Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-0907 Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 9.8 | CRITICAL | — | 0 |
| CVE-2026-0908 Use after free in ANGLE in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 8.8 | HIGH | — | 0 |
| CVE-2026-23909 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23910 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23911 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23912 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23913 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23914 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23915 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23916 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-23917 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12573 The Bookingor WordPress plugin through 1.0.12 exposes authenticated AJAX actions without capability or nonce checks, allowing low-privileged users to delete Bookingor WordPress plugin through 1.0.12... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1042 The WP Hello Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'digit_one' and 'digit_two' parameters in all versions up to, and including, 1.02 due to insufficient input s... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1045 The Viet contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output esca... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1218 A vulnerability was detected in Bjskzy Zhiyou ERP up to 11.0. Impacted is the function initRCForm of the file RichClientService.class of the component com.artery.richclient.RichClientService. Performi... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-66523 URL parameters are directly embedded into JavaScript code or HTML attributes without proper encoding or sanitization. This allows attackers to inject arbitrary scripts when an authenticated user visit... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0895 The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since t... | N/A | NONE | — | 0 |
| CVE-2025-41768 An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation ('Cross-site Script... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-14533 The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-41084 Stored Cross-Site Scripting (XSS) vulnerability in Sesame web application, due to the fact that uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts in SVG ... | N/A | NONE | — | 0 |
| CVE-2025-14369 dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, al... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-40644 Reflected Cross-Site Scripting (XSS) vulnerability in Riftzilla's QRGen. This vulnerability allows an attavker to execute JavaScript code in the victim's browser by sending them a malicious URL using ... | N/A | NONE | — | 0 |
| CVE-2025-40679 HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/category_product_search', affecting... | N/A | NONE | — | 0 |
| CVE-2025-41024 Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-41025 Stored Cross-Site Scripting (XSS) in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-9278 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. After running a Burp Suite active scan, the device loses ICMP connectivity, causing the web application ... | 7.5 | HIGH | — | 0 |
| CVE-2025-9279 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limit Storm tests, the device reboots unexpectedly, ca... | 7.5 | HIGH | — | 0 |
| CVE-2025-9280 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. Fuzzing performed using Defensics causes the device to become unresponsive, requiring a reboot. | 7.5 | HIGH | — | 0 |
| CVE-2025-9281 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive step limit storm tests, the device reboots | 7.5 | HIGH | — | 0 |
| CVE-2025-9282 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive limited storm tests, the device reboots unexpectedly, cau... | 7.5 | HIGH | — | 0 |
| CVE-2025-9283 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP Step Limits Storms tests, the device reboots unexpectedly, ... | 7.5 | HIGH | — | 0 |
| CVE-2025-9464 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. This vulnerability is triggered during fuzzing of multiple CIP classes, which causes the CIP port to bec... | 7.5 | HIGH | — | 0 |
| CVE-2025-1722 IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-9465 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles Comprehensive grammar tests, the device reboots unexpectedly, causing t... | 7.5 | HIGH | — | 0 |
| CVE-2025-9466 A security issue exists within ArmorStart® LT that can result in a denial-of-service condition. During execution of the Achilles EtherNet/IP and CIP grammar tests, the device reboots unexpectedly, cau... | 7.5 | HIGH | — | 0 |
| CVE-2026-22844 A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access. | 9.9 | CRITICAL | — | 0 |
| CVE-2025-12985 IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. | 8.4 | HIGH | — | 0 |
| CVE-2025-13925 IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user. | 4.9 | MEDIUM | — | 0 |
| CVE-2025-14115 IBM Sterling Connect:Direct for UNIX Container 6.3.0.0 through 6.3.0.6 Interim Fix 016, and 6.4.0.0 through 6.4.0.3 Interim Fix 019 IBM® Sterling Connect:Direct for UNIX contains hard-coded credential... | 8.4 | HIGH | — | 0 |
| CVE-2025-15043 The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in al... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-15347 The Creator LMS – The LMS for Creators, Coaches, and Trainers plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability ... | 8.8 | HIGH | — | 0 |
| CVE-2025-15380 The NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar plugin for WordPress is vulnerable to DOM-Based Cross-Si... | 7.2 | HIGH | — | 0 |
| CVE-2025-36556 A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code ex... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-44000 A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript co... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-46270 A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascrip... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53516 A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53707 A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53854 A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript c... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-53912 An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker ca... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-54157 A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript ... | 6.1 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.