Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-31684 In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb st... | N/A | NONE | — | 0 |
| CVE-2026-6985 A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-42254 Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-42255 Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. | 7.2 | HIGH | — | 0 |
| CVE-2026-7026 A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name ... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-7027 A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to c... | 2.4 | LOW | — | 0 |
| CVE-2026-7038 A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently... | 3.3 | LOW | — | 0 |
| CVE-2018-25263 Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers... | 8.4 | HIGH | — | 0 |
| CVE-2018-25264 TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a p... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-4850 A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2018-25273 CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malici... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25281 iCash 7.6.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload through the Connect to Server dialog. Attackers can paste a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25282 Nmap 7.70 contains a denial of service vulnerability that allows local attackers to crash the application by processing malicious XML files with exponential entity expansion. Attackers can create a cr... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25283 iSmartViewPro 1.5 contains a structured exception handling (SEH) buffer overflow vulnerability in the 'Save Path for Snapshot and Record file' field that allows local attackers to execute arbitrary co... | 8.4 | HIGH | — | 0 |
| CVE-2018-25284 HD Tune Pro 5.70 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the folder/file name field. Attackers can trig... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25285 Fathom 2.4 contains a buffer overflow vulnerability in the Authorization Code field that allows local attackers to crash the application by submitting an oversized input string. Attackers can paste a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25286 Easy PhotoResQ 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Folder/filename field. Attackers can inp... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25287 Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a ... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25288 StyleWriter 1.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 6000-byte payload into the ... | 6.2 | MEDIUM | — | 0 |
| CVE-2018-25297 Wansview 1.0.2 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input strings. Attackers can inject 2000-byte payloads into the Came... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-7044 A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can b... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7045 A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-sprin... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7053 A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page res... | 8.8 | HIGH | — | 0 |
| CVE-2026-7054 A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the ar... | 8.8 | HIGH | — | 0 |
| CVE-2026-42363 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An atta... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-7071 A security vulnerability has been detected in CodeAstro Online Job Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /users/user-cvs/. The manipulation leads to file a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3006 Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level acces... | 7.0 | HIGH | — | 0 |
| CVE-2026-7106 The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscr... | 8.8 | HIGH | — | 0 |
| CVE-2026-3867 An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration fil... | N/A | NONE | — | 0 |
| CVE-2026-3868 An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interf... | N/A | NONE | — | 0 |
| CVE-2026-7099 A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2026-7100 A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overfl... | 8.8 | HIGH | — | 0 |
| CVE-2026-7112 A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-33453 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message h... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-7113 A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The mani... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-7122 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-7123 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-7124 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exec... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32688 Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib... | N/A | NONE | — | 0 |
| CVE-2026-41464 ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive d... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-41465 ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal seque... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-41466 ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only de... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-41467 ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file u... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-6970 authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either beca... | N/A | NONE | — | 0 |
| CVE-2026-7137 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-7138 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-30346 An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-30462 A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-38934 Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings... | 8.8 | HIGH | — | 0 |
| CVE-2026-38935 A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.