Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-1516 GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authentica... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-30867 CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a comprom... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-34855 Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-34854 UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-21742 A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 ... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-7020 A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manip... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7306 A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenA... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-34867 Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability. | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7113 A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The mani... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5245 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the arg... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-40190 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6011 A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7112 A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5246 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manip... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7018 A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/c... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6578 A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6572 A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUp... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7292 A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorizatio... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7141 A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipula... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6878 A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-35363 A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fai... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5673 A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local atta... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-40602 The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instea... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5618 A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results i... | 5.6 | MEDIUM | β | 0 |
| CVE-2018-25287 Drive Power Manager 1.10 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31518 In the Linux kernel, the following vulnerability has been resolved: esp: fix skb leak with espintcp and async crypto When the TX queue for espintcp is full, esp_output_tail_tcp will return an error ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31517 In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly In iptfs_reassem_cont(), IP-TFS attempts to append data to th... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33902 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX express... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31503 In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udp_sock to a local address and port, UDP uses two hashes (u... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap fi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31487 In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is ca... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6844 A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable F... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6843 A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application a... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33776 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privile... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-27286 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to discl... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-27285 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerabi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31547 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_run... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31551 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_wri... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31564 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register base... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31574 In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed t... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31577 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is ini... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31591 In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31643 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error p... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31651 In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31654 In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __mmap_region() commit 605f6586ecf7 ("mm/vma: do not leak memory when .mmap_prepare swaps the file") ha... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23404 In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested p... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6245 A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Bec... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-34933 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a s... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20161 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected devic... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-29043 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull ... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.