Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5668 A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipul... | 2.4 | LOW | β | 0 |
| CVE-2026-6003 A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fn... | 2.4 | LOW | β | 0 |
| CVE-2026-5644 A security flaw has been discovered in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. Affected is an unknown function of the file /admin/Add%20notice/batch-notice.... | 2.4 | LOW | β | 0 |
| CVE-2026-5209 A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulat... | 2.4 | LOW | β | 0 |
| CVE-2026-7294 A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation of... | 2.4 | LOW | β | 0 |
| CVE-2026-6996 A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lea... | 2.4 | LOW | β | 0 |
| CVE-2026-6624 A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulat... | 2.4 | LOW | β | 0 |
| CVE-2026-7012 A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting.... | 2.4 | LOW | β | 0 |
| CVE-2026-5836 A vulnerability has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_product.php. The manipulation of the argument produ... | 2.4 | LOW | β | 0 |
| CVE-2026-5835 A flaw has been found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_football.php. Executing a manipulation of the argument... | 2.4 | LOW | β | 0 |
| CVE-2026-6997 A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner le... | 2.4 | LOW | β | 0 |
| CVE-2026-5834 A vulnerability was detected in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/admin_running.php. Performing a manipulation of the argument product_name result... | 2.4 | LOW | β | 0 |
| CVE-2026-6998 A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cro... | 2.4 | LOW | β | 0 |
| CVE-2026-6622 A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulatio... | 2.4 | LOW | β | 0 |
| CVE-2026-21006 Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. | 2.4 | LOW | β | 0 |
| CVE-2026-40336 libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884β885). When processing a sec... | 2.4 | LOW | β | 0 |
| CVE-2026-7011 A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/plugin_antispam of the component Antispam Plugin. Executing a m... | 2.4 | LOW | β | 0 |
| CVE-2026-21741 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may al... | 2.4 | LOW | β | 0 |
| CVE-2026-7295 A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the a... | 2.4 | LOW | β | 0 |
| CVE-2026-27307 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could ex... | 2.4 | LOW | β | 0 |
| CVE-2026-7013 A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mail_send Plugin. The manipulation of the argument f_subjec... | 2.4 | LOW | β | 0 |
| CVE-2026-6651 A security flaw has been discovered in erponline.xyz ERP Online up to 4.0.0. This vulnerability affects unknown code of the component Inventory Edit Item Page. The manipulation of the argument Item Na... | 2.4 | LOW | β | 0 |
| CVE-2026-27308 ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could ex... | 2.4 | LOW | β | 0 |
| CVE-2026-7281 A vulnerability was determined in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function supplier of the file /index.php?page=supplier. Executing a manipulation o... | 2.4 | LOW | β | 0 |
| CVE-2026-7297 A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation ... | 2.4 | LOW | β | 0 |
| CVE-2026-7090 A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument ms... | 2.4 | LOW | β | 0 |
| CVE-2026-7269 A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID r... | 2.4 | LOW | β | 0 |
| CVE-2026-7014 A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component down_count Plugin. This manipulation of the argument f_file/f_prefix causes cross site script... | 2.4 | LOW | β | 0 |
| CVE-2026-7015 A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f_text/f_slug/f_limit/f_email... | 2.4 | LOW | β | 0 |
| CVE-2026-7296 A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument ... | 2.4 | LOW | β | 0 |
| CVE-2026-6995 A security flaw has been discovered in BDCOM P3310D 0.4.2 10.1.0F Build 86345. The impacted element is an unknown function of the file /index.asp of the component New User Page. Performing a manipulat... | 2.4 | LOW | β | 0 |
| CVE-2026-7016 A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f_ushka_new/f_ushk results in cross site ... | 2.4 | LOW | β | 0 |
| CVE-2026-35250 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged... | 2.3 | LOW | β | 0 |
| CVE-2026-34764 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscree... | 2.3 | LOW | β | 0 |
| CVE-2026-41321 @astrojs/cloudflare is an SSR adapter for use with Cloudflare Workers targets. Prior to 13.1.10, the fetch() call for remote images in packages/integrations/cloudflare/src/utils/image-binding-transfor... | 2.2 | LOW | β | 0 |
| CVE-2026-5381 An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of ... | 2.2 | LOW | β | 0 |
| CVE-2026-34851 Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. | 2.2 | LOW | β | 0 |
| CVE-2026-27675 SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to... | 2.0 | LOW | β | 0 |
| CVE-2026-27949 Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the U... | 2.0 | LOW | β | 0 |
| CVE-2026-34850 Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. | 1.9 | LOW | β | 0 |
| CVE-2025-66447 Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-... | 0.0 | NONE | β | 0 |
| CVE-2026-41144 FΒ΄ (F Prime) is a framework that enables development and deployment of spaceflight and other embedded software applications. Prior to version 4.2.0, the bounds check byteOffset + dataSize > fileSize u... | 0.0 | NONE | β | 0 |
| CVE-2026-39660 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-41430 Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS.... | N/A | NONE | β | 0 |
| CVE-2026-3673 An authenticated attacker can store a crafted tag value in _user_tags and trigger JavaScript execution when a victim opens the list/report view where tags are rendered. The vulnerable renderer interpo... | N/A | NONE | β | 0 |
| CVE-2026-41170 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the `RestoreController.PostRestoreJob` endpoint allows an administrator to supply an a... | N/A | NONE | β | 0 |
| CVE-2026-40865 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other e... | N/A | NONE | β | 0 |
| CVE-2026-42516 This vulnerability exists in e-Sushrut due to improper authorization checks during resource access. An authenticated attacker could exploit this vulnerability by manipulating encoded parameters in the... | N/A | NONE | β | 0 |
| CVE-2026-40866 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overw... | N/A | NONE | β | 0 |
| CVE-2026-40867 Horilla is a free and open source Human Resource Management System (HRMS). In 1.5.0, a broken access control vulnerability in the helpdesk attachment viewer allows any authenticated user to view attac... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.