Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2024-12467 The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient inpu... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-13798 The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verification... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-13564 The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.2... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-1361 The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() fun... | 7.5 | HIGH | — | 0 |
| CVE-2025-1553 A vulnerability was found in pankajindevops scale up to 3633544a00245d3df88b6d13d9b3dd0f411be7f6. It has been classified as problematic. Affected is an unknown function of the file /scale/project. The... | 3.5 | LOW | — | 0 |
| CVE-2024-13869 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_files' function in all versi... | 7.2 | HIGH | — | 0 |
| CVE-2025-0918 The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. Th... | 7.2 | HIGH | — | 0 |
| CVE-2025-1617 A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads... | 2.4 | LOW | — | 0 |
| CVE-2025-0953 The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. ... | 7.2 | HIGH | — | 0 |
| CVE-2024-12577 Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | 7.3 | HIGH | — | 0 |
| CVE-2024-46975 Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. | 7.9 | HIGH | — | 0 |
| CVE-2024-47896 Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | 3.3 | LOW | — | 0 |
| CVE-2024-52939 Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | 7.8 | HIGH | — | 0 |
| CVE-2025-1577 A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank System 1.0. Affected by this issue is some unknown functionality of the file /prostatus.php. The manipu... | 3.5 | LOW | — | 0 |
| CVE-2025-1579 A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argument... | 2.4 | LOW | — | 0 |
| CVE-2025-1581 A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /book-nurse.php?bookid=... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1629 A vulnerability was found in Excitel Broadband Private my Excitel App 3.13.0 on Android. It has been classified as problematic. Affected is an unknown function of the component One-Time Password Handl... | 3.5 | LOW | — | 0 |
| CVE-2025-1582 A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1583 A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/search-report-details.php. The manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-1586 A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /Blood/A-.php. The manipulation of the argume... | 3.5 | LOW | — | 0 |
| CVE-2025-1588 A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage-nurse.php. The manipulation of... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-1589 A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1590 A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-5174 A flaw in Gliffy results in broken authentication through the reset functionality of the application. | N/A | NONE | — | 0 |
| CVE-2025-0545 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-1591 A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php ... | 2.4 | LOW | — | 0 |
| CVE-2025-1592 A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Ro... | 2.4 | LOW | — | 0 |
| CVE-2025-1593 A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the compo... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-1596 A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2025-1597 A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulatio... | 3.5 | LOW | — | 0 |
| CVE-2025-1598 A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/ass... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-53543 NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the addProject method in the smarttimeplus/MySQLConnection endpoint. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-1599 A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_c... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-1606 A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulati... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1613 A vulnerability was found in FiberHome AN5506-01A ONU GPON RP2511. It has been rated as problematic. This issue affects some unknown processing of the file /goform/URL_filterCfg of the component URL F... | 2.4 | LOW | — | 0 |
| CVE-2025-1614 A vulnerability classified as problematic has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected is an unknown function of the file /goform/portForwardingCfg of the component Port Forwarding... | 2.4 | LOW | — | 0 |
| CVE-2025-1615 A vulnerability classified as problematic was found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this vulnerability is an unknown functionality of the component NAT Submenu. The manipulation o... | 2.4 | LOW | — | 0 |
| CVE-2025-1616 A vulnerability, which was classified as critical, has been found in FiberHome AN5506-01A ONU GPON RP2511. Affected by this issue is some unknown functionality of the component Diagnosis. The manipula... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-1632 A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. I... | 3.3 | LOW | — | 0 |
| CVE-2024-12916 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025. | 8.8 | HIGH | — | 0 |
| CVE-2024-12917 Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue ... | 8.3 | HIGH | — | 0 |
| CVE-2024-12918 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025. | 8.8 | HIGH | — | 0 |
| CVE-2025-23017 WorkOS Hosted AuthKit before 2025-01-07 allows a password authentication MFA bypass (by enrolling a new authentication factor) when the attacker knows the user's password. No exploitation occurred. | 6.0 | MEDIUM | — | 0 |
| CVE-2025-26883 Missing Authorization vulnerability in bPlugins Animated Text Block allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Animated Text Block: from n/a through 1.... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27265 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aaron D. Campbell Google Maps for WordPress allows DOM-Based XSS. This issue affects Google Maps f... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27266 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignacio Perez Hover Image Button allows DOM-Based XSS. This issue affects Hover Image Button: from... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-27272 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in vinagecko VG PostCarousel allows PHP Local File Inclusion. This issue affects V... | 7.5 | HIGH | — | 0 |
| CVE-2025-27276 Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Photo Gallery ( Responsive ) allows Privilege Escalation. This issue affects Photo Gallery ( Responsive ): from n/a through 4.0. | 8.8 | HIGH | — | 0 |
| CVE-2025-27277 Cross-Site Request Forgery (CSRF) vulnerability in tiefpunkt Add Linked Images To Gallery allows Cross Site Request Forgery. This issue affects Add Linked Images To Gallery: from n/a through 1.4. | 7.1 | HIGH | — | 0 |
| CVE-2024-53544 NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 was discovered to contain a SQL injection vulnerability via the getCookieNames method in the smarttimeplus/MySQLConnection endpoint. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.