Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-62968 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sayan Datta WP Last Modified Info wp-last-modified-info allows Stored XSS.This issue affects WP La... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-62973 Missing Authorization vulnerability in Themekraft BuddyForms buddyforms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects BuddyForms: from n/a through <= 2.9.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-62974 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoSchedule Headline Analyzer headline-analyzer allows Stored XSS.This issue affects Headline Analy... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-62979 Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-62972 Missing Authorization vulnerability in WPWebinarSystem WebinarPress wp-webinarsystem allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebinarPress: from n/a t... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-62987 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Builderall Builderall Builder for WordPress builderall-cheetah-for-wp allows Stored XSS.This issue... | 6.5 | MEDIUM | — | 0 |
| CVE-2006-1601 Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors. | N/A | NONE | — | 0 |
| CVE-2025-10023 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Services Meta-services modules) allows Stored XSS by users wit... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-43024 A GUI dialog of an application allows to view what files are in the file system without proper authorization. | 7.5 | HIGH | — | 0 |
| CVE-2025-43017 HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | 9.8 | CRITICAL | — | 0 |
| CVE-2008-7072 Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter. | N/A | NONE | — | 0 |
| CVE-2025-60075 Cross-Site Request Forgery (CSRF) vulnerability in Allegro Marketing hpb seo plugin for WordPress hpbseo allows Reflected XSS.This issue affects hpb seo plugin for WordPress: from n/a through <= 3.0.1... | 7.1 | HIGH | — | 0 |
| CVE-2025-64194 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Eduma eduma allows Stored XSS.This issue affects Eduma: from n/a through <= 5.7.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64195 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress Eduma eduma allows PHP Local File Inclusion.This issue affects Eduma:... | 7.5 | HIGH | — | 0 |
| CVE-2025-64197 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sizam Rehub rehub-theme allows Stored XSS.This issue affects Rehub: from n/a through < 19.9.9.1. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64200 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Email Template Customizer for WooCommerce email-template-customizer-for-woo allows Stor... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-64202 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TieLabs Sahifa sahifa allows DOM-Based XSS.This issue affects Sahifa: from n/a through < 5.8.6. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64210 Missing Authorization vulnerability in StylemixThemes Masterstudy Elementor Widgets masterstudy-elementor-widgets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-64216 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeSphere SmartMag smart-mag allows PHP Local File Inclusion.This issue affec... | 7.5 | HIGH | — | 0 |
| CVE-2025-64219 Missing Authorization vulnerability in Strategy11 Team Business Directory business-directory-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Business ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-64220 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReyCommerce Rey Core rey-core allows Stored XSS.This issue affects Rey Core: from n/a through <= 3... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64228 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Retrieve Embedded Sensitive Data.This issue affects SUMO Af... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-64229 Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client In... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-64283 Authorization Bypass Through User-Controlled Key vulnerability in Rometheme RTMKit rometheme-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RT... | 6.5 | MEDIUM | — | 0 |
| CVE-2006-0341 Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | N/A | NONE | — | 0 |
| CVE-2025-64291 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Premmerce Premmerce User Roles premmerce-user-roles allows Stored XSS.This issue affects Premmerce... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-47912 The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host compone... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-58185 Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-58187 Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arb... | 7.5 | HIGH | — | 0 |
| CVE-2025-58188 Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbi... | 7.5 | HIGH | — | 0 |
| CVE-2025-58189 When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-61723 The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. | 7.5 | HIGH | — | 0 |
| CVE-2025-61724 The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-46363 Dell Secure Connect Gateway (SCG) 5.0 Application and Appliance version(s) 5.26.00.00 - 5.30.00.00, contain a Relative Path Traversal vulnerability in the SCG exposed for an internal collection downlo... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-64353 Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3. | 8.8 | HIGH | — | 0 |
| CVE-2025-64354 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a throug... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64356 Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Cod... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-64361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64362 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a th... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64363 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo:... | 7.5 | HIGH | — | 0 |
| CVE-2025-64367 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adrian Tobey Groundhogg groundhogg allows Stored XSS.This issue affects Groundhogg: from n/a throu... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-6075 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-63443 School Management System PHP v1.0 is vulnerable to Cross Site Scripting (XSS) in /login.php via the password parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-11761 A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. HP is releasing s... | 7.8 | HIGH | — | 0 |
| CVE-2025-60503 A cross-site scripting (XSS) vulnerability exists in the administrative interface of ultimatefosters UltimatePOS 4.8 where input submitted in the purchase functionality is reflected without proper esc... | 8.7 | HIGH | — | 0 |
| CVE-2025-60785 A remote code execution (RCE) vulnerability in the Postgres Drivers component of iceScrum v7.54 Pro On-prem allows attackers to execute arbitrary code via a crafted HTML page. | 8.8 | HIGH | — | 0 |
| CVE-2025-64366 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.Thi... | 7.6 | HIGH | — | 0 |
| CVE-2006-0095 dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a crypt... | N/A | NONE | — | 0 |
| CVE-2025-63441 Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends. | 7.3 | HIGH | — | 0 |
| CVE-2025-20727 In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the atta... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.