Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-52026 An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashi... | 7.5 | HIGH | — | 0 |
| CVE-2026-1386 A UNIX symbolic link following issue in the jailer component in Firecracker version v1.13.1 and earlier and 1.14.0 on Linux may allow a local host user with write access to the pre-created jailer dir... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-70457 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file con... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70458 A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because t... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-12780 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-0991 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-24127 Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24128 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24136 Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24139 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete applica... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24140 MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient in... | 2.7 | LOW | — | 0 |
| CVE-2026-24474 Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `i... | N/A | NONE | — | 0 |
| CVE-2026-22582 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulatio... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22583 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulati... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22585 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Web... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22586 Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24399 ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an <ifr... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-24402 Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE CNA rules](h... | N/A | NONE | — | 0 |
| CVE-2026-24403 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidat... | 7.1 | HIGH | — | 0 |
| CVE-2026-24404 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereferenc... | 7.1 | HIGH | — | 0 |
| CVE-2026-24405 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalcu... | 8.8 | HIGH | — | 0 |
| CVE-2026-24406 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamed... | 8.8 | HIGH | — | 0 |
| CVE-2026-24407 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs whe... | 7.1 | HIGH | — | 0 |
| CVE-2026-24401 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sendi... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24409 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2026-24410 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIc... | 7.1 | HIGH | — | 0 |
| CVE-2025-14973 The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to perform SQL injection attacks... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-24411 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXm... | 7.1 | HIGH | — | 0 |
| CVE-2026-24412 iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXm... | 8.8 | HIGH | — | 0 |
| CVE-2026-24421 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissio... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-13952 A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader compiler library. On certain platform... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24420 phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive permissio... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24422 phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1284 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attac... | 7.8 | HIGH | — | 0 |
| CVE-2026-24469 C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. ... | 7.5 | HIGH | — | 0 |
| CVE-2026-24642 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24643 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24644 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24645 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24646 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24647 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24648 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-24649 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2008-7158 Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) L... | N/A | NONE | — | 0 |
| CVE-2025-13374 The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up to, and including, 2.3.3. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-13676 The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output esc... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0633 The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due ... | 3.7 | LOW | — | 0 |
| CVE-2025-14629 The Alchemist Ajax Upload plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the 'delete_file' function in all versions up to, and including, 1... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14797 The Same Category Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget title placeholder functionality in all versions up to, and including, 1.1.19. This is due to th... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14843 The Wizit Gateway for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Order Cancellation in all versions up to, and including, 1.2.9. This is due to a lack of authenticatio... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.