Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-27191 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base origin without ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27212 Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in... | 7.8 | HIGH | — | 0 |
| CVE-2026-2861 A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is poss... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27206 Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27452 ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could leak the un... | 5.3 | MEDIUM | — | 0 |
| CVE-2019-25446 DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters... | 8.2 | HIGH | — | 0 |
| CVE-2026-27467 BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. ... | 2.0 | LOW | — | 0 |
| CVE-2026-27469 Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecti... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27470 ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the w... | 8.8 | HIGH | — | 0 |
| CVE-2019-25443 Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicio... | 8.2 | HIGH | — | 0 |
| CVE-2026-27485 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlink... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27486 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without v... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27487 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into ... | 7.6 | HIGH | — | 0 |
| CVE-2026-27488 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal ... | 7.3 | HIGH | — | 0 |
| CVE-2026-27576 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding them to chat.sen... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-2886 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer... | 8.8 | HIGH | — | 0 |
| CVE-2026-2894 A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to informa... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2904 A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack ca... | 8.8 | HIGH | — | 0 |
| CVE-2026-2905 A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2026-2906 A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argume... | 8.8 | HIGH | — | 0 |
| CVE-2026-2907 A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This m... | 8.8 | HIGH | — | 0 |
| CVE-2026-2908 A security vulnerability has been detected in Tenda HG9 300001138. Affected by this issue is some unknown functionality of the file /boaform/formLoopBack of the component Loopback Detection Configurat... | 8.8 | HIGH | — | 0 |
| CVE-2026-2909 A vulnerability was detected in Tenda HG9 300001138. This affects an unknown part of the file /boaform/formPing of the component Diagnostic Ping Endpoint. Performing a manipulation of the argument pin... | 8.8 | HIGH | — | 0 |
| CVE-2019-25450 Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can i... | 7.5 | HIGH | — | 0 |
| CVE-2019-25452 Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attacke... | 7.5 | HIGH | — | 0 |
| CVE-2019-25455 Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send ... | 7.5 | HIGH | — | 0 |
| CVE-2019-25456 Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can sen... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-2961 A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of ... | 8.8 | HIGH | — | 0 |
| CVE-2026-2962 A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. Th... | 8.8 | HIGH | — | 0 |
| CVE-2026-24494 SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70045 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in H... | 7.4 | HIGH | — | 0 |
| CVE-2026-2980 A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The... | 7.2 | HIGH | — | 0 |
| CVE-2026-2981 A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffe... | 8.8 | HIGH | — | 0 |
| CVE-2025-41002 SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' pa... | N/A | NONE | — | 0 |
| CVE-2025-40701 Reflected Cross-Site Scripting vulnerability in SOTESHOP, version 8.3.4. THis vulnerability allows an attacker execute JavaScript code in the victim's browser when a malicious URL with the 'id' parame... | N/A | NONE | — | 0 |
| CVE-2025-40986 Reflected Cross-Site Scripting (XSS) vulnerability in PideTuCita. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL using the ... | N/A | NONE | — | 0 |
| CVE-2025-59873 An information exposure vulnerability exists in Vulnerability in HCL Software ZIE for Web. The application transmits sensitive session tokens and authentication identifiers within the URL query para... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-63946 A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution re... | 7.4 | HIGH | — | 0 |
| CVE-2025-67733 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for ... | 8.5 | HIGH | — | 0 |
| CVE-2025-70329 TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameter... | 8.0 | HIGH | — | 0 |
| CVE-2026-21863 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid packet that may cause an ... | 7.5 | HIGH | — | 0 |
| CVE-2026-27623 Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to abort by triggering an asserti... | 7.5 | HIGH | — | 0 |
| CVE-2025-68930 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails t... | 7.1 | HIGH | — | 0 |
| CVE-2025-69247 free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability le... | 7.5 | HIGH | — | 0 |
| CVE-2025-69248 free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading to Denial of Se... | 7.5 | HIGH | — | 0 |
| CVE-2026-25649 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting an open redirect ... | 7.3 | HIGH | — | 0 |
| CVE-2026-25984 Rejected reason: This CVE was assigned in error. | N/A | NONE | — | 0 |
| CVE-2026-27163 Rejected reason: This CVE was assigned in error. | N/A | NONE | — | 0 |
| CVE-2026-27741 Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF token... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27742 Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforc... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.