Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2006-1682 Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly invol... | N/A | NONE | — | 0 |
| CVE-2006-1683 SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | N/A | NONE | — | 0 |
| CVE-2025-58871 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luis Rock Master Paper Collapse Toggle master-paper-collapse-toggle allows Stored XSS.This issue a... | 6.5 | MEDIUM | — | 0 |
| CVE-2006-1684 Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2006-1685 Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and... | N/A | NONE | — | 0 |
| CVE-2006-1686 Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. | N/A | NONE | — | 0 |
| CVE-2006-1687 Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably invo... | N/A | NONE | — | 0 |
| CVE-2006-1688 Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allow remote attackers to execute arbitrary PHP code via a URL in ... | N/A | NONE | — | 0 |
| CVE-2006-1689 Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | N/A | NONE | — | 0 |
| CVE-2025-58872 Insertion of Sensitive Information Into Sent Data vulnerability in premiumbizthemes Simple Price Calculator simple-price-calculator-basic allows Retrieve Embedded Sensitive Data.This issue affects Sim... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58873 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web P... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-58875 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu WP Github Gist wp-github-gist allows Stored XSS.This issue affects WP Github Gist: fro... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58876 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Aghdam Aparat Video Shortcode aparat-shortcode allows Stored XSS.This issue affects Aparat Vid... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58878 Cross-Site Request Forgery (CSRF) vulnerability in usamafarooq Woocommerce Gifts Product woo-gift-product allows Cross Site Request Forgery.This issue affects Woocommerce Gifts Product: from n/a throu... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58880 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reubenthiessen Translate This gTranslate Shortcode translate-this-google-translate-web-element-sho... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58881 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New S... | 8.5 | HIGH | — | 0 |
| CVE-2025-58882 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in w1zzard Simple Text Slider simple-text-slider allows Stored XSS.This issue affects Simple Text Sli... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-58883 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Harris Search Cloud One search-cloud-one allows Stored XSS.This issue affects Search Cloud ... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-58884 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivan Drago vipdrv vipdrv-vip-test-drive allows Stored XSS.This issue affects vipdrv: from n/a thro... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-58886 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tan Nguyen Instant Locations instant-locations allows Stored XSS.This issue affects Instant Locati... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-27003 Cross-Site Request Forgery (CSRF) vulnerability in fullworks Quick Paypal Payments quick-paypal-payments allows Cross Site Request Forgery.This issue affects Quick Paypal Payments: from n/a through <=... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-48104 Cross-Site Request Forgery (CSRF) vulnerability in ericzane Floating Window Music Player floating-window-music-player allows Stored XSS.This issue affects Floating Window Music Player: from n/a throug... | 7.1 | HIGH | — | 0 |
| CVE-2025-48105 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Boiardt Easy Flash Embed easy-flash-embed allows Stored XSS.This issue affects Easy Flash ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-48317 Path Traversal: '.../...//' vulnerability in Stefan Keller WooCommerce Payment Gateway for Saferpay woocommerce-payment-gateway-for-saferpay allows Path Traversal.This issue affects WooCommerce Paymen... | 7.5 | HIGH | — | 0 |
| CVE-2025-49401 Incorrect Privilege Assignment vulnerability in axiomthemes smart SEO smartSEO allows Privilege Escalation.This issue affects smart SEO: from n/a through <= 4.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-53307 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beaver Builder WordPress Assistant assistant allows Reflected XSS.This issue affects WordPress Ass... | 7.1 | HIGH | — | 0 |
| CVE-2025-53571 Missing Authorization vulnerability in VillaTheme HAPPY happy-helpdesk-support-ticket-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HAPPY: from n/a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-54744 Missing Authorization vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ma... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-57889 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RealMag777 InPost Gallery inpost-gallery allows PHP Local File Inclusion.This i... | 7.5 | HIGH | — | 0 |
| CVE-2025-58206 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove MaxCoach maxcoach allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | — | 0 |
| CVE-2025-58214 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Indutri indutri allows PHP Local File Inclusion.This issue affects Indut... | 8.1 | HIGH | — | 0 |
| CVE-2025-58628 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from ... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-30875 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Froger WP Weixin wp-weixin allows Stored XSS.This issue affects WP Weixin: from n/a thro... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-32486 Weak Password Recovery Mechanism for Forgotten Password vulnerability in Hossein Material Dashboard material-dashboard.This issue affects Material Dashboard: from n/a through <= 1.4.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32688 Missing Authorization vulnerability in Nebojsa Target Video Easy Publish brid-video-easy-publish.This issue affects Target Video Easy Publish: from n/a through <= 3.8.9. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-39523 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in GoodBarber GoodBarber goodbarber.This issue affects GoodBarber: from n/a through <= 1.0.26. | 4.7 | MEDIUM | — | 0 |
| CVE-2025-39541 Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar wp-simple-booking-calendar.This issue affects WP Simple Booking Calendar: from n/a through <= 2.0.13. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-39553 Missing Authorization vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 5.0.9. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-47569 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card woocommerce-ultimate-gift-card allows Blind SQL Injection.... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-47570 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews.This issue affects WooCommerce Phot... | 7.1 | HIGH | — | 0 |
| CVE-2006-1060 Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YC... | N/A | NONE | — | 0 |
| CVE-2006-1690 Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. | N/A | NONE | — | 0 |
| CVE-2006-1691 SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php. | N/A | NONE | — | 0 |
| CVE-2006-1692 Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or ... | N/A | NONE | — | 0 |
| CVE-2006-1693 Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. | N/A | NONE | — | 0 |
| CVE-2026-27283 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... | 7.8 | HIGH | — | 0 |
| CVE-2025-47571 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder superstorefinder-wp allows PHP Local File Inclusi... | 7.5 | HIGH | — | 0 |
| CVE-2025-47579 Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through <= 7.7.2. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-47694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO: from n/a through ... | 7.1 | HIGH | — | 0 |
| CVE-2025-47695 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO blog-designer-pro.This issue affects Blog Designer PRO... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.