Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-40186 ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40176 Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shel... | 7.8 | HIGH | β | 0 |
| CVE-2026-40173 Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-22676 Barracuda RMM versions prior toΒ 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the... | 7.8 | HIGH | β | 0 |
| CVE-2026-6385 A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6384 A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a speci... | 7.3 | HIGH | β | 0 |
| CVE-2026-6364 Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security sev... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6363 Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | HIGH | β | 0 |
| CVE-2026-6362 Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: Hi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6361 Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a s... | 8.3 | HIGH | β | 0 |
| CVE-2026-6360 Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6359 Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML... | 8.8 | HIGH | β | 0 |
| CVE-2026-6358 Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critica... | 8.8 | HIGH | β | 0 |
| CVE-2026-6319 Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted ... | 7.5 | HIGH | β | 0 |
| CVE-2026-6318 Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | HIGH | β | 0 |
| CVE-2026-6317 Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6316 Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6315 Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craft... | 8.8 | HIGH | β | 0 |
| CVE-2026-6314 Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chro... | 8.3 | HIGH | β | 0 |
| CVE-2026-6313 Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (... | 3.1 | LOW | β | 0 |
| CVE-2026-6312 Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML pa... | 3.1 | LOW | β | 0 |
| CVE-2026-6311 Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a ... | 8.3 | HIGH | β | 0 |
| CVE-2026-6310 Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr... | 8.3 | HIGH | β | 0 |
| CVE-2026-6309 Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro... | 8.3 | HIGH | β | 0 |
| CVE-2026-6308 Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.... | 7.5 | HIGH | β | 0 |
| CVE-2026-6307 Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6306 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6305 Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6304 Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. ... | 8.3 | HIGH | β | 0 |
| CVE-2026-6303 Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6302 Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6301 Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6300 Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-6299 Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | HIGH | β | 0 |
| CVE-2026-6298 Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6297 Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit... | 8.3 | HIGH | β | 0 |
| CVE-2026-6296 Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | 9.6 | CRITICAL | β | 0 |
| CVE-2026-40919 A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40918 A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-boun... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-40917 A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious I... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40916 A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM ... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-40915 A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-b... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39857 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, w... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35569 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description),... | 8.7 | HIGH | β | 0 |
| CVE-2026-33889 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color v... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33888 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type m... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33877 ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a timing side-channel vulnerability in the password reset endpoint (/api/v1/@apostrophecms/login/re... | 3.7 | LOW | β | 0 |
| CVE-2026-21727 --- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion" ... | 3.3 | LOW | β | 0 |
| CVE-2026-21726 The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/r... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-41118 Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent C... | 9.1 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.