Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32955 SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | 8.8 | HIGH | β | 0 |
| CVE-2026-6597 A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow... | 2.7 | LOW | β | 0 |
| CVE-2026-6596 A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component A... | 7.3 | HIGH | β | 0 |
| CVE-2026-6595 A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of th... | 7.3 | HIGH | β | 0 |
| CVE-2026-6594 A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly con... | 7.3 | HIGH | β | 0 |
| CVE-2026-6593 A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cross... | 3.5 | LOW | β | 0 |
| CVE-2026-6592 A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation... | 3.5 | LOW | β | 0 |
| CVE-2026-6591 A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argume... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6590 A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6589 A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery.... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6588 A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API E... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6587 A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_mo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6586 A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoin... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6585 A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organi... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6584 A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoin... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6583 A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key M... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6582 A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector D... | 7.3 | HIGH | β | 0 |
| CVE-2026-6581 A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument pa... | 8.8 | HIGH | β | 0 |
| CVE-2026-6580 A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipul... | 7.3 | HIGH | β | 0 |
| CVE-2026-6579 A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing au... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6578 A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6577 A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-6576 A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Inte... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6574 A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6573 A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6572 A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUp... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6571 A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipula... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6570 A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argume... | 2.7 | LOW | β | 0 |
| CVE-2026-6569 A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of... | 7.3 | HIGH | β | 0 |
| CVE-2026-6568 A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Han... | 7.3 | HIGH | β | 0 |
| CVE-2026-6564 A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is p... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6563 A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to b... | 8.8 | HIGH | β | 0 |
| CVE-2026-6562 A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6561 A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6560 A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param le... | 8.8 | HIGH | β | 0 |
| CVE-2026-6559 A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0868 The EMC β Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6056 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-41242 protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-40948 The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An att... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2986 The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sa... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2505 The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rend... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-0894 The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to in... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-41254 Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-32690 Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store... | 3.7 | LOW | β | 0 |
| CVE-2026-32228 UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue. | 7.5 | HIGH | β | 0 |
| CVE-2026-30912 In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. ... | 7.5 | HIGH | β | 0 |
| CVE-2026-30898 An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow exe... | 8.8 | HIGH | β | 0 |
| CVE-2026-25917 Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tru... | 7.2 | HIGH | β | 0 |
| CVE-2026-41253 In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conducto... | 6.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.