Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-37598 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. | 2.7 | LOW | β | 0 |
| CVE-2026-37597 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. | 2.7 | LOW | β | 0 |
| CVE-2026-27769 Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Wor... | 2.7 | LOW | β | 0 |
| CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 2.7 | LOW | β | 0 |
| CVE-2026-36952 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36942 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36943 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php. | 2.7 | LOW | β | 0 |
| CVE-2026-39349 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaint... | 2.7 | LOW | β | 0 |
| CVE-2026-36920 Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php. | 2.7 | LOW | β | 0 |
| CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applicati... | 2.7 | LOW | β | 0 |
| CVE-2026-37589 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37590 SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37591 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37592 Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37593 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36950 Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36938 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36937 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37594 SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36873 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36872 Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | 2.7 | LOW | β | 0 |
| CVE-2026-36946 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | 2.7 | LOW | β | 0 |
| CVE-2026-1272 IBM Guardium Data Protection 12.0, 12.1, and 12.2 is vulnerable to Security Misconfiguration vulnerability in the user access control panel. | 2.7 | LOW | β | 0 |
| CVE-2026-3307 An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated by... | 2.7 | LOW | β | 0 |
| CVE-2026-40264 OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their toke... | 2.7 | LOW | β | 0 |
| CVE-2026-6416 Tanium addressed an uncontrolled resource consumption vulnerability in Interact. | 2.7 | LOW | β | 0 |
| CVE-2026-39347 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submission... | 2.7 | LOW | β | 0 |
| CVE-2026-34762 Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but neve... | 2.7 | LOW | β | 0 |
| CVE-2026-6392 Tanium addressed an information disclosure vulnerability in Threat Response. | 2.7 | LOW | β | 0 |
| CVE-2026-6408 Tanium addressed an information disclosure vulnerability in Tanium Server. | 2.7 | LOW | β | 0 |
| CVE-2026-39510 Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Se... | 2.7 | LOW | β | 0 |
| CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an... | 2.7 | LOW | β | 0 |
| CVE-2026-22001 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploita... | 2.7 | LOW | β | 0 |
| CVE-2026-34203 Nautobot is a Network Source of Truth and Network Automation Platform. Prior to versions 2.4.30 and 3.0.10, user creation and editing via the REST API fails to apply the password validation rules defi... | 2.7 | LOW | β | 0 |
| CVE-2026-6597 A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow... | 2.7 | LOW | β | 0 |
| CVE-2026-6842 A flaw was found in nano. In environments with permissive umask settings, a local attacker can exploit incorrect directory permissions (0777 instead of 0700) for the `~/.local` directory. This allows ... | 2.5 | LOW | β | 0 |
| CVE-2026-5310 A vulnerability was identified in Enter Software Iperius Backup up to 8.7.2. This impacts an unknown function of the file IperiusAccounts.ini. Such manipulation leads to use of hard-coded cryptographi... | 2.5 | LOW | β | 0 |
| CVE-2026-35388 OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | 2.5 | LOW | β | 0 |
| CVE-2026-5420 A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.java of the component cats.goods.sort.sorting.games. P... | 2.5 | LOW | β | 0 |
| CVE-2026-32970 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote... | 2.5 | LOW | β | 0 |
| CVE-2026-34849 UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | 2.5 | LOW | β | 0 |
| CVE-2026-6999 A flaw has been found in BIVOCOM TR321 21.1.1.50. Affected by this vulnerability is an unknown functionality of the component Wireless Setting. This manipulation of the argument Network Name SSID caus... | 2.4 | LOW | β | 0 |
| CVE-2026-7016 A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site ... | 2.4 | LOW | β | 0 |
| CVE-2026-7000 A vulnerability has been found in Datacom DM4100 1.3.6.1.4.1.3709. Affected by this issue is some unknown functionality of the component VLAN Page. Such manipulation of the argument VLAN Name leads to... | 2.4 | LOW | β | 0 |
| CVE-2026-7001 A vulnerability was found in Datacom DM4100 1.3.6.1.4.1.3709. This affects an unknown part of the component Ethernet Configuration Page. Performing a manipulation of the argument Name results in cross... | 2.4 | LOW | β | 0 |
| CVE-2026-7027 A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to c... | 2.4 | LOW | β | 0 |
| CVE-2026-5668 A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipul... | 2.4 | LOW | β | 0 |
| CVE-2026-7269 A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID r... | 2.4 | LOW | β | 0 |
| CVE-2026-7296 A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument ... | 2.4 | LOW | β | 0 |
| CVE-2026-40336 libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884β885). When processing a sec... | 2.4 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.