Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2025-5097 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-5223 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-5242 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-20063 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | 3.3 | LOW | — | 0 |
| CVE-2025-21082 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion. | 3.3 | LOW | — | 0 |
| CVE-2025-23235 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read. | 3.3 | LOW | — | 0 |
| CVE-2025-24493 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-25217 in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | 3.3 | LOW | — | 0 |
| CVE-2025-26691 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-26693 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. | 3.3 | LOW | — | 0 |
| CVE-2025-5847 A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the compo... | 8.8 | HIGH | — | 0 |
| CVE-2025-5848 A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HT... | 8.8 | HIGH | — | 0 |
| CVE-2025-5849 A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5850 A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5851 A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Req... | 8.8 | HIGH | — | 0 |
| CVE-2025-25209 The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it to the referre... | 5.7 | MEDIUM | — | 0 |
| CVE-2025-5852 A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5853 A vulnerability classified as critical was found in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg. The manipulation of ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5854 A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of ... | 8.8 | HIGH | — | 0 |
| CVE-2025-5855 A vulnerability, which was classified as critical, was found in Tenda AC6 15.03.05.16. This affects the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2025-5856 A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2025-5857 A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulat... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5858 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The manipulation... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5859 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /test-detail... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-5860 A vulnerability, which was classified as critical, was found in PHPGurukul Maid Hiring Management System 1.0. This affects an unknown part of the file /admin/search-booking-request.php. The manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2025-5861 A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2025-5862 A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2025-25208 A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster | 5.7 | MEDIUM | — | 0 |
| CVE-2025-3581 The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privil... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-3582 The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-4652 The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-5863 A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument... | 8.8 | HIGH | — | 0 |
| CVE-2025-5864 A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the compon... | 3.7 | LOW | — | 0 |
| CVE-2025-5893 Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5894 Smart Parking Management System from Honding Technology has a Missing Authorization vulnerability, allowing remote attackers with regular privileges to access a specific functionality to create admini... | 8.8 | HIGH | — | 0 |
| CVE-2025-42984 SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the entity making ... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-5870 A vulnerability has been found in TRENDnet TV-IP121W 1.1.1 Build 36 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/setup.cgi of the component... | 7.3 | HIGH | — | 0 |
| CVE-2025-5871 A vulnerability was found in Papendorf SOL Connect Center 3.3.0.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation l... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-5872 A vulnerability was found in eGauge EG3000 Energy Monitor 3.6.3. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to missing... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-27709 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the Service Account Auditing reports. | 8.3 | HIGH | — | 0 |
| CVE-2025-36528 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in Service Account Auditing reports. | 8.3 | HIGH | — | 0 |
| CVE-2025-41437 Zohocorp ManageEngine OpManager, NetFlow Analyzer, Network Configuration Manager, Firewall Analyzer and OpUtils versions 128565 and below are vulnerable to Reflected XSS on the login page. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-41444 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the alerts module. | 8.3 | HIGH | — | 0 |
| CVE-2025-42987 SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the a... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-5875 A vulnerability classified as critical has been found in TP-LINK Technologies TL-IPC544EP-W4 1.0.9 Build 240428 Rel 69493n. Affected is the function sub_69064 of the file /bin/main. The manipulation o... | 8.8 | HIGH | — | 0 |
| CVE-2025-5876 A vulnerability classified as problematic was found in Lucky LM-520-SC, LM-520-FSC and LM-520-FSC-SAM up to 20250321. Affected by this vulnerability is an unknown functionality. The manipulation leads... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-49006 Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementati... | N/A | NONE | — | 0 |
| CVE-2025-49013 WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.ev... | 9.9 | CRITICAL | — | 0 |
| CVE-2025-49130 Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validat... | N/A | NONE | — | 0 |
| CVE-2025-42989 RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact... | 9.6 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.