unauthenticated open redirect vulnera... | 5.4 | MEDIUM | — | 0 |
| CVE-2019-25625 Blob Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a te... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-22902 A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. W... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-29099 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `retrieve()` function in `include/OutboundEmail/Outbou... | 8.8 | HIGH | — | 0 |
| CVE-2026-33035 WWBN AVideo is an open source video platform. In versions 25.0 and below, there is a reflected XSS vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's bro... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33057 Mesop is a Python-based UI framework that allows users to build web applications. In versions 1.2.2 and below, an explicit web endpoint inside the ai/ testing module infrastructure directly ingests un... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27625 Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries... | 8.1 | HIGH | — | 0 |
| CVE-2026-3794 A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authe... | 7.3 | HIGH | — | 0 |
| CVE-2025-46597 Bitcoin Core 0.13.0 through 29.x has an integer overflow. | 7.5 | HIGH | — | 0 |
| CVE-2026-33130 Uptime Kuma is an open source, self-hosted monitoring tool. In versions 1.23.0 through 2.2.0, the fix from GHSA-vffh-c9pq-4crh doesn't fully work to preventServer-side Template Injection (SSTI). The t... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-44722 SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31381 An attacker can extract user email addresses (PII) exposed in base64 encoding via the state parameter in the OAuth callback URL. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31382 The error_description parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-33139 PySpector is a static analysis security testing (SAST) Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a security validation bypass in ... | 7.8 | HIGH | — | 0 |
| CVE-2019-25574 Green CMS 2.x contains a path traversal vulnerability that allows authenticated attackers to download arbitrary files and directories by injecting directory traversal sequences. Attackers can manipula... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-25583 RarmaRadio 2.72.3 contains a denial of service vulnerability in the Username field that allows local attackers to crash the application by submitting excessively long input. Attackers can paste a buff... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25584 RarmaRadio 2.72.3 contains a buffer overflow vulnerability in the Server field of the Network settings that allows local attackers to crash the application by supplying an excessively long string. Att... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-4591 A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4592 A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of ... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-24516 A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the... | 8.8 | HIGH | — | 0 |
| CVE-2026-30006 XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-30007 XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file | 6.2 | MEDIUM | — | 0 |
| CVE-2026-26209 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service (DoS) attack caused by unco... | N/A | NONE | — | 0 |
| CVE-2026-4624 A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a ... | 7.3 | HIGH | — | 0 |
| CVE-2026-27131 The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-2298 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement allows Web Services Protocol Manipulation. This issue affects ... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-32850 MailEnable versions prior to 10.55 contain a reflected cross-site scripting vulnerability in the webmail interface that allows remote attackers to execute arbitrary JavaScript in a victim's browser by... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3225 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4306 The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter... | 7.5 | HIGH | — | 0 |
| CVE-2026-4731 Integer Overflow or Wraparound vulnerability in artraweditor ART (rtengine modules). This vulnerability is associated with program files dcraw.C. This issue affects ART: before 1.25.12. | N/A | NONE | — | 0 |
| CVE-2026-4732 Out-of-bounds Read vulnerability in tildearrow furnace (extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C. This issue affects furnace: before 0.7. | N/A | NONE | — | 0 |
| CVE-2026-4733 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4734 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is ... | N/A | NONE | — | 0 |
| CVE-2026-4735 Deserialization of Untrusted Data vulnerability in DTStack chunjun (chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. T... | N/A | NONE | — | 0 |
| CVE-2026-4736 Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H,... | N/A | NONE | — | 0 |
| CVE-2026-3138 The Product Filter for WooCommerce by WBW plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check in all versions up to, and including, 3.1.2. This is due to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2019-25639 Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameter... | 8.2 | HIGH | — | 0 |
| CVE-2019-25640 Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code usin... | 8.2 | HIGH | — | 0 |
| CVE-2019-25642 Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can ... | 8.2 | HIGH | — | 0 |
| CVE-2019-25644 WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input. Atta... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25645 WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specia... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-27651 When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or APOP au... | 7.5 | HIGH | — | 0 |
| CVE-2026-27654 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may re... | 8.2 | HIGH | — | 0 |
| CVE-2026-27784 The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in its term... | 7.8 | HIGH | — | 0 |
| CVE-2026-28755 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and ssl_ocs... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-33483 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `aVideoEncoderChunk.json.php` endpoint is a completely standalone PHP script with no authentication, no framewor... | 7.5 | HIGH | — | 0 |
| CVE-2026-33485 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the RTMP `on_publish` callback at `plugin/Live/on_publish.php` is accessible without authentication. The `$_POST['na... | 7.5 | HIGH | — | 0 |
| CVE-2024-51222 A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via ... | 4.8 | MEDIUM | — | 0 |
| CVE-2024-51223 A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via ... | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.