Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-30460 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | N/A | NONE | β | 0 |
| CVE-2026-1079 A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a web... | N/A | NONE | β | 0 |
| CVE-2026-1078 An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Ed... | N/A | NONE | β | 0 |
| CVE-2025-52908 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 v... | N/A | NONE | β | 0 |
| CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. | 5.7 | MEDIUM | β | 0 |
| CVE-2025-24818 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application. | 8.0 | HIGH | β | 0 |
| CVE-2025-24817 Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application. | 8.0 | HIGH | β | 0 |
| CVE-2024-36057 Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is... | N/A | NONE | β | 0 |
| CVE-2026-5384 An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, a... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-5383 An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated C... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-5382 An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimat... | 3.0 | LOW | β | 0 |
| CVE-2026-5381 An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of ... | 2.2 | LOW | β | 0 |
| CVE-2026-5380 An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Cred... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5379 An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and h... | 3.0 | LOW | β | 0 |
| CVE-2026-5378 An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an es... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-5376 An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expir... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-5375 An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an... | 2.7 | LOW | β | 0 |
| CVE-2026-5374 An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorizatio... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-5373 An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVS... | 8.1 | HIGH | β | 0 |
| CVE-2026-5372 An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements used in an... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4740 A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cl... | 8.2 | HIGH | β | 0 |
| CVE-2026-4292 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using `ModelAdmin.list_editable` incorrectly allowed new instances to be created via forg... | 2.7 | LOW | β | 0 |
| CVE-2026-4277 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInli... | N/A | NONE | β | 0 |
| CVE-2026-3902 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `ASGIRequest` allows a remote attacker to spoof headers by exploiting an ambiguous mapping of two header variants... | 7.5 | HIGH | β | 0 |
| CVE-2026-35485 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_grammar() allows reading any file on the ... | 7.5 | HIGH | β | 0 |
| CVE-2026-35484 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35483 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35481 Rejected reason: Further research determined the issue does not satisfy the assignment rules. | N/A | NONE | β | 0 |
| CVE-2026-35480 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on I... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-35464 pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMIN_ONLY_OPTIONS set to block non-admin users from modifying security-critical config options... | 7.5 | HIGH | β | 0 |
| CVE-2026-35463 pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconne... | 8.8 | HIGH | β | 0 |
| CVE-2026-35462 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key β r... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35461 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validat... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-35460 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. A... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35458 Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access t... | N/A | NONE | β | 0 |
| CVE-2026-35457 libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can re... | 8.2 | HIGH | β | 0 |
| CVE-2026-35405 libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A ma... | 7.5 | HIGH | β | 0 |
| CVE-2026-33034 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZ... | 7.5 | HIGH | β | 0 |
| CVE-2026-33033 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Tr... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-30079 In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComp... | N/A | NONE | β | 0 |
| CVE-2026-24660 A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can... | 8.1 | HIGH | β | 0 |
| CVE-2026-24450 An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker ... | 8.1 | HIGH | β | 0 |
| CVE-2026-21413 A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20911 A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer over... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20889 A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20884 An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can prov... | 8.1 | HIGH | β | 0 |
| CVE-2025-62818 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123... | N/A | NONE | β | 0 |
| CVE-2025-52909 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 v... | N/A | NONE | β | 0 |
| CVE-2026-5627 A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input... | N/A | NONE | β | 0 |
| CVE-2026-35554 A race condition in the Apache Kafka Java producer clientβs buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeou... | 8.7 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.