Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-4838 A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql inje... | 7.3 | HIGH | β | 0 |
| CVE-2026-5435 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write wh... | 7.3 | HIGH | β | 0 |
| CVE-2026-36948 Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. | 7.3 | HIGH | β | 0 |
| CVE-2026-3151 A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql ... | 7.3 | HIGH | β | 0 |
| CVE-2026-7058 A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component... | 7.3 | HIGH | β | 0 |
| CVE-2026-3152 A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id caus... | 7.3 | HIGH | β | 0 |
| CVE-2025-70994 Yadea T5 Electric Bicycles (models manufactured in/after 2024) have a weak authentication mechanism in their keyless entry system. The system utilizes the EV1527 fixed-code RF protocol without impleme... | 7.3 | HIGH | β | 0 |
| CVE-2026-6189 A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2026-3153 A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql inject... | 7.3 | HIGH | β | 0 |
| CVE-2026-6129 A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing auth... | 7.3 | HIGH | β | 0 |
| CVE-2026-4624 A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a ... | 7.3 | HIGH | β | 0 |
| CVE-2025-68022 Missing Authorization vulnerability in soporteblue Plugin BlueX for WooCommerce bluex-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2865 A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3164 A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sq... | 7.3 | HIGH | β | 0 |
| CVE-2026-24045 Docmost is open-source collaborative wiki and documentation software. From 0.20.0 and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before ins... | 7.3 | HIGH | β | 0 |
| CVE-2026-7322 Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5841 A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal.... | 7.3 | HIGH | β | 0 |
| CVE-2026-5970 A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in c... | 7.3 | HIGH | β | 0 |
| CVE-2026-30616 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, ... | 7.3 | HIGH | β | 0 |
| CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | 7.3 | HIGH | β | 0 |
| CVE-2026-4562 A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation re... | 7.3 | HIGH | β | 0 |
| CVE-2026-4953 A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6105 A security vulnerability has been detected in perfree go-fastdfs-web up to 1.3.7. This affects an unknown part of the file src/main/java/com/perfree/controller/InstallController.java of the component ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3757 A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6158 A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. T... | 7.3 | HIGH | β | 0 |
| CVE-2026-40027 ALEAPP (Android Logs Events And Protobuf Parser) through 3.4.0 contains a path traversal vulnerability in the NQ_Vault.py artifact parser that uses attacker-controlled file_name_from values from a dat... | 7.3 | HIGH | β | 0 |
| CVE-2026-6182 A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of ... | 7.3 | HIGH | β | 0 |
| CVE-2026-31569 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointc_update_sw_coremap() can be empty, cur... | 7.3 | HIGH | β | 0 |
| CVE-2026-7036 A vulnerability was identified in Tenda i9 1.0.0.5(2204). This vulnerability affects the function R7WebsSecurityHandlerfunction of the component HTTP Handler. The manipulation leads to path traversal.... | 7.3 | HIGH | β | 0 |
| CVE-2026-6126 A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing... | 7.3 | HIGH | β | 0 |
| CVE-2026-7074 A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sq... | 7.3 | HIGH | β | 0 |
| CVE-2026-2867 A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql i... | 7.3 | HIGH | β | 0 |
| CVE-2026-5974 A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command... | 7.3 | HIGH | β | 0 |
| CVE-2026-6130 A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server M... | 7.3 | HIGH | β | 0 |
| CVE-2026-7227 A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in... | 7.3 | HIGH | β | 0 |
| CVE-2026-33021 libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a use-after-free vulnerability in sixel_encoder_encode_bytes() because sixel_frame_init(... | 7.3 | HIGH | β | 0 |
| CVE-2026-7131 A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/... | 7.3 | HIGH | β | 0 |
| CVE-2026-7206 A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extract_to_json of the file src/entry.py. Performing a manipulation of the argument output_fi... | 7.3 | HIGH | β | 0 |
| CVE-2026-3133 A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2026-3134 A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2026-4617 A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the c... | 7.3 | HIGH | β | 0 |
| CVE-2026-5195 A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql in... | 7.3 | HIGH | β | 0 |
| CVE-2025-15605 A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated att... | 7.3 | HIGH | β | 0 |
| CVE-2026-2689 A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql inje... | 7.3 | HIGH | β | 0 |
| CVE-2026-3765 A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql in... | 7.3 | HIGH | β | 0 |
| CVE-2026-3764 A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes im... | 7.3 | HIGH | β | 0 |
| CVE-2026-5534 A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such m... | 7.3 | HIGH | β | 0 |
| CVE-2026-2684 A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5540 A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-5346 A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulati... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.