Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-31262 Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter | 6.1 | MEDIUM | β | 0 |
| CVE-2026-29861 PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23782 An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. An API management endpoint allows unauthenticated users to obtain both an API identifier and its corresponding secret value. With th... | 7.5 | HIGH | β | 0 |
| CVE-2026-23780 An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to i... | 8.8 | HIGH | β | 0 |
| CVE-2025-44560 owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6069 NASMβs disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | 7.5 | HIGH | β | 0 |
| CVE-2026-6068 NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6067 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-40217 LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/test_custom_code URI. | 8.8 | HIGH | β | 0 |
| CVE-2026-33092 Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before ... | N/A | NONE | β | 0 |
| CVE-2025-5804 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.Thi... | 7.5 | HIGH | β | 0 |
| CVE-2025-58920 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato cerato allows Reflected XSS.This issue affects Cerato: from n/a through <= 2.2.... | 7.1 | HIGH | β | 0 |
| CVE-2025-58913 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro videopro allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | β | 0 |
| CVE-2026-5774 Improper synchronization of the userTokens map in the API server in Canonical JujuΒ 4.0.5,Β 3.6.20, and 2.9.56 may allow an authenticated user to possibly cause a denial of service on the server or poss... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-5412 In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bo... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-5777 This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticat... | N/A | NONE | β | 0 |
| CVE-2026-39304 Denial of Service via Out of Memory vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ. ActiveMQ NIO SSL transports do not correctly handle TLSv1.3 handshake KeyUpdates ... | 7.5 | HIGH | β | 0 |
| CVE-2026-31412 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()`... | N/A | NONE | β | 0 |
| CVE-2026-6057 FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4162 The Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.1.4. This is due to the plugin not properly verifying that a user is authorized to perf... | 7.1 | HIGH | β | 0 |
| CVE-2021-47961 A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead t... | 8.1 | HIGH | β | 0 |
| CVE-2021-47960 A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local H... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6042 A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results i... | 3.3 | LOW | β | 0 |
| CVE-2026-6038 A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2026-6037 A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRA... | 7.3 | HIGH | β | 0 |
| CVE-2026-6036 A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2026-33457 Livestatus injection in the prediction graph page in Checkmk <2.5.0b4, <2.4.0p26, and <2.3.0p47 allows an authenticated user to inject arbitrary Livestatus commands via a crafted service name paramete... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33456 Livestatus injection in the notification test mode in Checkmk <2.5.0b4 and <2.4.0p26 allows an authenticated user with access to the notification test page to inject arbitrary Livestatus commands via ... | 7.6 | HIGH | β | 0 |
| CVE-2026-33455 Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in sea... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6035 A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipul... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6034 A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the ar... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6033 A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fnam... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6032 A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6031 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category lead... | 7.3 | HIGH | β | 0 |
| CVE-2026-5525 A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trail... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-40212 OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where a... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-22750 When configuring SSL bundles in Spring Cloud Gateway by using the configuration propertyΒ spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. N... | 7.5 | HIGH | β | 0 |
| CVE-2026-6030 A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6029 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6028 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6027 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This issue affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a ma... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6026 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setPortalConfWeChat of the file /cgi-bin/cstecgi.cgi of the component CGI Handler.... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4432 The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function o... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28704 Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck. | N/A | NONE | β | 0 |
| CVE-2026-1115 A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` fu... | N/A | NONE | β | 0 |
| CVE-2025-14545 The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-6025 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6024 A vulnerability was determined in Tenda i6 1.0.0.7(2204). Affected by this issue is the function R7WebsSecurityHandlerfunction of the component HTTP Handler. This manipulation causes path traversal. I... | 7.3 | HIGH | β | 0 |
| CVE-2026-6016 A vulnerability was found in Tenda AC9 15.03.02.13. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Performing a manipulation of ... | 8.8 | HIGH | β | 0 |
| CVE-2026-6015 A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.