Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-3689 OpenClaw Canvas Path Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenClaw. Authentication ... | N/A | NONE | β | 0 |
| CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-40198 Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() does not check that uncompressed IPv6 addresses (without ::) have exactly... | 7.5 | HIGH | β | 0 |
| CVE-2026-33119 User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5724 The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When aΒ ClaimMapperΒ andΒ AuthorizerΒ are configured, unary RPCs enforce authentication and authorizat... | N/A | NONE | β | 0 |
| CVE-2026-40252 FastGPT is an AI Agent building platform. Prior to 4.14.10.4, Broken Access Control vulnerability (IDOR/BOLA) allows any authenticated team to access and execute applications belonging to other teams ... | 8.1 | HIGH | β | 0 |
| CVE-2026-40242 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-s... | 7.2 | HIGH | β | 0 |
| CVE-2026-40194 phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the ... | 3.7 | LOW | β | 0 |
| CVE-2026-40191 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the sourc... | N/A | NONE | β | 0 |
| CVE-2026-40190 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-40189 goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enforc... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-40188 goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the ... | 7.7 | HIGH | β | 0 |
| CVE-2026-40185 TREK is a collaborative travel planner. Prior to 2.7.2, TREK was missing authorization checks on the Immich trip photo management routes. This vulnerability is fixed in 2.7.2. | 7.1 | HIGH | β | 0 |
| CVE-2026-40184 TREK is a collaborative travel planner. Prior to 2.7.2, TREK served uploaded photos without requiring authentication. This vulnerability is fixed in 2.7.2. | 3.7 | LOW | β | 0 |
| CVE-2026-40180 Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip() method in ApicurioCodegenWrapper.java extracts ... | N/A | NONE | β | 0 |
| CVE-2026-40178 ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an u... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-40177 ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerabili... | 7.5 | HIGH | β | 0 |
| CVE-2026-40175 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any ... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-40168 Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct pr... | 8.2 | HIGH | β | 0 |
| CVE-2026-39922 GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attacke... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-39921 GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outboun... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32252 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew i... | 7.7 | HIGH | β | 0 |
| CVE-2026-30232 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data c... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-3446 When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can... | N/A | NONE | β | 0 |
| CVE-2026-33737 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be r... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33736 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles)... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33710 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always ret... | 7.5 | HIGH | β | 0 |
| CVE-2026-33708 Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33707 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no r... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-33706 Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (statu... | 7.1 | HIGH | β | 0 |
| CVE-2026-33705 Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These temp... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33704 Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parame... | 7.1 | HIGH | β | 0 |
| CVE-2026-33703 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticat... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33702 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoin... | 7.1 | HIGH | β | 0 |
| CVE-2026-33698 Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify e... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33618 Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An att... | 8.8 | HIGH | β | 0 |
| CVE-2026-27460 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functiona... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-5483 A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account t... | 8.5 | HIGH | β | 0 |
| CVE-2026-40163 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to cre... | 8.2 | HIGH | β | 0 |
| CVE-2026-40162 Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authenticati... | 7.1 | HIGH | β | 0 |
| CVE-2026-33141 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-p... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32932 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrat... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-32931 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload ... | 7.5 | HIGH | β | 0 |
| CVE-2026-32930 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page allows any authenticated te... | 7.1 | HIGH | β | 0 |
| CVE-2026-32894 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teache... | 7.1 | HIGH | β | 0 |
| CVE-2026-32893 Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-32892 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.li... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-31941 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_... | 7.7 | HIGH | β | 0 |
| CVE-2026-31940 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading gl... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.