Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-20078 Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacke... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-20061 A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20060 A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-20059 A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. Th... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-63029 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM... | 7.6 | HIGH | β | 0 |
| CVE-2025-15636 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Show... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-15635 Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15610 Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4. | N/A | NONE | β | 0 |
| CVE-2026-5387 The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operationsΒ intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privil... | N/A | NONE | β | 0 |
| CVE-2026-30625 Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. Al... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30624 Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration contain... | 8.6 | HIGH | β | 0 |
| CVE-2026-30617 LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management i... | 8.6 | HIGH | β | 0 |
| CVE-2026-30616 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, ... | 7.3 | HIGH | β | 0 |
| CVE-2026-30615 A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious ins... | 8.0 | HIGH | β | 0 |
| CVE-2026-30461 Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. | 8.3 | HIGH | β | 0 |
| CVE-2026-20205 In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users session... | 7.2 | HIGH | β | 0 |
| CVE-2026-20204 In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a ... | 7.1 | HIGH | β | 0 |
| CVE-2026-20203 In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20202 In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-67841 Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. | 7.5 | HIGH | β | 0 |
| CVE-2025-53444 Cross-Site Request Forgery (CSRF) vulnerability in DeluxeThemes Userpro userpro allows Cross Site Request Forgery.This issue affects Userpro: from n/a through < 5.1.11. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12141 In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions βalert.notifications:writeβ or βalert.notifications.receivers:testβ that are granted as part... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-4682 Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validate... | N/A | NONE | β | 0 |
| CVE-2026-4667 HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability. | N/A | NONE | β | 0 |
| CVE-2026-30364 CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. | 7.5 | HIGH | β | 0 |
| CVE-2024-53412 Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads... | 8.4 | HIGH | β | 0 |
| CVE-2026-4145 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated pr... | 7.8 | HIGH | β | 0 |
| CVE-2026-4135 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file wr... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-4134 During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated p... | 7.3 | HIGH | β | 0 |
| CVE-2026-25219 The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1636 A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges. | 6.7 | MEDIUM | β | 0 |
| CVE-2026-0827 During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardware... | 7.1 | HIGH | β | 0 |
| CVE-2026-3590 Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with ac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1852 The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40786 Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <= ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-40784 Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2026-40778 Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: f... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40764 Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.... | 8.1 | HIGH | β | 0 |
| CVE-2026-40763 Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40745 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This ... | 7.6 | HIGH | β | 0 |
| CVE-2026-40744 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue af... | 8.5 | HIGH | β | 0 |
| CVE-2026-40742 Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: fro... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40740 Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-40737 Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Imag... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-40730 Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGril... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-40729 Missing Authorization vulnerability in bPlugins 3D viewer β Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer β Embed 3D Mo... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-40728 Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a thr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33805 @fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This all... | N/A | NONE | β | 0 |
| CVE-2026-30778 The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recomm... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.