Vulnerabilidades CVE

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user suppl...

The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level ...

The Embed Google Datastudio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'egds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sa...

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input s...

The Side Slide Responsive Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a fun...

The Ultimate Blogroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on a function. ...

An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to disrupt access to...

A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the a...

A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results ...

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall backgroun...

Wi-SUN unexpected 4- Way Handshake packet receptions may lead to predictable keys and potentially leading to Man in the middle (MitM) attack

An issue has been discovered in GitLab CE/EE affecting all versions from 7.12 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed unauthorized users to render the GitLab ...

The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the contributor role to ...

WTW-EAGLE App does not properly validate server certificates, which may allow a man-in-the-middle attacker to monitor encrypted traffic.

An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to make unintended ...

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrato...

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-leve...

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lws_cl_delete_file' function in all versions up to, and including, 2.4.1....

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by...

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by...

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature veri...

Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the configured request body...

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requ...

An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password. NOTE: the Supplier's position is that their "product lines enforce or clearly prompt us...

An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password

PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.

An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, an...

A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local...

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows ...

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including...

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to, an...

A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId...

A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side req...

A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cro...

A vulnerability has been found in cdevroe unmark up to 1.9.3. This issue affects some unknown processing of the file /application/controllers/Marks.php. Such manipulation of the argument Title leads t...

A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross si...

A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/change_log.php of the ...

A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authoriza...

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the ar...

A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such m...

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-...

A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server...

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of ...

A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can man...

A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipula...

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privilege...

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argu...

A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation of the argument delid can l...