INCIBE
Products
6- 6 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1871 | Cri | 0.64 | 9.8 | 0.00 | Mar 3, 2025 | SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php. | ||
| CVE-2025-41343 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'. | ||
| CVE-2025-41337 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'. | ||
| CVE-2025-41336 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'. | ||
| CVE-2025-41114 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'. | ||
| CVE-2025-41113 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'. | ||
| CVE-2025-41112 | Hig | 0.49 | 7.5 | 0.00 | Nov 4, 2025 | A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'. | ||
| CVE-2024-4599 | Hig | 0.49 | 7.5 | 0.01 | May 7, 2024 | Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol. | ||
| CVE-2024-1345 | Med | 0.44 | 6.8 | 0.00 | Feb 19, 2024 | Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. | ||
| CVE-2025-41376 | Med | 0.34 | 5.3 | 0.01 | Aug 1, 2025 | CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid//token/fwyfw%0d%0aCookie:%20POC'. |
- risk 0.64cvss 9.8epss 0.00
SQL injection vulnerability have been found in 101news affecting version 1.0 through the "category" and "subcategory" parameters in admin/add-subcategory.php.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in '/backend/api/users/searchUserByEmail.php'.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and 'id_user' in '/backend/api/buscarDocumentosByIdDenunciaUsuario.php'.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in '/backend/api/buscarDenunciaByPin.php'.
- risk 0.49cvss 7.5epss 0.00
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros2.php'.
- risk 0.49cvss 7.5epss 0.01
Remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.
- risk 0.44cvss 6.8epss 0.00
Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password.
- risk 0.34cvss 5.3epss 0.01
CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid//token/fwyfw%0d%0aCookie:%20POC'.