Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5718 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type v... | 8.1 | HIGH | β | 0 |
| CVE-2026-5710 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to th... | 7.5 | HIGH | β | 0 |
| CVE-2026-40320 Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silently... | N/A | NONE | β | 0 |
| CVE-2026-40319 Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() with... | N/A | NONE | β | 0 |
| CVE-2025-65104 Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher ser... | 7.9 | HIGH | β | 0 |
| CVE-2026-40518 ByteDance DeerFlow before commitΒ 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers... | 7.1 | HIGH | β | 0 |
| CVE-2026-40516 OpenHarness before commitΒ bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by mani... | 8.3 | HIGH | β | 0 |
| CVE-2026-40515 OpenHarness before commitΒ bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attack... | 7.5 | HIGH | β | 0 |
| CVE-2026-3464 The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and inclu... | 8.8 | HIGH | β | 0 |
| CVE-2026-21733 Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling... | 7.3 | HIGH | β | 0 |
| CVE-2026-6497 A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compone... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6284 An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiters... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-21709 A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement. | N/A | NONE | β | 0 |
| CVE-2026-6496 A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argume... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6493 A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component ... | 3.5 | LOW | β | 0 |
| CVE-2026-41153 In JetBrains Junie before 252.549.29 command execution was possible via malicious project file | 5.8 | MEDIUM | β | 0 |
| CVE-2026-37749 A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6492 A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed of... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6491 A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6490 A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramete... | 7.3 | HIGH | β | 0 |
| CVE-2026-40459 PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP q... | N/A | NONE | β | 0 |
| CVE-2026-40458 PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site reque... | N/A | NONE | β | 0 |
| CVE-2026-31317 Craftql v1.3.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the vendor/markhuot/craftql/src/Listeners/GetAssetsFieldSchema.php ... | N/A | NONE | β | 0 |
| CVE-2025-70795 STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party imple... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6507 A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configu... | 7.5 | HIGH | β | 0 |
| CVE-2026-6489 A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backgr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6488 A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Pa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6487 A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pat... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6486 A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manipu... | 3.5 | LOW | β | 0 |
| CVE-2026-28263 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-23777 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-46641 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with re... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-46607 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with re... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-46606 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. ... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-46605 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote acc... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-6483 A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. I... | 7.2 | HIGH | β | 0 |
| CVE-2026-5131 GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to... | N/A | NONE | β | 0 |
| CVE-2026-35153 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizati... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-35074 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizati... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-35073 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizati... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-35072 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizati... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-23779 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-23776 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 7.2 | HIGH | β | 0 |
| CVE-2026-6494 A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6439 The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-23778 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 7.2 | HIGH | β | 0 |
| CVE-2026-23775 Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion of... | 7.6 | HIGH | β | 0 |
| CVE-2025-36568 Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50,... | 7.8 | HIGH | β | 0 |
| CVE-2025-15625 Unauthenticated user is able toΒ execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. | N/A | NONE | β | 0 |
| CVE-2025-15624 Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.Β In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, Pr... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.