Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-9787 Zohocorp ManageEngine Applications Manager versions 177400 and below are vulnerable to Stored Cross-Site Scripting vulnerability in the NOC view. | 6.1 | MEDIUM | — | 0 |
| CVE-2008-7093 Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new ... | N/A | NONE | — | 0 |
| CVE-2025-63386 A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-63388 A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that ... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-63389 A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-63390 An authentication bypass vulnerability exists in AnythingLLM v1.8.5 in via the /api/workspaces endpoint. The endpoint fails to implement proper authentication checks, allowing unauthenticated remote a... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-63391 An authentication bypass vulnerability exists in Open-WebUI <=0.6.32 in the /api/config endpoint. The endpoint lacks proper authentication and authorization controls, exposing sensitive system configu... | 7.5 | HIGH | — | 0 |
| CVE-2008-7094 Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) ... | N/A | NONE | — | 0 |
| CVE-2009-2967 Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities ... | N/A | NONE | — | 0 |
| CVE-2009-2050 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message... | N/A | NONE | — | 0 |
| CVE-2025-14737 Command Injection vulnerability in TP-Link WA850RE (httpd modules) allows authenticated adjacent attacker to inject arbitrary commands.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_160922. | 8.0 | HIGH | — | 0 |
| CVE-2025-14738 Improper authentication vulnerability in TP-Link WA850RE (httpd modules) allows unauthenticated attackers to download the configuration file.This issue affects: ≤ WA850RE V2_160527, ≤ WA850RE V3_... | 7.5 | HIGH | — | 0 |
| CVE-2025-56157 Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-63387 Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials o... | 7.5 | HIGH | — | 0 |
| CVE-2025-68161 The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-64676 '.../...//' in Microsoft Purview allows an authorized attacker to execute code over a network. | 7.2 | HIGH | — | 0 |
| CVE-2025-68398 Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-9003 A vulnerability has been found in D-Link DIR-818LW 1.04. This vulnerability affects unknown code of the file /bsc_lan.php of the component DHCP Reserved Address Handler. The manipulation of the argume... | 3.5 | LOW | — | 0 |
| CVE-2025-14071 The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the ... | 7.5 | HIGH | — | 0 |
| CVE-2009-2051 Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x bef... | N/A | NONE | — | 0 |
| CVE-2009-2052 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6... | N/A | NONE | — | 0 |
| CVE-2025-9004 A vulnerability was found in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /settings/password. The manipulation leads to improper restriction of excessive authenticat... | 3.7 | LOW | — | 0 |
| CVE-2025-12514 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open ticket... | 7.2 | HIGH | — | 0 |
| CVE-2025-54890 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hostgroup configuration page) allows Stored XSS by users with ... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-8460 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Notification rules, Open tickets module) allows Stored XSS b... | 6.8 | MEDIUM | — | 0 |
| CVE-2009-2053 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial... | N/A | NONE | — | 0 |
| CVE-2023-53965 SOUND4 Server Service 4.1.102 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can exploit ... | 8.4 | HIGH | — | 0 |
| CVE-2024-24844 Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elemen... | 7.5 | HIGH | — | 0 |
| CVE-2025-59886 Improper input validation at one of the endpoints of Eaton xComfort ECI's web interface, could lead into an attacker with network access to the device executing privileged user commands. As cybersec... | 8.8 | HIGH | — | 0 |
| CVE-2009-2054 Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a de... | N/A | NONE | — | 0 |
| CVE-2025-14920 Hugging Face Transformers Perceiver Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected instal... | N/A | NONE | — | 0 |
| CVE-2025-14921 Hugging Face Transformers Transformer-XL Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected i... | N/A | NONE | — | 0 |
| CVE-2025-14928 Hugging Face Transformers HuBERT convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hu... | N/A | NONE | — | 0 |
| CVE-2025-14929 Hugging Face Transformers X-CLIP Checkpoint Conversion Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on af... | N/A | NONE | — | 0 |
| CVE-2025-14930 Hugging Face Transformers GLM4 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ... | N/A | NONE | — | 0 |
| CVE-2025-14406 Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Deskt... | N/A | NONE | — | 0 |
| CVE-2025-14407 Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-14408 Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sod... | N/A | NONE | — | 0 |
| CVE-2025-14409 Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF De... | N/A | NONE | — | 0 |
| CVE-2025-14410 Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sod... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-14411 Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sod... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-14412 Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Deskto... | N/A | NONE | — | 0 |
| CVE-2025-14415 Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop.... | 7.8 | HIGH | — | 0 |
| CVE-2025-14422 GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is ... | N/A | NONE | — | 0 |
| CVE-2025-14423 GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inte... | N/A | NONE | — | 0 |
| CVE-2025-14424 GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is re... | N/A | NONE | — | 0 |
| CVE-2025-14425 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User inter... | N/A | NONE | — | 0 |
| CVE-2025-14488 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefe... | N/A | NONE | — | 0 |
| CVE-2025-14489 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefe... | N/A | NONE | — | 0 |
| CVE-2025-14490 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefe... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.