Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-50192 Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52482 Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious ... | 8.3 | HIGH | — | 0 |
| CVE-2025-58107 In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-m... | 7.5 | HIGH | — | 0 |
| CVE-2025-65465 A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via a crafted... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0995 An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. | 3.6 | LOW | — | 0 |
| CVE-2026-23600 A remote authentication bypass vulnerability exists in HPE AutoPass License Server (APLS). | N/A | NONE | — | 0 |
| CVE-2026-26884 Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | 2.7 | LOW | — | 0 |
| CVE-2026-24107 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the value of `usbPartitionName`, which is directly used in `doSystemCmd`, may lead to critical command injection vulnerabil... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24108 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and conc... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24109 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24111 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and pr... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24113 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and conc... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24114 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24115 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-50193 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This is... | 7.2 | HIGH | — | 0 |
| CVE-2025-50194 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.3... | 7.2 | HIGH | — | 0 |
| CVE-2025-50195 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versio... | 7.2 | HIGH | — | 0 |
| CVE-2025-50196 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This ... | 7.2 | HIGH | — | 0 |
| CVE-2025-50197 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This iss... | 7.2 | HIGH | — | 0 |
| CVE-2025-50198 Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST cou... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-50199 Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30. | 9.1 | CRITICAL | — | 0 |
| CVE-2025-52468 Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization o... | 8.8 | HIGH | — | 0 |
| CVE-2025-52469 Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add ... | 7.1 | HIGH | — | 0 |
| CVE-2025-52470 Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impro... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-52475 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is ... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52476 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/u... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52563 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22453 Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through <= 2.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-52564 Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as under... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-52998 Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary classe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66880 Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mod... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-0689 In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTT... | N/A | NONE | — | 0 |
| CVE-2026-24101 An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1 ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24110 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule,... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24112 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22454 Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through <= 2.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28403 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP... | 7.6 | HIGH | — | 0 |
| CVE-2026-28412 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47371 Transient DOS when an LTE RLC packet with invalid TB is received by UE. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47373 Memory Corruption when accessing buffers with invalid length during TA invocation. | 7.8 | HIGH | — | 0 |
| CVE-2025-47375 Memory corruption while handling different IOCTL calls from the user-space simultaneously. | 7.8 | HIGH | — | 0 |
| CVE-2025-47376 Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47377 Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. | 7.8 | HIGH | — | 0 |
| CVE-2025-47378 Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain. | 7.1 | HIGH | — | 0 |
| CVE-2025-47381 Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | — | 0 |
| CVE-2025-47383 Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE. | 7.2 | HIGH | — | 0 |
| CVE-2025-47384 Transient DOS when MAC configures config id greater than supported maximum value. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47385 Memory Corruption when accessing trusted execution environment without proper privilege check. | 7.8 | HIGH | — | 0 |
| CVE-2025-47386 Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. | 7.8 | HIGH | — | 0 |
| CVE-2026-22457 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.