Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-4686 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess... | 8.6 | HIGH | — | 0 |
| CVE-2025-7964 After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a non-rejoinable state... | N/A | NONE | — | 0 |
| CVE-2026-1686 A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argum... | 8.8 | HIGH | — | 0 |
| CVE-2026-1687 A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-1688 A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument U... | 7.3 | HIGH | — | 0 |
| CVE-2026-24854 ChurchCRM is an open-source church management system. A SQL Injection vulnerability exists in endpoint `/PaddleNumEditor.php` in ChurchCRM prior to version 6.7.2. Any authenticated user, including one... | 8.8 | HIGH | — | 0 |
| CVE-2026-24855 ChurchCRM is an open-source church management system. Versions prior to 6.7.2 have a Stored Cross-Site Scripting (XSS) vulnerability occurs in Create Events in Church Calendar. Users with low privileg... | 5.4 | MEDIUM | — | 0 |
| CVE-2020-36966 Dolibarr 11.0.3 contains a persistent cross-site scripting vulnerability in LDAP synchronization settings that allows attackers to inject malicious scripts through multiple parameters. Attackers can e... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-36996 PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScri... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-36998 Forma.lms The E-Learning Suite 2.3.0.2 contains a persistent cross-site scripting vulnerability in multiple course and profile parameters. Attackers can inject malicious scripts in course code, name, ... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37003 Sellacious eCommerce 4.6 contains a persistent cross-site scripting vulnerability in the Manage Your Addresses module that allows attackers to inject malicious scripts. Attackers can exploit multiple ... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37014 Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by ... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37019 Orchard Core RC1 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts through blog post creation. Attackers can create blog posts with embe... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37022 OpenZ ERP 3.6.60 contains a persistent cross-site scripting vulnerability in the Employee module's name and description parameters. Attackers can inject malicious scripts through POST requests to , en... | 6.4 | MEDIUM | — | 0 |
| CVE-2020-37030 Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | — | 0 |
| CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that wil... | 7.8 | HIGH | — | 0 |
| CVE-2020-37059 Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious... | 7.8 | HIGH | — | 0 |
| CVE-2020-37060 Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit th... | 7.8 | HIGH | — | 0 |
| CVE-2026-1689 A vulnerability was detected in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login I... | 7.3 | HIGH | — | 0 |
| CVE-2025-62349 Salt contains an authentication protocol version downgrade weakness that can allow a malicious minion to bypass newer authentication/security features by using an older request payload format, enablin... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-1690 A flaw has been found in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. This affects the function system of the file /boaform/formSysCmd. This manipulation of the argument sysCmd causes command injec... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1700 A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message cause... | 3.5 | LOW | — | 0 |
| CVE-2025-15497 Insufficient epoch key slot processing in OpenVPN 2.7_alpha1 through 2.7_rc5 allows remote authenticated users to trigger an assert resulting in a denial of service | N/A | NONE | — | 0 |
| CVE-2026-1701 A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2026-1702 A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing ... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-9432 Cleartext Storage of Sensitive Information vulnerability in OpenText™ Vertica allows Retrieve Embedded Sensitive Data. The vulnerability could read Vertica agent plaintext apikey.This issue affects... | N/A | NONE | — | 0 |
| CVE-2025-51958 aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-62348 Salt's junos execution module contained an unsafe YAML decode/load usage. A specially crafted YAML payload processed by the junos module could lead to unintended code execution under the context of th... | 7.8 | HIGH | — | 0 |
| CVE-2025-11175 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension a... | N/A | NONE | — | 0 |
| CVE-2026-23835 LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowin... | N/A | NONE | — | 0 |
| CVE-2025-24293 # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The d... | N/A | NONE | — | 0 |
| CVE-2026-1723 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1498... | N/A | NONE | — | 0 |
| CVE-2026-25130 Cybersecurity AI (CAI) is a framework for AI Security. In versions up to and including 0.5.10, the CAI (Cybersecurity AI) framework contains multiple argument injection vulnerabilities in its function... | 9.6 | CRITICAL | — | 0 |
| CVE-2025-2668 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted qu... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36001 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL state... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36009 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36070 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tab... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36423 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36098 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resou... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36123 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36184 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unn... | 7.2 | HIGH | — | 0 |
| CVE-2025-36353 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special el... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-1705 A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function ad_virtual_server_vdsl of the component Web Interface. Performing a manipulation of the argum... | 2.4 | LOW | — | 0 |
| CVE-2025-36365 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-36366 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger a... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36384 IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element. | 8.4 | HIGH | — | 0 |
| CVE-2025-36387 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-36407 IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1703 When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation dire... | N/A | NONE | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.