Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-35408 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response ... | 8.7 | HIGH | β | 0 |
| CVE-2026-39333 ChurchCRM is an open-source church management system. Prior to 7.1.0, he FindFundRaiser.php endpoint reflects user-supplied input (DateStart and DateEnd) into HTML input field attributes without prope... | 8.7 | HIGH | β | 0 |
| CVE-2026-32277 Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1... | 8.7 | HIGH | β | 0 |
| CVE-2026-34728 phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the MediaBrowserController::index() method handles file deletion for the media browser. When the fileRemove action is triggered,... | 8.7 | HIGH | β | 0 |
| CVE-2026-33172 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.14 and 6.7.0, a stored XSS vulnerability in SVG asset reuploads allows authenticated users with asset uplo... | 8.7 | HIGH | β | 0 |
| CVE-2026-35218 Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive wi... | 8.7 | HIGH | β | 0 |
| CVE-2026-35214 Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() withou... | 8.7 | HIGH | β | 0 |
| CVE-2026-33631 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced... | 8.7 | HIGH | β | 0 |
| CVE-2026-33226 Budibase is a low code platform for creating internal tools, workflows, and admin panels. In versions from 3.30.6 and prior, the REST datasource query preview endpoint (POST /api/queries/preview) make... | 8.7 | HIGH | β | 0 |
| CVE-2026-35554 A race condition in the Apache Kafka Java producer clientβs buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeou... | 8.7 | HIGH | β | 0 |
| CVE-2026-35576 ChurchCRM is an open-source church management system. Prior to 7.0.0, a stored cross-site scripting (XSS) vulnerability exists in ChurchCRM within the Person Property Management subsystem. This issue ... | 8.7 | HIGH | β | 0 |
| CVE-2026-40909 WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path a... | 8.7 | HIGH | β | 0 |
| CVE-2026-41241 pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown ... | 8.7 | HIGH | β | 0 |
| CVE-2026-35169 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the he... | 8.7 | HIGH | β | 0 |
| CVE-2026-34577 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the GET /public/stream endpoint in PublicController accepts a user-supplied url query parameter and proxies the full HTTP respons... | 8.6 | HIGH | β | 0 |
| CVE-2026-22739 Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible t... | 8.6 | HIGH | β | 0 |
| CVE-2026-31913 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. | 8.6 | HIGH | β | 0 |
| CVE-2026-22460 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax FormGent formgent allows Path Traversal.This issue affects FormGent: from n/a through <= 1.7.0. | 8.6 | HIGH | β | 0 |
| CVE-2026-32721 LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered... | 8.6 | HIGH | β | 0 |
| CVE-2026-23658 Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-24302 Improper access control in Azure Arc allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-39983 basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), ... | 8.6 | HIGH | β | 0 |
| CVE-2026-33191 Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker... | 8.6 | HIGH | β | 0 |
| CVE-2026-26138 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-26139 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | β | 0 |
| CVE-2025-62599 eprosima Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode... | 8.6 | HIGH | β | 0 |
| CVE-2026-33480 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `isSSRFSafeURL()` function in AVideo can be bypassed using IPv4-mapped IPv6 addresses (`::ffff:x.x.x.x`). The un... | 8.6 | HIGH | β | 0 |
| CVE-2026-4687 Sandbox escape due to incorrect boundary conditions in the Telemetry component. This vulnerability was fixed in Firefox 149, Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140... | 8.6 | HIGH | β | 0 |
| CVE-2026-33752 curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this... | 8.6 | HIGH | β | 0 |
| CVE-2026-33166 Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversa... | 8.6 | HIGH | β | 0 |
| CVE-2026-34622 Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability ... | 8.6 | HIGH | β | 0 |
| CVE-2026-41055 WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities whe... | 8.6 | HIGH | β | 0 |
| CVE-2025-10681 Storage credentials are hardcoded in the mobile app and device firmware. These credentials do not adequately limit end user permissions and do not expire within a reasonable amount of time. This vulne... | 8.6 | HIGH | β | 0 |
| CVE-2026-40158 PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running u... | 8.6 | HIGH | β | 0 |
| CVE-2026-34160 Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessibl... | 8.6 | HIGH | β | 0 |
| CVE-2026-34413 Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauth... | 8.6 | HIGH | β | 0 |
| CVE-2026-28500 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improp... | 8.6 | HIGH | β | 0 |
| CVE-2026-5367 A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cau... | 8.6 | HIGH | β | 0 |
| CVE-2026-33039 WWBN AVideo is an open source video platform. In versions 25.0 and below, the plugin/LiveLinks/proxy.php endpoint validates user-supplied URLs against internal/private networks using isSSRFSafeURL(), ... | 8.6 | HIGH | β | 0 |
| CVE-2026-30920 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.19, OneUptime's GitHub App callback trusts attacker-controlled state and installation_id values and updates Project.g... | 8.6 | HIGH | β | 0 |
| CVE-2026-26150 Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-21333 Illustrator versions 29.8.4, 30.1 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current user. Exploitati... | 8.6 | HIGH | β | 0 |
| CVE-2026-3511 Improper Restriction of XML External Entity Reference vulnerability in XMLUtils.java in Slovensko.Digital Autogram allows remote unauthenticated attacker to conduct SSRF (Server Side Request Forgery) ... | 8.6 | HIGH | β | 0 |
| CVE-2026-32255 Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts... | 8.6 | HIGH | β | 0 |
| CVE-2025-69376 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fiel... | 8.6 | HIGH | β | 0 |
| CVE-2025-15620 HiOS Switch Platform versions 09.1.00 prior to 09.4.05 and 10.3.01 contains a denial-of-service vulnerability in the web interface that allows remote attackers to reboot the affected device by sending... | 8.6 | HIGH | β | 0 |
| CVE-2025-69662 SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the to_postgis()` function being used to write GeoDataFrames to a PostgreSQL database. | 8.6 | HIGH | β | 0 |
| CVE-2025-69379 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload ... | 8.6 | HIGH | β | 0 |
| CVE-2025-4686 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assess... | 8.6 | HIGH | β | 0 |
| CVE-2025-13379 IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete inf... | 8.6 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.