Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6312 Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML pa... | 3.1 | LOW | β | 0 |
| CVE-2026-6313 Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (... | 3.1 | LOW | β | 0 |
| CVE-2026-33212 Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have... | 3.1 | LOW | β | 0 |
| CVE-2026-7360 Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cr... | 3.1 | LOW | β | 0 |
| CVE-2026-0397 When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information abou... | 3.1 | LOW | β | 0 |
| CVE-2026-33436 Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML u... | 3.1 | LOW | β | 0 |
| CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not valid... | 3.1 | LOW | β | 0 |
| CVE-2026-2475 IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acces... | 3.1 | LOW | β | 0 |
| CVE-2026-32696 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CON... | 3.1 | LOW | β | 0 |
| CVE-2026-35387 OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | 3.1 | LOW | β | 0 |
| CVE-2026-6611 A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation... | 3.1 | LOW | β | 0 |
| CVE-2026-3155 The OneSignal β Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user ... | 3.1 | LOW | β | 0 |
| CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) val... | 3.1 | LOW | β | 0 |
| CVE-2026-39419 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame... | 3.1 | LOW | β | 0 |
| CVE-2026-35538 An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | 3.1 | LOW | β | 0 |
| CVE-2026-0396 An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynB... | 3.1 | LOW | β | 0 |
| CVE-2026-34067 nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != p... | 3.1 | LOW | β | 0 |
| CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and h... | 3.0 | LOW | β | 0 |
| CVE-2026-5382 An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimat... | 3.0 | LOW | β | 0 |
| CVE-2026-40947 Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. | 2.9 | LOW | β | 0 |
| CVE-2026-22007 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE... | 2.9 | LOW | β | 0 |
| CVE-2026-34268 Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE... | 2.9 | LOW | β | 0 |
| CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | 2.9 | LOW | β | 0 |
| CVE-2026-40354 Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on g_file_trash. | 2.9 | LOW | β | 0 |
| CVE-2026-41403 OpenClaw before 2026.3.31 misclassifies proxied remote requests as loopback connections in the diffs viewer when allowRemoteViewer is disabled, allowing unauthorized access. Attackers can bypass acces... | 2.9 | LOW | β | 0 |
| CVE-2025-52641 HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying e... | 2.9 | LOW | β | 0 |
| CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | 2.9 | LOW | β | 0 |
| CVE-2026-21014 Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability. | 2.8 | LOW | β | 0 |
| CVE-2026-34781 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that call clipboard.readImage() may be... | 2.8 | LOW | β | 0 |
| CVE-2026-33762 go-git is an extensible git implementation library written in pure Go. Prior to version 5.17.1, go-gitβs index decoder for format version 4 fails to validate the path name prefix length before applyin... | 2.8 | LOW | β | 0 |
| CVE-2026-37590 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37589 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36945 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php | 2.7 | LOW | β | 0 |
| CVE-2026-36944 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36941 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php. | 2.7 | LOW | β | 0 |
| CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 2.7 | LOW | β | 0 |
| CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applicati... | 2.7 | LOW | β | 0 |
| CVE-2026-36923 Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36922 Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | 2.7 | LOW | β | 0 |
| CVE-2026-39347 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submission... | 2.7 | LOW | β | 0 |
| CVE-2026-36919 Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36943 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36942 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36873 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36872 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | 2.7 | LOW | β | 0 |
| CVE-2026-33415 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderato... | 2.7 | LOW | β | 0 |
| CVE-2025-9957 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authen... | 2.7 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.