Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-41113 sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | 8.1 | HIGH | — | 0 |
| CVE-2026-40308 My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments... | N/A | NONE | — | 0 |
| CVE-2026-40249 free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/poli... | N/A | NONE | — | 0 |
| CVE-2026-40248 free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether the... | N/A | NONE | — | 0 |
| CVE-2026-40247 free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId ... | N/A | NONE | — | 0 |
| CVE-2026-40246 free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId... | N/A | NONE | — | 0 |
| CVE-2026-40170 ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf... | 7.5 | HIGH | — | 0 |
| CVE-2026-39313 mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks into... | N/A | NONE | — | 0 |
| CVE-2026-35469 spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocati... | N/A | NONE | — | 0 |
| CVE-2026-34164 Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox ... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-33472 Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass th... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-40901 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerTr... | N/A | NONE | — | 0 |
| CVE-2026-40900 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplied... | N/A | NONE | — | 0 |
| CVE-2026-40899 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysq... | N/A | NONE | — | 0 |
| CVE-2026-33207 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql m... | N/A | NONE | — | 0 |
| CVE-2026-33122 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition... | N/A | NONE | — | 0 |
| CVE-2025-54502 Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resultin... | N/A | NONE | — | 0 |
| CVE-2026-6442 Improper validation of bash commands in Snowflake Cortex Code CLI versions prior to 1.0.25 allowed subsequent commands to execute outside the sandbox. An attacker could exploit this by embedding speci... | 8.3 | HIGH | — | 0 |
| CVE-2026-33121 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from ... | N/A | NONE | — | 0 |
| CVE-2026-33084 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj end... | N/A | NONE | — | 0 |
| CVE-2025-54510 A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potent... | N/A | NONE | — | 0 |
| CVE-2025-43937 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit thi... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-43935 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerab... | 4.4 | MEDIUM | — | 0 |
| CVE-2023-20585 Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in ... | N/A | NONE | — | 0 |
| CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | 7.3 | HIGH | — | 0 |
| CVE-2026-33083 DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints... | N/A | NONE | — | 0 |
| CVE-2026-33082 DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST ... | N/A | NONE | — | 0 |
| CVE-2026-2336 A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a ... | N/A | NONE | — | 0 |
| CVE-2026-27820 zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zs... | N/A | NONE | — | 0 |
| CVE-2026-24749 The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile:... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-43883 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially exploi... | 4.1 | MEDIUM | — | 0 |
| CVE-2026-41080 libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | 2.9 | LOW | — | 0 |
| CVE-2025-36579 Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leadin... | 5.1 | MEDIUM | — | 0 |
| CVE-2026-5426 Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote... | N/A | NONE | — | 0 |
| CVE-2026-37100 An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range... | N/A | NONE | — | 0 |
| CVE-2026-6409 A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep... | N/A | NONE | — | 0 |
| CVE-2026-3324 Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. | 8.2 | HIGH | — | 0 |
| CVE-2026-37347 SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-37346 SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-37345 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-37344 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php. | N/A | NONE | — | 0 |
| CVE-2026-37343 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php. | N/A | NONE | — | 0 |
| CVE-2026-37342 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php. | N/A | NONE | — | 0 |
| CVE-2026-37341 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php. | N/A | NONE | — | 0 |
| CVE-2026-37340 SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. | N/A | NONE | — | 0 |
| CVE-2026-37339 SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. | N/A | NONE | — | 0 |
| CVE-2026-37338 SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php. | 9.4 | CRITICAL | — | 0 |
| CVE-2026-37337 SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php. | 7.3 | HIGH | — | 0 |
| CVE-2026-37336 SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php. | 7.3 | HIGH | — | 0 |
| CVE-2026-33804 @fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not account... | 7.4 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.