Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28549 Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-27709 NanaZip is an open source file archive. Starting in version 5.0.1252.0 and prior to versions 6.0.1638.0 and 6.5.1638.0, NanaZip’s `.NET Single File Application` parser has an out-of-bounds read vulner... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-14604 IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-30897 A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions ... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-24640 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiW... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-24126 Weblate is a web based localization tool. Prior to 5.16.0, the SSH management console did not validate the passed input while adding the SSH host key, which could lead to an argument injection to `ssh... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-22284 Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-6839 Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior t... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-26274 October is a Content Management System (CMS) and web platform. Prior to 3.7.14 and 4.1.10, a vulnerability was identified in the Twig sandbox security policy that allowed database write operations whe... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-40450 Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-28207 Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.2, a command injection vulnerability (CWE-78) in the Zen C compiler allows local attackers to ex... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-4135 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file wr... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-35479 InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account ac... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-41664 Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-40449 Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-35255 Vulnerability in the Oracle Cloud Native Environment Command Line Interface product of Oracle Open Source Projects. The supported versions that is affected is v2.3.2. Easily exploitable vulnerability ... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-41666 Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-21419 Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileg... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-41667 Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-39641 Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-39639 Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Co... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3345 IBM Langflow Desktop <=1.8.4 Langflow could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6542 IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for ano... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-39633 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20133 A vulnerability in Cisco Catalyst SD-WAN Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file... | 6.5 | MEDIUM | KEV | 0 |
| CVE-2026-29647 In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabli... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34839 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Glances web server exposes a REST API (`/api/4/*`) that is accessible without authentication and allows cro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-5919 Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a c... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-42092 titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscri... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1602 SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-42091 goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler (httpserver/updown.go) lacks the CSRF token validation that was added to the POST upload handler during the CV... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-41062 WWBN AVideo is an open source video platform. In versions 29.0 and below, the directory traversal fix introduced in commit 2375eb5e0 for `objects/aVideoEncoderReceiveImage.json.php` only checks the UR... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67973 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-47404 Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6238 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-39488 Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-27679 Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prope... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24204 NVIDIA Flare SDK contains a vulnerability where an Attacker may cause an Improper Input Validation by path traversing. A successful exploit of this vulnerability may lead to information disclosure. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67993 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32541 Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premme... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Edito... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-68024 Missing Authorization vulnerability in Addonify Addonify – WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify – ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-34779 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFol... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to c... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32359 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: fro... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3773 The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escaping... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32356 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-42404 Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a polic... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.