Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-21593 An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based atta... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-21596 An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authent... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21599 A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Den... | 7.5 | HIGH | — | 0 |
| CVE-2025-21600 An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specific... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-45326 An Improper Access Control vulnerability [CWE-284] vulnerability in Fortinet FortiDeceptor 6.0.0, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions, FortiDeceptor 5.1 all versions, FortiD... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-21602 An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-21598 An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to... | 7.5 | HIGH | — | 0 |
| CVE-2025-0103 An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and... | 8.8 | HIGH | — | 0 |
| CVE-2025-0104 A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s browse... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-0105 An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-0106 A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-0107 An OS command injection vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclos... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57277 InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | 5.7 | MEDIUM | — | 0 |
| CVE-2025-21300 Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability | 7.5 | HIGH | — | 0 |
| CVE-2025-21389 Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-23366 A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is serv... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-35280 A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiDeceptor 5.3.0, FortiDeceptor 5.2.0, FortiDeceptor 5.1 all versions, FortiDeceptor... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-23206 The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC cust... | 8.1 | HIGH | — | 0 |
| CVE-2025-0395 When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer... | 6.2 | MEDIUM | — | 0 |
| CVE-2024-55929 A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-55930 Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | 6.7 | MEDIUM | — | 0 |
| CVE-2008-6986 SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers ... | N/A | NONE | — | 0 |
| CVE-2024-12104 The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wpf_delete_file and wp... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-52807 The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity... | 8.6 | HIGH | — | 0 |
| CVE-2024-11090 The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.13 via the WordPress core search feature. This m... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-55931 Xerox Workplace Suite stores tokens in session storage, which may expose them to potential access if a user's session is compromised. The patch for this vulnerability will be included in a future re... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-12647 Buffer overflow in CPCA font download processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12648 Buffer overflow in TIFF data EXIF tag processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being u... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-12649 Buffer overflow in XPS data font processing of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresp... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-23367 A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user wi... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-20634 In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, wit... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-25062 An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It doesn't sufficiently isolate long text content when the CKEditor 5 rich text editor is used. This allows a... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-25063 An XSS issue was discovered in Backdrop CMS 1.28.x before 1.28.5 and 1.29.x before 1.29.3. It does not sufficiently validate uploaded SVG images to ensure they do not contain potentially dangerous SVG... | 4.4 | MEDIUM | — | 0 |
| CVE-2008-6987 Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown... | N/A | NONE | — | 0 |
| CVE-2025-22978 eladmin <=2.7 is vulnerable to CSV Injection in the exception log download module. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-39564 This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evo... | 7.5 | HIGH | — | 0 |
| CVE-2025-23239 When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit ... | 8.7 | HIGH | — | 0 |
| CVE-2025-23419 When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-24319 When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22890 Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where... | 8.8 | HIGH | — | 0 |
| CVE-2025-20094 Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of th... | N/A | NONE | — | 0 |
| CVE-2025-48097 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affe... | 7.1 | HIGH | — | 0 |
| CVE-2025-22894 Unprotected Windows messaging channel ('Shatter') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker sends a specially crafted message to the specific process of th... | 8.8 | HIGH | — | 0 |
| CVE-2025-23236 Buffer overflow vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product i... | N/A | NONE | — | 0 |
| CVE-2025-24483 NULL pointer dereference vulnerability exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted data to the specific process of the Windows system wh... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-24845 Improper neutralization of argument delimiters in a command ('Argument Injection') issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker provides specially crafted dat... | 5.5 | MEDIUM | — | 0 |
| CVE-2009-3691 Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a... | N/A | NONE | — | 0 |
| CVE-2025-24976 Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to ... | N/A | NONE | — | 0 |
| CVE-2025-1555 A vulnerability classified as critical was found in hzmanyun Education and Training System 3.1.1. This vulnerability affects the function saveImage. The manipulation of the argument file leads to unre... | 7.3 | HIGH | — | 0 |
| CVE-2025-25200 Koa is expressive middleware for Node.js using ES2017 async functions. Prior to versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, Koa uses an evil regex to parse the `X-Forwarded-Proto` and `X-Forwar... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.