Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-1930 The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the page_options_ajax_disconnect() function in all versions up to, and includ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6396 The Fast & Fancy Filter β 3F plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce verification in the saveFields() funct... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6294 The Google PageRank Display plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4. This is due to missing nonce validation in the gpdisplay_option() func... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4140 The Ni WooCommerce Order Export plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 3.1.6. This is due to missing nonce validation in the ni_order_expo... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4139 The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability chec... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4133 The TextP2P Texting Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.7. This is due to missing nonce validation in the imTextP2POptionPage(... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4128 The TP Restore Categories And Taxonomies plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.1. The delete_term() function, which handles the 'tpmcatt... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5535 A security flaw has been discovered in FedML-AI FedML up to 0.8.9. This impacts an unknown function of the file FileUtils.java of the component MQTT Message Handler. Performing a manipulation of the a... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-34082 Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6441 The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOptio... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4126 The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'table_manager' shortcode. The shortcode handler `tablemanage... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-22662 prompts.chat prior to commit 1464475 contains a blind server-side request forgery vulnerability in the Wiro media generator that allows authenticated users to perform server-side fetches of user-contr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4118 The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vul... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33829 Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0971 An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5864 Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5448 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Thi... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6487 A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pat... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6150 A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross si... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35541 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing t... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-40254 FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot(... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35041 fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular ... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-32602 Homarr is an open-source dashboard. Prior to 1.57.0, the user registration endpoint (/api/trpc/user.register) is vulnerable to a race condition that allows an attacker to create multiple user accounts... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma chara... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-40968 When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the s... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by chan... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35351 The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destinatio... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-41402 OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messa... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35624 OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms t... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-39413 LightRAG provides simple and fast retrieval-augmented generation. Prior to 1.4.14, the LightRAG API is vulnerable to a JWT algorithm confusion attack where an attacker can forge tokens by specifying '... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-24318 Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unautho... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-35177 Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, c... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-27683 SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script executes... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-22574 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.1 | MEDIUM | β | 0 |
| CVE-2025-43883 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploi... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-39845 Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable t... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-40566 FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery (SSRF) vulnerability in the IMAP/SMTP connection test functionality of FreeSc... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-35601 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT v... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-34860 Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 4.1 | MEDIUM | β | 0 |
| CVE-2025-36373 IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway coul... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-34858 UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.1 | MEDIUM | β | 0 |
| CVE-2026-40385 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-31804 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pms_image_proxy endpoint accepts a user-supplied img parameter and forwards it to Plex Medi... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-21767 HCL BigFix Platform is affected byΒ insufficient authentication.Β The application might allow users to access sensitive areas of the application without proper authentication. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40386 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-42254 Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-41282 ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | 4.0 | MEDIUM | β | 0 |
| CVE-2026-40394 Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sessi... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-41254 Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | 4.0 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.