Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-34783 Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to write... | 8.1 | HIGH | β | 0 |
| CVE-2026-31313 An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-5704 A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-5666 A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler.... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5665 A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-34982 Vim is an open source, command line text editor. Prior to version 9.2.0276, a modeline sandbox bypass in Vim allows arbitrary OS command execution when a user opens a crafted file. The `complete`, `gu... | 8.2 | HIGH | β | 0 |
| CVE-2026-34969 Nhost is an open source Firebase alternative with GraphQL. Prior to 0.48.0, the auth service's OAuth provider callback flow places the refresh token directly into the redirect URL as a query parameter... | 7.5 | HIGH | β | 0 |
| CVE-2026-34951 Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripti... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34950 fast-jwt provides fast JSON Web Token (JWT) implementation. In 6.1.0 and earlier, the publicKeyPemMatcher regex in fast-jwt/src/crypto.js uses a ^ anchor that is defeated by any leading whitespace in ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34940 KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Spr... | 8.7 | HIGH | β | 0 |
| CVE-2026-34764 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscree... | 2.3 | LOW | β | 0 |
| CVE-2026-34756 vLLM is an inference and serving engine for large language models (LLMs). From 0.1.0 to before 0.19.0, a Denial of Service vulnerability exists in the vLLM OpenAI-compatible API server. Due to the lac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34755 vLLM is an inference and serving engine for large language models (LLMs). From 0.7.0 to before 0.19.0, the VideoMediaIO.load_base64() method at vllm/multimodal/media/video.py splits video/jpeg data UR... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34753 vLLM is an inference and serving engine for large language models (LLMs). From 0.16.0 to before 0.19.0, a server-side request forgery (SSRF) vulnerability in download_bytes_from_url allows any actor w... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-34589 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA l... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-34588 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_... | 7.8 | HIGH | β | 0 |
| CVE-2026-34444 Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and s... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-34402 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-3933... | N/A | NONE | β | 0 |
| CVE-2026-34380 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed ... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-34379 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misalig... | 7.1 | HIGH | β | 0 |
| CVE-2026-34378 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34217 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interp... | 7.2 | HIGH | β | 0 |
| CVE-2026-34211 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker c... | 7.5 | HIGH | β | 0 |
| CVE-2026-34208 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, SandboxJS blocks direct assignment to global objects (for example Math.random = ...), but this protection can be bypassed through an expo... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-34148 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote docu... | 7.5 | HIGH | β | 0 |
| CVE-2026-33752 curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this... | 8.6 | HIGH | β | 0 |
| CVE-2026-33727 Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privileg... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders d... | 3.1 | LOW | β | 0 |
| CVE-2026-31354 Multiple authenticated stored cross-site scripting (XSS) vulnerabilities in the Permissions module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-31353 An authenticated stored cross-site scripting (XSS) vulnerability in the Category module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload in... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-31352 An authenticated stored cross-site scripting (XSS) vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pay... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-31351 An authenticated stored cross-site scripting (XSS) vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-31350 An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parame... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-21382 Memory Corruption when handling power management requests with improperly sized input/output buffers. | 7.8 | HIGH | β | 0 |
| CVE-2026-21381 Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | 7.6 | HIGH | β | 0 |
| CVE-2026-21380 Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory. | 7.8 | HIGH | β | 0 |
| CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | β | 0 |
| CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | β | 0 |
| CVE-2026-21375 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | β | 0 |
| CVE-2026-21374 Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | 7.8 | HIGH | β | 0 |
| CVE-2026-21373 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | β | 0 |
| CVE-2026-21372 Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | 7.8 | HIGH | β | 0 |
| CVE-2026-21371 Memory Corruption when retrieving output buffer with insufficient size validation. | 7.8 | HIGH | β | 0 |
| CVE-2026-21367 Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | 7.6 | HIGH | β | 0 |
| CVE-2025-47400 Cryptographic issue while copying data to a destination buffer without validating its size. | 7.1 | HIGH | β | 0 |
| CVE-2025-47392 Memory corruption when decoding corrupted satellite data files with invalid signature offsets. | 8.8 | HIGH | β | 0 |
| CVE-2025-47391 Memory corruption while processing a frame request from user. | 7.8 | HIGH | β | 0 |
| CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver. | 7.8 | HIGH | β | 0 |
| CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | 7.8 | HIGH | β | 0 |
| CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.