Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-37122 SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file wit... | 7.5 | HIGH | — | 0 |
| CVE-2025-69212 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a critical OS Command Injection vulnerability exists in the P7M (signed XML) file dec... | 8.8 | HIGH | — | 0 |
| CVE-2025-69214 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajax_select.php endpoint when handling t... | 8.8 | HIGH | — | 0 |
| CVE-2025-69216 OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an authenticated SQL injection vulnerability in OpenSTAManager's Scadenzario (Payment... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24416 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the ar... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24417 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the gl... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24418 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk op... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25586 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the prope... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-25587 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escape... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-25641 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for acces... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-25643 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Friga... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25593 OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were la... | 8.4 | HIGH | — | 0 |
| CVE-2020-37146 ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's co... | 7.5 | HIGH | — | 0 |
| CVE-2020-37147 ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit... | 7.1 | HIGH | — | 0 |
| CVE-2020-37154 eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can l... | 7.1 | HIGH | — | 0 |
| CVE-2020-37155 Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte p... | 7.5 | HIGH | — | 0 |
| CVE-2020-37157 DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. A... | 7.5 | HIGH | — | 0 |
| CVE-2020-37159 Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craf... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37160 SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing ex... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-37163 QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject U... | 8.2 | HIGH | — | 0 |
| CVE-2025-15476 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to, and i... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15477 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to insufficient escaping ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1082 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings page form handler... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1573 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1608 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1611 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient inpu... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1613 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1643 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes i... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-2080 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injectio... | 7.2 | HIGH | — | 0 |
| CVE-2026-25859 Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations. | 8.8 | HIGH | — | 0 |
| CVE-2026-2084 A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os comma... | 7.2 | HIGH | — | 0 |
| CVE-2026-2085 A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulati... | 7.2 | HIGH | — | 0 |
| CVE-2026-2118 A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation ... | 7.2 | HIGH | — | 0 |
| CVE-2026-2120 A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of... | 7.2 | HIGH | — | 0 |
| CVE-2026-25084 Authentication for ZLAN5143D can be bypassed by directly accessing internal URLs. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15027 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-15100 The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user met... | 8.8 | HIGH | — | 0 |
| CVE-2026-2129 A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipst... | 7.2 | HIGH | — | 0 |
| CVE-2026-2205 A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to inform... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2206 A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Perform... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2207 A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2191 A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. ... | 7.2 | HIGH | — | 0 |
| CVE-2026-2192 A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start... | 7.2 | HIGH | — | 0 |
| CVE-2026-2193 A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injecti... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1959 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripción' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint. | N/A | NONE | — | 0 |
| CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint. | N/A | NONE | — | 0 |
| CVE-2026-2202 A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpe... | 8.8 | HIGH | — | 0 |
| CVE-2026-2203 A flaw has been found in Tenda AC8 16.03.33.05. Affected by this vulnerability is an unknown functionality of the file /goform/fast_setting_wifi_set of the component Embedded Httpd Service. This manip... | 8.8 | HIGH | — | 0 |
| CVE-2026-2210 A vulnerability has been found in D-Link DIR-823X 250416. This affects the function sub_4211C8 of the file /goform/set_filtering. Such manipulation leads to os command injection. The attack may be lau... | 7.2 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.