Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-40556 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-3691 OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is... | N/A | NONE | β | 0 |
| CVE-2026-35578 Rejected reason: This CVE is a duplicate of another CVE.** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39940. Reason: This candidate is a reservation duplicate of CVE-2026-3994... | N/A | NONE | β | 0 |
| CVE-2025-15621 Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication | N/A | NONE | β | 0 |
| CVE-2026-0232 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows allows a local Windows administrator to disable the agent.Β This issue may be leveraged by malware to perform... | N/A | NONE | β | 0 |
| CVE-2026-1502 CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. | N/A | NONE | β | 0 |
| CVE-2026-39659 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-14813 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBlo... | N/A | NONE | β | 0 |
| CVE-2026-0636 Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is assoc... | N/A | NONE | β | 0 |
| CVE-2026-4656 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-20628 An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector ... | N/A | NONE | β | 0 |
| CVE-2026-7354 Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H... | N/A | NONE | β | 0 |
| CVE-2026-0233 A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code ... | N/A | NONE | β | 0 |
| CVE-2026-39937 Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure.Β The issue has been remed... | N/A | NONE | β | 0 |
| CVE-2026-7356 Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | N/A | NONE | β | 0 |
| CVE-2026-40552 mpGabinet is vulnerable to Remote Command Execution. An authorized user with access to the application and direct access to the backend database can achieve system command execution by uploading an at... | N/A | NONE | β | 0 |
| CVE-2026-5598 Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC... | N/A | NONE | β | 0 |
| CVE-2026-7357 Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chrom... | N/A | NONE | β | 0 |
| CVE-2026-33805 @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This all... | N/A | NONE | β | 0 |
| CVE-2026-7358 Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | N/A | NONE | β | 0 |
| CVE-2026-40551 mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the login verification process by manipulating the applica... | N/A | NONE | β | 0 |
| CVE-2026-7359 Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch... | N/A | NONE | β | 0 |
| CVE-2026-5131 GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to... | N/A | NONE | β | 0 |
| CVE-2026-35195 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a guest... | N/A | NONE | β | 0 |
| CVE-2026-35393 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, the POST multipart upload directory not sanitized. This vulnerability is fixed in 2.0.0-beta.3. | N/A | NONE | β | 0 |
| CVE-2026-35471 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.3, tdeleteFile() missing return after path traversal check. This vulnerability is fixed in 2.0.0-beta.3. | N/A | NONE | β | 0 |
| CVE-2026-5781 An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their p... | N/A | NONE | β | 0 |
| CVE-2026-3428 A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(εη‘倧ε ) allows a local user to achieve privilege escalation to Administrator via exploitation of a Ti... | N/A | NONE | β | 0 |
| CVE-2026-40308 My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments... | N/A | NONE | β | 0 |
| CVE-2026-5780 An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the endpoint '/minerva/moUser/show/'. If this vulnerability is successfully exploited, an authentica... | N/A | NONE | β | 0 |
| CVE-2026-34735 The Hytale Modding Wiki is a free service for Hytale mods to host their documentation & wikis. In version 1.2.0 and prior, the quickUpload() endpoint validates uploaded files by checking their MIME ty... | N/A | NONE | β | 0 |
| CVE-2026-34479 The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to rejec... | N/A | NONE | β | 0 |
| CVE-2026-40299 next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and t... | N/A | NONE | β | 0 |
| CVE-2026-39323 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39326. Reason: This candidate is a duplicate of CVE-2026-39326. Notes: All CVE users should reference CVE-2026-3932... | N/A | NONE | β | 0 |
| CVE-2026-34477 The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logg... | N/A | NONE | β | 0 |
| CVE-2026-29013 libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is... | N/A | NONE | β | 0 |
| CVE-2026-5777 This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticat... | N/A | NONE | β | 0 |
| CVE-2026-5779 An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the info... | N/A | NONE | β | 0 |
| CVE-2026-31412 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()`... | N/A | NONE | β | 0 |
| CVE-2026-35469 spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocati... | N/A | NONE | β | 0 |
| CVE-2026-39313 mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into... | N/A | NONE | β | 0 |
| CVE-2026-0234 An improper verification of cryptographic signature vulnerability exists in Cortex XSOAR and Cortex XSIAM platforms during integration of Microsoft Teams that enables an unauthenticated user to access... | N/A | NONE | β | 0 |
| CVE-2026-28728 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | β | 0 |
| CVE-2026-28704 Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck. | N/A | NONE | β | 0 |
| CVE-2026-31451 In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline ... | N/A | NONE | β | 0 |
| CVE-2026-31452 In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline ... | N/A | NONE | β | 0 |
| CVE-2026-4810 A Code Injection and Missing Authentication vulnerability in Google Agent Development Kit (ADK) versions 1.7.0 (and 2.0.0a1) through 1.28.1 (and 2.0.0a2) on Python (OSS), Cloud Run, and GKE allows an ... | N/A | NONE | β | 0 |
| CVE-2026-1115 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` fu... | N/A | NONE | β | 0 |
| CVE-2026-32271 Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allow... | N/A | NONE | β | 0 |
| CVE-2026-34455 Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort_by query param... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.