Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-33989 Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot`... | 8.1 | HIGH | β | 0 |
| CVE-2026-28014 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Translogic translogic allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | β | 0 |
| CVE-2026-22428 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | β | 0 |
| CVE-2026-28055 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX M.Williamson williamson allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | β | 0 |
| CVE-2026-28054 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | β | 0 |
| CVE-2025-69400 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yokoo yokoo allows PHP Local File Inclusion.This issue affects Yokoo: ... | 8.1 | HIGH | β | 0 |
| CVE-2025-57709 A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We h... | 8.1 | HIGH | β | 0 |
| CVE-2026-28090 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Gamezone gamezone allows PHP Local File Inclusion.This issue affects G... | 8.1 | HIGH | β | 0 |
| CVE-2026-22362 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-28458 OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp WebSocket endpoint in which it does not require authentication... | 8.1 | HIGH | β | 0 |
| CVE-2026-22372 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Isida isida allows PHP Local File Inclusion.This issue affects Isi... | 8.1 | HIGH | β | 0 |
| CVE-2026-28089 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Daiquiri daiquiri allows PHP Local File Inclusion.This issue affects D... | 8.1 | HIGH | β | 0 |
| CVE-2026-28447 OpenClaw versions 2026.1.29-beta.1 prior to 2026.2.1 contain a path traversal vulnerability in plugin installation that allows malicious plugin package names to escape the extensions directory. Attack... | 8.1 | HIGH | β | 0 |
| CVE-2026-28272 Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a confi... | 8.1 | HIGH | β | 0 |
| CVE-2026-22435 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes ElectroServ electroserv allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | β | 0 |
| CVE-2026-22368 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Redy redy allows PHP Local File Inclusion.This issue affects Redy: ... | 8.1 | HIGH | β | 0 |
| CVE-2026-22381 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends a... | 8.1 | HIGH | β | 0 |
| CVE-2026-26741 PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing a... | 8.1 | HIGH | β | 0 |
| CVE-2026-28088 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aqualots aqualots allows PHP Local File Inclusion.This issue affects A... | 8.1 | HIGH | β | 0 |
| CVE-2026-34774 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child ... | 8.1 | HIGH | β | 0 |
| CVE-2026-27192 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing att... | 8.1 | HIGH | β | 0 |
| CVE-2026-27334 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in dan_fisher Alchemists alchemists allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | β | 0 |
| CVE-2025-59541 Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victimβs consent.... | 8.1 | HIGH | β | 0 |
| CVE-2025-70614 OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to ... | 8.1 | HIGH | β | 0 |
| CVE-2026-28087 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Filmax filmax allows PHP Local File Inclusion.This issue affects Filma... | 8.1 | HIGH | β | 0 |
| CVE-2025-69090 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ovatheme Remons remons allows PHP Local File Inclusion.This issue affects Remon... | 8.1 | HIGH | β | 0 |
| CVE-2026-20002 A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnera... | 8.1 | HIGH | β | 0 |
| CVE-2025-69339 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Molla molla allows PHP Local File Inclusion.This issue affects Molla... | 8.1 | HIGH | β | 0 |
| CVE-2026-28058 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: ... | 8.1 | HIGH | β | 0 |
| CVE-2026-28057 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allows PHP Local File Inclusion.This issue affects Man... | 8.1 | HIGH | β | 0 |
| CVE-2025-30269 A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secre... | 8.1 | HIGH | β | 0 |
| CVE-2026-22385 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects W... | 8.1 | HIGH | β | 0 |
| CVE-2026-28053 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue aff... | 8.1 | HIGH | β | 0 |
| CVE-2026-40883 goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an... | 8.1 | HIGH | β | 0 |
| CVE-2026-28052 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2026-22387 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | β | 0 |
| CVE-2025-13691 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. | 8.1 | HIGH | β | 0 |
| CVE-2026-22442 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LaunchandSell Tribe tribe allows PHP Local File Inclusion.This issue affects Tr... | 8.1 | HIGH | β | 0 |
| CVE-2025-68536 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from... | 8.1 | HIGH | β | 0 |
| CVE-2026-28051 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue a... | 8.1 | HIGH | β | 0 |
| CVE-2025-65128 A missing authentication mechanism in the web management API components of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows unauthenticated attackers on the local network to modify router and... | 8.1 | HIGH | β | 0 |
| CVE-2026-22443 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Alliance alliance allows PHP Local File Inclusion.This issue affects A... | 8.1 | HIGH | β | 0 |
| CVE-2026-22412 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona... | 8.1 | HIGH | β | 0 |
| CVE-2026-30851 Caddy is an extensible server platform that uses TLS by default. From version 2.10.0 to before version 2.11.2, forward_auth copy_headers does not strip client-supplied headers, allowing identity injec... | 8.1 | HIGH | β | 0 |
| CVE-2026-22446 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Prowess prowess allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-26417 A broken access control vulnerability in the password reset functionality of Tata Consultancy Services Cognix Recon Client v3.0 allows authenticated users to reset passwords of arbitrary user accounts... | 8.1 | HIGH | β | 0 |
| CVE-2026-29091 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote code execution (RCE) flaw was discovered in the locutus project, specific... | 8.1 | HIGH | β | 0 |
| CVE-2025-69410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2026-28050 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Beacon beacon allows PHP Local File Inclusion.This issue affects Beaco... | 8.1 | HIGH | β | 0 |
| CVE-2026-2564 A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak p... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.