Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28470 OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syn... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69563 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1357 The Migration, Backup, Staging β WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is due to improper... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33640 Outline is a service that allows for collaborative documentation. Outline implements an Email OTP login flow for users not associated with an Identity Provider. Starting in version 0.86.0 and prior to... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40554 SolarWinds Web Help Desk was found to be susceptible to an authentication bypass vulnerability that, if exploited, could allow an attacker to invoke specific actions within Web Help Desk. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26002 Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory.... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40639 A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22903 An unauthenticated remote attacker can send a crafted HTTP request containing an overly long SESSIONID cookie. This can trigger a stack buffer overflow in the modified lighttpd server, causing it to c... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70039 An issue pertaining to CWE-78: Improper Neutralization of Special Elements used in an OS Command was discovered in linagora Twake v2023.Q1.1223. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28778 International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker c... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4182 A weakness has been identified in D-Link DIR-816 1.10CNB05. This impacts an unknown function of the file /goform/form2Wl5RepeaterStep2.cgi of the component goahead. This manipulation of the argument k... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4001 The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula eval() in the process_c... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37162 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malici... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40553 SolarWinds Web Help Desk was found to be susceptible to an untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the h... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25803 3DP-MANAGER is an inbound generator for 3x-ui. In version 2.0.1 and prior, the application automatically creates an administrative account with known default credentials (admin/admin) upon the first i... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25544 Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-29058 AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Ur... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69562 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2020-36964 YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the service by connecti... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25237 PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, use of preg_replace() with the /e modifier in bug update email handling can enable PHP code execution ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2038 GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authent... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37161 Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69809 A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66602 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts access by IP address. When a worm that randomly searches for IP addresses intrudes int... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66603 A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. The web server accepts the OPTIONS method. An attacker could potentially use this information to carry out ot... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40926 Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the ep... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69559 code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25236 PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN (...) list. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24832 Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3207 Configuration issueΒ in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34934 PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26702 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-29859 An arbitrary file upload vulnerability in aaPanel v7.57.0 allows attackers to execute arbitrary code via uploading a crafted file. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3891 The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69564 code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0953 The Tutor LMS Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 3.9.5 via the Social Login addon. This is due to the plugin failing to verify that t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2781 Integer overflow in the Libraries component in NSS. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, Thunderbird 140.8, and Firefox ESR 115.35. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33195 Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the r... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25220 Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malici... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2767 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4252 A vulnerability was identified in Tenda AC8 16.03.50.11. Affected by this issue is the function check_is_ipv6 of the component IPv6 Handler. The manipulation leads to reliance on ip address for authen... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4164 A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a mani... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25240 PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains() when role filters are provided as an arra... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67995 Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22563 A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.... | 9.8 | CRITICAL | β | 0 |
| CVE-2020-37153 ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to in... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4170 A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Han... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6350 MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4622 OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network. | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.