Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-15550 birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET re... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1545 A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument ID can ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1546 A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component c... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1547 A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in comman... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24857 `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR ins... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-24888 Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from source objects wit... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1548 A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command inject... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1549 A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component Plugin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1550 A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the compo... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-24897 Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient vali... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-1551 A weakness has been identified in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/course/controller.php. Executing a manipulation of the argument ID can l... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-27069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1552 A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The at... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-53869 Multiple MFPs provided by Brother Industries, Ltd. does not properly validate server certificates, which may allow a man-in-the-middle attacker to replace the set of root certificates used by the prod... | 3.7 | LOW | — | 0 |
| CVE-2025-55704 Hidden functionality issue exists in multiple MFPs provided by Brother Industries, Ltd., which may allow an attacker to obtain the logs of the affected product and obtain sensitive information within ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14975 The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their... | 8.1 | HIGH | — | 0 |
| CVE-2026-1188 In the Eclipse OMR port library component since release 0.2.0, an API function to return the textual names of all supported processor features was not accounting for the separator inserted between pro... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23563 Improper Link Resolution Before File Access (invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-23564 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause normally... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23565 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause the Noma... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23566 A vulnerability in TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to inject, tamper... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23567 An integer underflow in the UDP command handler of the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23568 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent n... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23569 An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak sta... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23570 A missing validation of a user-controlled value in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an adjacent netwo... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23571 A command injection vulnerability was discovered in TeamViewer DEX (former 1E DEX), specifically within the 1E-Nomad-RunPkgStatusRequest instruction. Improper input validation allows authenticated att... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-22764 Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1588 A vulnerability was found in jishenghua jshERP up to 3.6. The impacted element is the function install of the file /jshERP-boot/plugin/installByPath of the component com.gitee.starblues.integration.op... | 2.7 | LOW | — | 0 |
| CVE-2020-36994 QlikView 12.50.20000.0 contains a denial of service vulnerability in the FTP server address input field that allows local attackers to crash the application. Attackers can paste a 300-character buffer... | 6.2 | MEDIUM | — | 0 |
| CVE-2020-36995 Mocha Telnet Lite for iOS 4.2 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the user configuration input. Attackers can overwrite the 'User'... | 7.5 | HIGH | — | 0 |
| CVE-2020-36997 BacklinkSpeed 2.4 contains a buffer overflow vulnerability that allows attackers to corrupt the Structured Exception Handler (SEH) chain through malicious file import. Attackers can craft a specially ... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-36999 Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by ... | 8.2 | HIGH | — | 0 |
| CVE-2020-37000 Free MP3 CD Ripper 2.8 contains a stack buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting a malicious WAV file with oversized payload. Attackers can leve... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37001 Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the Pack File feature that allows attackers to execute arbitrary code by overflowing the 'Archive To' input field. Attac... | 8.4 | HIGH | — | 0 |
| CVE-2020-37002 Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoin... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37005 TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject ... | 7.1 | HIGH | — | 0 |
| CVE-2020-37006 berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src_record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a craf... | 8.2 | HIGH | — | 0 |
| CVE-2020-37007 Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to c... | 5.3 | MEDIUM | — | 0 |
| CVE-2020-37008 EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak inp... | 7.5 | HIGH | — | 0 |
| CVE-2020-37009 MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpo... | 8.8 | HIGH | — | 0 |
| CVE-2020-37010 BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload to... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37011 Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a specially cra... | 7.5 | HIGH | — | 0 |
| CVE-2020-37012 Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious La... | 9.8 | CRITICAL | — | 0 |
| CVE-2020-37013 Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious pay... | 8.4 | HIGH | — | 0 |
| CVE-2020-37015 Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameter... | 7.5 | HIGH | — | 0 |
| CVE-2020-37016 BarcodeOCR 19.3.6 contains an unquoted service path vulnerability that allows local attackers to execute code with elevated privileges during system startup. Attackers can exploit the unquoted path in... | 7.8 | HIGH | — | 0 |
| CVE-2020-37017 CodeMeter 6.60 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary ... | 7.8 | HIGH | — | 0 |
| CVE-2020-37018 GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedde... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37020 SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe i... | 7.8 | HIGH | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.