Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-34295 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34296 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34321 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2025-34325 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | — | 0 |
| CVE-2026-21430 Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being forced to post an a... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-21431 Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of pub... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-21432 Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of p... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-21433 Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a cr... | 7.7 | HIGH | — | 0 |
| CVE-2026-21440 AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the serv... | N/A | NONE | — | 0 |
| CVE-2026-21445 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-21446 Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The underlying API endpoints ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21447 Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated custome... | 7.1 | HIGH | — | 0 |
| CVE-2026-21448 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add address` step th... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21449 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user. Version 2.3.10 f... | 8.8 | HIGH | — | 0 |
| CVE-2026-21450 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another e... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-21451 Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the platform norm... | 8.4 | HIGH | — | 0 |
| CVE-2025-64119 A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9. | N/A | NONE | — | 0 |
| CVE-2025-14830 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactor... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-14124 The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL in... | 8.6 | HIGH | — | 0 |
| CVE-2025-15459 A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Such manipulation of the argument passwd1 leads to b... | 8.8 | HIGH | — | 0 |
| CVE-2025-15460 A vulnerability was detected in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in... | 8.8 | HIGH | — | 0 |
| CVE-2025-9543 The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site... | 3.5 | LOW | — | 0 |
| CVE-2025-15461 A flaw has been found in UTT 进取 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buf... | 8.8 | HIGH | — | 0 |
| CVE-2025-15462 A vulnerability has been found in UTT 进取 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflo... | 8.8 | HIGH | — | 0 |
| CVE-2025-68755 In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so r... | N/A | NONE | — | 0 |
| CVE-2025-15022 Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting (XSS) if caption content is derived from user input. In Vaadin Framework 7 and 8, th... | N/A | NONE | — | 0 |
| CVE-2025-68751 In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command. An i... | N/A | NONE | — | 0 |
| CVE-2025-68752 In the Linux kernel, the following vulnerability has been resolved: iavf: Implement settime64 with -EOPNOTSUPP ptp_clock_settime() assumes every ptp_clock has implemented settime64(). Stub it with -... | N/A | NONE | — | 0 |
| CVE-2025-68753 In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: add bounds check in put_user loop for DSP events In the DSP event handling code, a put_user() loop copies eve... | N/A | NONE | — | 0 |
| CVE-2025-68754 In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres a... | N/A | NONE | — | 0 |
| CVE-2025-68756 In the Linux kernel, the following vulnerability has been resolved: block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock blk_mq_{add,del}_queue_tag_set() functions add and rem... | N/A | NONE | — | 0 |
| CVE-2025-68757 In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released wi... | N/A | NONE | — | 0 |
| CVE-2025-68758 In the Linux kernel, the following vulnerability has been resolved: backlight: led-bl: Add devlink to supplier LEDs LED Backlight is a consumer of one or multiple LED class devices, but devlink is c... | N/A | NONE | — | 0 |
| CVE-2025-68759 In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets... | N/A | NONE | — | 0 |
| CVE-2025-68760 In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with t... | N/A | NONE | — | 0 |
| CVE-2025-68761 In the Linux kernel, the following vulnerability has been resolved: hfs: fix potential use after free in hfs_correct_next_unused_CNID() This code calls hfs_bnode_put(node) which drops the refcount a... | N/A | NONE | — | 0 |
| CVE-2025-27807 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Mode... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-68762 In the Linux kernel, the following vulnerability has been resolved: net: netpoll: initialize work queue before error checks Prevent a kernel warning when netconsole setup fails on devices with IFF_D... | N/A | NONE | — | 0 |
| CVE-2025-68763 In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned lo... | N/A | NONE | — | 0 |
| CVE-2025-68764 In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserv... | N/A | NONE | — | 0 |
| CVE-2025-68765 In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subseque... | N/A | NONE | — | 0 |
| CVE-2025-68766 In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2)... | N/A | NONE | — | 0 |
| CVE-2025-4776 The Phlox theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` HTML attribute in all versions up to, and including, 2.17.7 due to insufficient input sanitization and... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-64423 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a low privileged user (member) can see and ... | 8.8 | HIGH | — | 0 |
| CVE-2023-49186 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KlbTheme Machic Core allows DOM-Based XSS.This issue affects Machic Core: from n/a through ... | 7.1 | HIGH | — | 0 |
| CVE-2023-50897 Unrestricted Upload of File with Dangerous Type vulnerability in Meow Apps Media File Renamer allows Using Malicious Files.This issue affects Media File Renamer: from n/a through 5.7.7. | 9.1 | CRITICAL | — | 0 |
| CVE-2023-51513 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in INTINITUM FORM Geo Controller allows DOM-Based XSS.This issue affects Geo Controller: from ... | 6.5 | MEDIUM | — | 0 |
| CVE-2023-52212 Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager allows Cross Site Request Forgery.This issue affects WP Job Manager: from n/a through 2.0.0. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14346 WHILL Model C2 Electric Wheelchairs and Model F Power Chairs do not enforce authentication for Bluetooth connections. An attacker within range can pair with the device and issue movement commands, ove... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-10933 An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.