Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-52986 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause a... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-52988 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-52989 An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system conf... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-6549 An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-W... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47963 No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 6.3 | MEDIUM | — | 0 |
| CVE-2025-47964 Microsoft Edge (Chromium-based) Spoofing Vulnerability | 5.4 | MEDIUM | — | 0 |
| CVE-2025-24477 A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.4 through 7.2.12 allows an attacker to escalate its privileges via a specia... | 4.2 | MEDIUM | — | 0 |
| CVE-2025-4302 The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path. | 5.3 | MEDIUM | — | 0 |
| CVE-2009-2740 kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. | N/A | NONE | — | 0 |
| CVE-2025-45731 A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-44137 MapTiler Tileserver-php v2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles that are stored as files on the server via web requ... | 8.2 | HIGH | — | 0 |
| CVE-2025-4674 The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a re... | 8.6 | HIGH | — | 0 |
| CVE-2025-54832 OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-45769 php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-41375 SQL Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability allows an attacker to retrieve, create, update and delete database via 'token' parameter in '/index.php' endpoint. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-41376 CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.ph... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-54876 The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in ... | N/A | NONE | — | 0 |
| CVE-2025-48393 The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security iss... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-47907 Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being... | 7.0 | HIGH | — | 0 |
| CVE-2025-54888 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. In versions below 1.3.20, 1.4.0-dev.585 through 1.4.12, 1.5.0-dev.636 through 1.5.4, 1.6.0-dev.754 through 1.6... | N/A | NONE | — | 0 |
| CVE-2025-54500 An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). Note: Softwa... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-34153 Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The se... | N/A | NONE | — | 0 |
| CVE-2009-2857 The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to caus... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-49374 Server-Side Request Forgery (SSRF) vulnerability in captcha.eu Captcha.eu captcha-eu allows Server Side Request Forgery.This issue affects Captcha.eu: from n/a through <= 1.0.61. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-8113 The Ebook Store WordPress plugin before 5.8015 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in ol... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-38503 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion when building free space tree When building the free space tree with the block group tree feature enabled, we... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38514 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix oops due to non-existence of prealloc backlog struct If an AF_RXRPC service socket is opened and bound, but calls are p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38521 In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix kernel crash when hard resetting the GPU The GPU hard reset sequence calls pm_runtime_force_suspend() and pm_... | 7.1 | HIGH | — | 0 |
| CVE-2025-38540 In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B8... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-8098 An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | 7.8 | HIGH | — | 0 |
| CVE-2025-52094 Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component | 7.8 | HIGH | — | 0 |
| CVE-2025-38560 In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitiga... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-50864 An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-5115 In Eclipse Jetty, versions <=9.4.57, <=10.0.25, <=11.0.25, <=12.0.21, <=12.1.0.alpha2, an HTTP/2 client may trigger the server to send RST_STREAM frames, for example by sending frames that are malform... | 7.5 | HIGH | — | 0 |
| CVE-2025-55297 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. The BluFi example bundled in ESP-IDF was vulnerable to memory overflows in two areas: Wi-Fi credential handling and Diffie–Hell... | 8.8 | HIGH | — | 0 |
| CVE-2025-38670 In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change... | 7.1 | HIGH | — | 0 |
| CVE-2025-52095 An issue in PDQ Smart Deploy V.3.0.2040 allows an attacker to escalate privileges via the Credential encryption routines in SDCommon.dll | 9.8 | CRITICAL | — | 0 |
| CVE-2025-58335 In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was poss... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-54942 A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authen... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54943 A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper ac... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54944 An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file, which m... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54945 An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious file by ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-54946 A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-20703 In Modem, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-20704 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta... | 8.0 | HIGH | — | 0 |
| CVE-2025-20708 In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the a... | 8.8 | HIGH | — | 0 |
| CVE-2025-7974 rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authent... | 7.5 | HIGH | — | 0 |
| CVE-2025-9273 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.