Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-22371 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Gustavo gustavo allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2026-28014 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | β | 0 |
| CVE-2026-28458 OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp WebSocket endpoint in which it does not require authentication... | 8.1 | HIGH | β | 0 |
| CVE-2026-27339 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Buzz Stone | Magazine & Viral Blog WordPress Theme buzzstone allow... | 8.1 | HIGH | β | 0 |
| CVE-2026-28013 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Kratz kratz allows PHP Local File Inclusion.This issue affects Kratz: ... | 8.1 | HIGH | β | 0 |
| CVE-2026-27342 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopFit - Fitness and Gym WordPress Theme topfit allows PHP Local ... | 8.1 | HIGH | β | 0 |
| CVE-2026-28472 OpenClaw versions prior to 2026.2.2 contain a vulnerability in the gateway WebSocket connect handshake in which it allows skipping device identity checks when auth.token is present but not validated. ... | 8.1 | HIGH | β | 0 |
| CVE-2026-27340 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Apollo | Night Club, DJ Event WordPress Theme apollo allows PHP Lo... | 8.1 | HIGH | β | 0 |
| CVE-2026-27341 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes TopScorer - Sports WordPress Theme topscorer allows PHP Local Fil... | 8.1 | HIGH | β | 0 |
| CVE-2026-22367 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Coworking coworking allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | β | 0 |
| CVE-2025-68539 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from... | 8.1 | HIGH | β | 0 |
| CVE-2021-47909 Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' ... | 8.1 | HIGH | β | 0 |
| CVE-2026-22413 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MalgrΓ© malgre allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | β | 0 |
| CVE-2026-22412 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona... | 8.1 | HIGH | β | 0 |
| CVE-2025-69410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2025-69407 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2026-22408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2026-24017 An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0... | 8.1 | HIGH | β | 0 |
| CVE-2026-22405 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Overton overton allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2025-67981 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Besa besa allows PHP Local File Inclusion.This issue affects Besa: from... | 8.1 | HIGH | β | 0 |
| CVE-2026-32247 Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction... | 8.1 | HIGH | β | 0 |
| CVE-2026-26367 eNet SMART HOME server 2.2.1 and 2.3.1 contains a missing authorization vulnerability in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user (UG_USER) to delete ar... | 8.1 | HIGH | β | 0 |
| CVE-2026-32260 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix... | 8.1 | HIGH | β | 0 |
| CVE-2025-59541 Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victimβs consent.... | 8.1 | HIGH | β | 0 |
| CVE-2026-27989 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Quanzo quanzo allows PHP Local File Inclusion.This issue affects Quanz... | 8.1 | HIGH | β | 0 |
| CVE-2026-28272 Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a confi... | 8.1 | HIGH | β | 0 |
| CVE-2026-1779 The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member'... | 8.1 | HIGH | β | 0 |
| CVE-2026-25221 PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forg... | 8.1 | HIGH | β | 0 |
| CVE-2026-26362 Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to ... | 8.1 | HIGH | β | 0 |
| CVE-2026-28123 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil:... | 8.1 | HIGH | β | 0 |
| CVE-2026-30851 Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injec... | 8.1 | HIGH | β | 0 |
| CVE-2026-28120 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue a... | 8.1 | HIGH | β | 0 |
| CVE-2026-28119 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Nirvana nir-vana allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2025-69090 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remon... | 8.1 | HIGH | β | 0 |
| CVE-2026-28118 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-28117 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | β | 0 |
| CVE-2025-62501 SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows attackers to obtain device credentials through a specially crafted manβinβtheβmiddle (MITM) attack.Β Th... | 8.1 | HIGH | β | 0 |
| CVE-2026-28086 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Run Gran run-gran allows PHP Local File Inclusion.This issue affects R... | 8.1 | HIGH | β | 0 |
| CVE-2025-65128 A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and... | 8.1 | HIGH | β | 0 |
| CVE-2026-29067 ZITADEL is an open source identity management platform. From version 4.0.0-rc.1 to 4.7.0, a potential vulnerability exists in ZITADEL's password reset mechanism in login V2. ZITADEL utilizes the Forwa... | 8.1 | HIGH | β | 0 |
| CVE-2026-28085 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mahogany mahogany allows PHP Local File Inclusion.This issue affects M... | 8.1 | HIGH | β | 0 |
| CVE-2025-69339 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla... | 8.1 | HIGH | β | 0 |
| CVE-2026-28084 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Bazinga bazinga allows PHP Local File Inclusion.This issue affects Baz... | 8.1 | HIGH | β | 0 |
| CVE-2026-28081 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Windsor windsor allows PHP Local File Inclusion.This issue affects Win... | 8.1 | HIGH | β | 0 |
| CVE-2026-22385 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects W... | 8.1 | HIGH | β | 0 |
| CVE-2025-13691 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. | 8.1 | HIGH | β | 0 |
| CVE-2026-28079 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Conquerors conquerors allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2026-22387 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | β | 0 |
| CVE-2026-28077 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Vapester vapester allows PHP Local File Inclusion.This issue affects V... | 8.1 | HIGH | β | 0 |
| CVE-2026-28048 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech FlashMart flashmart allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.