Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2020-37141 AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/mail... | 8.2 | HIGH | — | 0 |
| CVE-2026-23045 In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in en... | N/A | NONE | — | 0 |
| CVE-2026-23046 In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_... | N/A | NONE | — | 0 |
| CVE-2026-23047 In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be ... | N/A | NONE | — | 0 |
| CVE-2026-23048 In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer do... | N/A | NONE | — | 0 |
| CVE-2025-61917 n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() in the task runner allowed untrusted code to all... | 7.7 | HIGH | — | 0 |
| CVE-2025-71193 In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qusb2: Fix NULL pointer dereference on early suspend Enabling runtime PM before attaching the QPHY instance as driver da... | N/A | NONE | — | 0 |
| CVE-2026-23049 In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pane... | N/A | NONE | — | 0 |
| CVE-2026-23051 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather th... | N/A | NONE | — | 0 |
| CVE-2026-23052 In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mul... | N/A | NONE | — | 0 |
| CVE-2024-51451 IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25055 n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating ... | 8.1 | HIGH | — | 0 |
| CVE-2026-25056 n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or mod... | 8.8 | HIGH | — | 0 |
| CVE-2026-25115 n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execut... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-69213 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when han... | 8.8 | HIGH | — | 0 |
| CVE-2025-69215 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publica... | 8.8 | HIGH | — | 0 |
| CVE-2026-22044 GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22247 GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in... | 4.1 | MEDIUM | — | 0 |
| CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. ... | 7.8 | HIGH | — | 0 |
| CVE-2026-25157 OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a s... | 7.7 | HIGH | — | 0 |
| CVE-2026-25160 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing sto... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25161 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation hand... | 8.8 | HIGH | — | 0 |
| CVE-2026-25475 OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and direc... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13375 IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14079 The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability check... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1271 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1294 The All In One Image Viewer Block plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.2 due to missing authorization and URL validation on the i... | 7.2 | HIGH | — | 0 |
| CVE-2026-1654 The Peter's Date Countdown plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 2.0.0 due to insufficient... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1966 YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potent... | N/A | NONE | — | 0 |
| CVE-2026-23572 Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confir... | 7.2 | HIGH | — | 0 |
| CVE-2026-1523 Path Traversal vulnerability in Digitek ADT1100 and Digitek DT950 from PRIMION DIGITEK, S.L.U (Azkoyen Group). This vulnerability allows an attacker to access arbitrary files in the server's file syst... | N/A | NONE | — | 0 |
| CVE-2025-68721 Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and gain... | 8.1 | HIGH | — | 0 |
| CVE-2020-37118 P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web p... | 3.5 | LOW | — | 0 |
| CVE-2020-37119 Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious DNS ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37120 Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft a malicio... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37121 CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can c... | 5.5 | MEDIUM | — | 0 |
| CVE-2020-37123 Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37142 10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers ca... | 8.4 | HIGH | — | 0 |
| CVE-2020-37143 ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password ... | 7.5 | HIGH | — | 0 |
| CVE-2020-37144 Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submit... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37145 HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-37148 P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned ... | 3.5 | LOW | — | 0 |
| CVE-2020-37149 Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted form to the ... | 8.1 | HIGH | — | 0 |
| CVE-2020-37150 Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wirel... | 7.5 | HIGH | — | 0 |
| CVE-2026-0714 A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-0715 Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this i... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-15557 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted device-cloud communic... | 8.8 | HIGH | — | 0 |
| CVE-2025-47911 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HT... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15326 Tanium addressed an improper access controls vulnerability in Patch. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.