Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-35617 OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by chan... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-34512 OpenClaw before 2026.3.25 contains an improper access control vulnerability in the HTTP /sessions/:sessionKey/kill route that allows any bearer-authenticated user to invoke admin-level session termina... | 8.1 | HIGH | β | 0 |
| CVE-2026-33797 An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establish... | 7.4 | HIGH | β | 0 |
| CVE-2026-33793 An Execution with Unnecessary Privileges vulnerabilityΒ in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thu... | 7.8 | HIGH | β | 0 |
| CVE-2026-33791 An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to injec... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-33790 An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pack... | 7.5 | HIGH | β | 0 |
| CVE-2026-33788 A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators (FPCs) of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low... | 7.8 | HIGH | β | 0 |
| CVE-2026-33787 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local atta... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33786 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33785 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a comp... | 8.8 | HIGH | β | 0 |
| CVE-2026-33784 A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control o... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33783 A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33782 A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33781 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated,... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33780 A Missing Release of Memory after Effective Lifetime vulnerability in theΒ Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to c... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33778 An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, ne... | 7.5 | HIGH | β | 0 |
| CVE-2026-33776 A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privile... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33775 A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthent... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33774 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33773 An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network-... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-33771 A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local acco... | 7.4 | HIGH | β | 0 |
| CVE-2026-21919 An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Deni... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21916 A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which wil... | 7.3 | HIGH | β | 0 |
| CVE-2026-21915 A Permissive List of Allowed Input vulnerability in the CLI of Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows a local, high privileged attacker to escalate their p... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-21904 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter fiel... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-59969 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series o... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13914 A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insuff... | 8.7 | HIGH | β | 0 |
| CVE-2026-5980 A flaw has been found in D-Link DIR-605L 2.13B01. Affected by this issue is the function formSetMACFilter of the file /goform/formSetMACFilter of the component POST Request Handler. This manipulation ... | 8.8 | HIGH | β | 0 |
| CVE-2026-5979 A vulnerability was detected in D-Link DIR-605L 2.13B01. Affected by this vulnerability is the function formVirtualServ of the file /goform/formVirtualServ of the component POST Request Handler. The m... | 8.8 | HIGH | β | 0 |
| CVE-2026-5978 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipul... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5977 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulati... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5447 Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the Auth... | N/A | NONE | β | 0 |
| CVE-2026-5446 In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-suppli... | N/A | NONE | β | 0 |
| CVE-2026-40109 Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not valid... | 3.1 | LOW | β | 0 |
| CVE-2026-40107 SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive Me... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-40093 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In 1.3.0 and earlier, block timestamp validation enforces that timestamp >= parent.timestamp for non-skip blocks and... | 8.1 | HIGH | β | 0 |
| CVE-2026-35206 Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's co... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-54364 Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter end... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54363 Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show,... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can cr... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers can... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54360 Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft mali... | 6.1 | MEDIUM | β | 0 |
| CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid'... | 8.2 | HIGH | β | 0 |
| CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. At... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-5976 A security flaw has been discovered in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipu... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5975 A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5974 A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The affected element is the function Bash.run in the library metagpt/tools/libs/terminal.py. This manipulation causes os command... | 7.3 | HIGH | β | 0 |
| CVE-2026-5973 A vulnerability was found in FoundationAgents MetaGPT up to 0.8.1. Impacted is the function get_mime_type of the file metagpt/utils/common.py. The manipulation results in os command injection. The att... | 7.3 | HIGH | β | 0 |
| CVE-2026-5972 A vulnerability has been found in FoundationAgents MetaGPT up to 0.8.1. This issue affects the function Terminal.run_command in the library metagpt/tools/libs/terminal.py. The manipulation leads to os... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.