Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6649 A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serve... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6369 An improper access control vulnerability in the canonical-livepatch snap client prior to versionΒ 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by send... | N/A | NONE | β | 0 |
| CVE-2026-5760 SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster applianc... | 8.4 | HIGH | β | 0 |
| CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with βVS Administrationβ permissions to execute arbitrary commands on the Load... | 8.4 | HIGH | β | 0 |
| CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with βAllβ permissions to execute arbitrary commands on the LoadMaster applian... | 8.4 | HIGH | β | 0 |
| CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with βGeo Administrationβ permissions to execute arbitrary commands on the Loa... | 8.4 | HIGH | β | 0 |
| CVE-2026-33558 Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By defaul... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33557 A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` isΒ set to `org.apache.kafka.common.security.oauthbearer.D... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-66335 Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intend... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6648 A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scriptin... | 3.5 | LOW | β | 0 |
| CVE-2026-6636 A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulatio... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6635 A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. S... | 7.3 | HIGH | β | 0 |
| CVE-2026-6634 A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6633 A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exten... | 3.5 | LOW | β | 0 |
| CVE-2026-5958 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to ... | N/A | NONE | β | 0 |
| CVE-2026-6654 Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | 5.1 | MEDIUM | β | 0 |
| CVE-2026-6632 A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulation... | 8.8 | HIGH | β | 0 |
| CVE-2026-6631 A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipula... | 8.8 | HIGH | β | 0 |
| CVE-2026-6630 A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the... | 8.8 | HIGH | β | 0 |
| CVE-2026-6629 A vulnerability has been found in Metasoft ηΎηΉθ½―δ»Ά MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-6628 A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argumen... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6626 A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in impr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6625 A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/j... | 7.3 | HIGH | β | 0 |
| CVE-2026-6624 A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipulat... | 2.4 | LOW | β | 0 |
| CVE-2026-6623 A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Per... | 2.4 | LOW | β | 0 |
| CVE-2026-6622 A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulatio... | 2.4 | LOW | β | 0 |
| CVE-2026-31430 In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty ... | N/A | NONE | β | 0 |
| CVE-2026-31429 In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 val... | N/A | NONE | β | 0 |
| CVE-2025-13480 Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive informat... | N/A | NONE | β | 0 |
| CVE-2026-6621 A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly contr... | 7.3 | HIGH | β | 0 |
| CVE-2026-6620 A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6619 A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview... | 3.5 | LOW | β | 0 |
| CVE-2026-6618 A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolS... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5967 ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges... | 8.8 | HIGH | β | 0 |
| CVE-2026-39454 SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place... | N/A | NONE | β | 0 |
| CVE-2026-6617 A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6616 A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpage... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6615 A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Uploa... | 7.3 | HIGH | β | 0 |
| CVE-2026-5966 ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the... | 8.1 | HIGH | β | 0 |
| CVE-2026-5964 EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5963 EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41282 ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | 4.0 | MEDIUM | β | 0 |
| CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary cod... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-6643 A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to th... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-6614 A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superag... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6613 A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipul... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6612 A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6611 A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation... | 3.1 | LOW | β | 0 |
| CVE-2024-7083 The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks ... | 3.5 | LOW | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.