Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-36427 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36428 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of s... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-36442 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a speci... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-25232 NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shellcode. Attackers can craft a malicious payload in ... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37023 Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with sy... | 8.8 | HIGH | β | 0 |
| CVE-2020-37024 Nidesoft DVD Ripper 5.2.18 contains a local buffer overflow vulnerability in the License Code registration parameter that allows attackers to execute arbitrary code. Attackers can craft a malicious pa... | 8.4 | HIGH | β | 0 |
| CVE-2020-37025 Port Forwarding Wizard 4.8.0 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code through a long request in the Register feature. Attackers can craft a malici... | 8.4 | HIGH | β | 0 |
| CVE-2020-37026 Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submi... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37027 Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extra scripts configuration. Attackers can set malicio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37028 Socusoft Photo to Video Converter Professional 8.07 contains a local buffer overflow vulnerability in the 'Output Folder' input field that allows attackers to execute arbitrary code. Attackers can cra... | 8.4 | HIGH | β | 0 |
| CVE-2020-37029 FTPDummy 4.80 contains a local buffer overflow vulnerability in its preference file handling that allows attackers to execute arbitrary code. Attackers can craft a malicious preference file with caref... | 8.4 | HIGH | β | 0 |
| CVE-2020-37031 Simple Startup Manager 1.17 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory through the 'File' input parameter. Attackers can craft... | 8.4 | HIGH | β | 0 |
| CVE-2020-37032 Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send... | 8.8 | HIGH | β | 0 |
| CVE-2020-37033 Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulne... | 8.2 | HIGH | β | 0 |
| CVE-2020-37034 HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET re... | 7.5 | HIGH | β | 0 |
| CVE-2020-37035 e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject... | 8.2 | HIGH | β | 0 |
| CVE-2020-37036 RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payl... | 8.4 | HIGH | β | 0 |
| CVE-2020-37038 Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5... | 7.5 | HIGH | β | 0 |
| CVE-2020-37039 Frigate 2.02 contains a denial of service vulnerability that allows attackers to crash the application by sending oversized input to the command line interface. Attackers can generate a payload of 800... | 7.5 | HIGH | β | 0 |
| CVE-2020-37040 Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vu... | 8.4 | HIGH | β | 0 |
| CVE-2025-47398 Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. | 7.8 | HIGH | β | 0 |
| CVE-2020-37041 OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with p... | 7.5 | HIGH | β | 0 |
| CVE-2020-37042 Frigate Professional 3.36.0.9 contains a local buffer overflow vulnerability in the 'Find Computer' feature that allows attackers to execute arbitrary code by overflowing the computer name input field... | 8.4 | HIGH | β | 0 |
| CVE-2020-37043 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the v... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37044 OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicio... | 5.4 | MEDIUM | β | 0 |
| CVE-2020-37046 Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attacker... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37049 Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the... | 8.4 | HIGH | β | 0 |
| CVE-2020-37050 Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with carefully constructed payload. Attackers can trigger th... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37052 AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands through malicious Java expression injectio... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37053 Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the ... | 7.1 | HIGH | β | 0 |
| CVE-2020-37054 Navigate CMS 2.8.7 contains a cross-site request forgery vulnerability that allows attackers to upload malicious extensions through a crafted HTML page. Attackers can trick authenticated administrator... | 4.3 | MEDIUM | β | 0 |
| CVE-2020-37056 Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to bypass protection middleware by manipulating request headers. Attackers can hardcode consistent IP va... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-15510 The NEX-Forms β Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-15525 The Ajax Load More β Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1431 The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function in all versions up to, and in... | 5.3 | MEDIUM | β | 0 |
| CVE-2020-37047 Deep Instinct Windows Agent 1.2.29.0 contains an unquoted service path vulnerability in the DeepMgmtService that allows local users to potentially execute code with elevated privileges. Attackers can ... | 7.8 | HIGH | β | 0 |
| CVE-2026-0683 The SupportCandy β Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. Th... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1251 The SupportCandy β Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' func... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-71181 In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71186 In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux pl... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71182 In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71188 In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux p... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23017 In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdev... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23018 In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrfs... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23027 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_de... | N/A | NONE | β | 0 |
| CVE-2026-23028 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device... | N/A | NONE | β | 0 |
| CVE-2026-23029 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_de... | N/A | NONE | β | 0 |
| CVE-2026-23030 In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_p... | N/A | NONE | β | 0 |
| CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploi... | 6.4 | MEDIUM | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.