Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-35620 OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owne... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35619 OpenClaw before 2026.3.24 contains an authorization bypass vulnerability in the HTTP /v1/models endpoint that fails to enforce operator read scope requirements. Attackers with only operator.approvals ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35602 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip in... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35601 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV output generator builds iCalendar VTODO entries via raw string concatenation without applying RFC 5545 TEXT v... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-35600 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown spe... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35599 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the addRepeatIntervalToTime function uses an O(n) loop that advances a date by the task's RepeatAfter duration until it ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-35598 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CalDAV GetResource and GetResourcesByList methods fetch tasks by UID from the database without verifying that the au... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35597 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the TOTP failed-attempt lockout mechanism is non-functional due to a database transaction handling bug. When a TOTP vali... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-35596 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the hasAccessToLabel function contains a SQL operator precedence bug that allows any authenticated user to read any labe... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35595 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/project_permissions.go:139-148 only requires CanWrite on the new parent project when c... | 8.3 | HIGH | β | 0 |
| CVE-2026-22560 An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | N/A | NONE | β | 0 |
| CVE-2026-40228 In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | 2.9 | LOW | β | 0 |
| CVE-2026-40227 In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | 6.4 | MEDIUM | β | 0 |
| CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | 6.4 | MEDIUM | β | 0 |
| CVE-2026-40224 In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. | 6.7 | MEDIUM | β | 0 |
| CVE-2026-40223 In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running. | 4.7 | MEDIUM | β | 0 |
| CVE-2026-40023 Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specificat... | N/A | NONE | β | 0 |
| CVE-2026-40021 Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.... | N/A | NONE | β | 0 |
| CVE-2026-35594 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication (GetLinkShareFromClaims in pkg/models/link_sharing.go) constructs authorization obje... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34727 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authenti... | 7.4 | HIGH | β | 0 |
| CVE-2026-34481 Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain ... | N/A | NONE | β | 0 |
| CVE-2026-34480 Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 speci... | N/A | NONE | β | 0 |
| CVE-2026-34479 The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to rejec... | N/A | NONE | β | 0 |
| CVE-2026-34478 Apache Log4j Core's Rfc5424Layout https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout , in versions 2.21.0 through 2.25.3, is vulnerable to log injection via CRLF sequences due to ... | N/A | NONE | β | 0 |
| CVE-2026-34477 The fix for CVE-2025-68161 https://logging.apache.org/security.html#CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName https://logg... | N/A | NONE | β | 0 |
| CVE-2026-29043 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-29002 CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation reques... | 7.2 | HIGH | β | 0 |
| CVE-2026-23781 An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentia... | N/A | NONE | β | 0 |
| CVE-2026-36236 SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. | N/A | NONE | β | 0 |
| CVE-2026-36235 A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly em... | N/A | NONE | β | 0 |
| CVE-2026-36234 itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. | N/A | NONE | β | 0 |
| CVE-2026-36233 A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious... | N/A | NONE | β | 0 |
| CVE-2026-36232 A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['c... | N/A | NONE | β | 0 |
| CVE-2026-31262 Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter | N/A | NONE | β | 0 |
| CVE-2026-29861 PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php. | N/A | NONE | β | 0 |
| CVE-2026-23782 An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With th... | N/A | NONE | β | 0 |
| CVE-2026-23780 An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to i... | N/A | NONE | β | 0 |
| CVE-2025-44560 owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. | N/A | NONE | β | 0 |
| CVE-2026-6069 NASMβs disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | 7.5 | HIGH | β | 0 |
| CVE-2026-6068 NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6067 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a... | 7.5 | HIGH | β | 0 |
| CVE-2026-40217 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | 8.8 | HIGH | β | 0 |
| CVE-2026-33092 Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before ... | N/A | NONE | β | 0 |
| CVE-2025-5804 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects ... | 7.5 | HIGH | β | 0 |
| CVE-2025-58920 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18. | 7.1 | HIGH | β | 0 |
| CVE-2025-58913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoP... | 8.1 | HIGH | β | 0 |
| CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical JujuΒ 4.0.5,Β 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or poss... | N/A | NONE | β | 0 |
| CVE-2026-5412 In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bo... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-5777 This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticat... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.