Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2015-0713 The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.2... | N/A | NONE | β | 0 |
| CVE-2015-0722 The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a ... | N/A | NONE | β | 0 |
| CVE-2025-9025 A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-26120 Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2015-1894 Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that ins... | N/A | NONE | β | 0 |
| CVE-2015-1895 IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the client... | N/A | NONE | β | 0 |
| CVE-2015-1896 Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2015-1899 IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2026-32169 Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | β | 0 |
| CVE-2015-1909 The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attacke... | N/A | NONE | β | 0 |
| CVE-2015-1910 Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remot... | N/A | NONE | β | 0 |
| CVE-2015-1911 Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in ... | N/A | NONE | β | 0 |
| CVE-2015-1915 The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in a... | N/A | NONE | β | 0 |
| CVE-2015-1921 Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a ... | N/A | NONE | β | 0 |
| CVE-2014-4774 Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to... | N/A | NONE | β | 0 |
| CVE-2014-4778 IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which al... | N/A | NONE | β | 0 |
| CVE-2014-6190 The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document. | N/A | NONE | β | 0 |
| CVE-2014-6192 Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authen... | N/A | NONE | β | 0 |
| CVE-2014-8926 Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 ... | N/A | NONE | β | 0 |
| CVE-2014-8927 Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 ... | N/A | NONE | β | 0 |
| CVE-2015-0120 Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors. | N/A | NONE | β | 0 |
| CVE-2015-0140 An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 on 32-bit platforms allows remote attackers to execute arbitrary code via a crafted HTML document. | N/A | NONE | β | 0 |
| CVE-2015-0156 Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x throug... | N/A | NONE | β | 0 |
| CVE-2015-0160 IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary commands with SYSTEM privileges via unspecifie... | N/A | NONE | β | 0 |
| CVE-2015-0161 SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands vi... | N/A | NONE | β | 0 |
| CVE-2015-0168 Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary web... | N/A | NONE | β | 0 |
| CVE-2015-0169 IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2015-0170 IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data. | N/A | NONE | β | 0 |
| CVE-2015-0171 Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files vi... | N/A | NONE | β | 0 |
| CVE-2015-0180 The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified ve... | N/A | NONE | β | 0 |
| CVE-2015-2120 Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2... | N/A | NONE | β | 0 |
| CVE-2025-9026 A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgi_main of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads ... | 7.3 | HIGH | β | 0 |
| CVE-2025-9028 A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql inject... | 7.3 | HIGH | β | 0 |
| CVE-2025-9047 A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection... | 7.3 | HIGH | β | 0 |
| CVE-2025-9050 A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 le... | 7.3 | HIGH | β | 0 |
| CVE-2025-9051 A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 ... | 7.3 | HIGH | β | 0 |
| CVE-2025-9052 A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. I... | 7.3 | HIGH | β | 0 |
| CVE-2015-2122 The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. | N/A | NONE | β | 0 |
| CVE-2015-2110 Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2015-2118 Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain sen... | N/A | NONE | β | 0 |
| CVE-2015-2121 HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEdit... | N/A | NONE | β | 0 |
| CVE-2015-2123 Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. | N/A | NONE | β | 0 |
| CVE-2015-2945 mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code v... | N/A | NONE | β | 0 |
| CVE-2025-9053 A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads t... | 7.3 | HIGH | β | 0 |
| CVE-2017-20199 A vulnerability was found in Buttercup buttercup-browser-extension up to 0.14.2. Affected by this vulnerability is an unknown functionality of the component Vault Handler. The manipulation results in ... | 3.1 | LOW | β | 0 |
| CVE-2025-9090 A vulnerability was identified in Tenda AC20 16.03.08.12. Affected is the function websFormDefine of the file /goform/telnet of the component Telnet Service. The manipulation leads to command injectio... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-9091 A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials. ... | 2.5 | LOW | β | 0 |
| CVE-2015-0540 SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via uns... | N/A | NONE | β | 0 |
| CVE-2015-0935 Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. | N/A | NONE | β | 0 |
| CVE-2015-2694 The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an inte... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.