Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-7073 A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack... | 7.3 | HIGH | โ | 0 |
| CVE-2026-7315 A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing a manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2211 A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4562 A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation re... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6188 A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6187 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6183 A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6167 A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injectio... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6166 A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipula... | 7.3 | HIGH | โ | 0 |
| CVE-2022-4987 Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute a... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6165 A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argum... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6004 A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6164 A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results i... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5584 A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-7146 A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/serv... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6038 A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argume... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6037 A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRA... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6036 A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the arg... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4528 A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-7157 A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py o... | 7.3 | HIGH | โ | 0 |
| CVE-2026-7147 A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performin... | 7.3 | HIGH | โ | 0 |
| CVE-2026-25076 Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5016 A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-sid... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5802 A vulnerability was identified in idachev mcp-javadc up to 1.2.4. Impacted is an unknown function of the component HTTP Interface. Such manipulation of the argument jarFilePath leads to os command inj... | 7.3 | HIGH | โ | 0 |
| CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit th... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4194 A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3780 The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to... | 7.3 | HIGH | โ | 0 |
| CVE-2026-6126 A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4504 A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. I... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3069 A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sq... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2938 A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/update_smtp.php. The manipulation... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3135 A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category caus... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3148 A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes s... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2940 A vulnerability was determined in Zaher1307 tiny_web_server up to 8d77b1044a0ca3a5297d8726ac8aa2cf944d481b. This affects the function tiny_web_server/tiny.c of the file tiny_web_server/tiny.c of the c... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5849 A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack m... | 7.3 | HIGH | โ | 0 |
| CVE-2026-27649 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allowsย multiple endpoints to connect using the same session identifier. This implementation results in predic... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5435 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write wh... | 7.3 | HIGH | โ | 0 |
| CVE-2026-33147 GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5669 A vulnerability has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This vulnerability affects unknown code of the file /login.php of the component Pa... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5974 A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command... | 7.3 | HIGH | โ | 0 |
| CVE-2026-5000 A vulnerability was detected in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. Impacted is the function LocalGPTHandler of the file backend/server.py of the component API Endpo... | 7.3 | HIGH | โ | 0 |
| CVE-2026-33492 WWBN AVideo is an open source video platform. In versions up to and including 26.0, AVideo's `_session_start()` function accepts arbitrary session IDs via the `PHPSESSID` GET parameter and sets them a... | 7.3 | HIGH | โ | 0 |
| CVE-2025-69720 The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c. | 7.3 | HIGH | โ | 0 |
| CVE-2026-2549 A vulnerability has been found in zhanghuanhao LibrarySystem ๅพไนฆ้ฆ็ฎก็็ณป็ป up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls. ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-7074 A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sq... | 7.3 | HIGH | โ | 0 |
| CVE-2026-29023 Keygraph Shannon contains a hard-coded API key in its router configuration that, when the router component is enabled and exposed, allows network attackers to authenticate using the publicly known sta... | 7.3 | HIGH | โ | 0 |
| CVE-2026-3068 A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to ... | 7.3 | HIGH | โ | 0 |
| CVE-2026-4838 A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql inje... | 7.3 | HIGH | โ | 0 |
| CVE-2026-2983 A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/import_users.php of the component Bulk Import... | 7.3 | HIGH | โ | 0 |
| CVE-2025-55263 HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcode... | 7.3 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.