Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-2942 The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and includi... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27806 Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it... | 7.8 | HIGH | β | 0 |
| CVE-2026-20709 Use of Default Cryptographic Key in the hardware for some Intel(R) Pentium(R) Processor Silver Series, Intel(R) Celeron(R) Processor J Series, Intel(R) Celeron(R) Processor N Series may allow an escal... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-0814 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in all versions up to, and ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0811 The Advanced Contact form 7 DB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-50673 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the http_lanport parameter in the /webgl.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50672 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /yyxz_dlink.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50671 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_ref.asp endpoint. An attacker can exploit this vulnerability by sending a crafte... | 7.5 | HIGH | β | 0 |
| CVE-2025-50670 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /xwgl_bwr.asp endpoint. An attacker can exploit this vulnerability by sending a crafte... | 7.5 | HIGH | β | 0 |
| CVE-2025-50669 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 and DI-8003G 19.12.10A1 due to improper handling of the wan_ping parameter in the /wan_ping.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50668 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the s parameter in the /web_list_opt.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50667 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the iface parameter in the /wan_line_detection.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50666 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | β | 0 |
| CVE-2025-50665 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | β | 0 |
| CVE-2025-50664 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a cra... | 7.5 | HIGH | β | 0 |
| CVE-2025-50663 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50662 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50661 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending... | 7.5 | HIGH | β | 0 |
| CVE-2025-50660 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50659 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50657 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50655 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50654 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50653 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50652 An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50650 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50649 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50648 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50647 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50646 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-50645 A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted reque... | 7.5 | HIGH | β | 0 |
| CVE-2025-50644 A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint. | 7.5 | HIGH | β | 0 |
| CVE-2025-30650 AΒ Missing Authentication for Critical Function vulnerability in command processing of Juniper Networks Junos OS allows a privileged local attacker to gain access to Linux-based line cards as root. Th... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-33756 Saleor is an e-commerce platform. From 2.0.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, Saleor supports query batching by submitting multiple GraphQL operations in a single HTTP request as a ... | 7.5 | HIGH | β | 0 |
| CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The arc... | 8.1 | HIGH | β | 0 |
| CVE-2026-33459 Uncontrolled Resource Consumption (CWE-400) in Kibana can lead to denial of service via Excessive Allocation (CAPEC-130). An authenticated user with access to the automatic import feature can submit s... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33458 Server-Side Request Forgery (CWE-918) in Kibana One Workflow can lead to information disclosure. An authenticated user with workflow creation and execution privileges can bypass host allowlist restric... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32591 A flaw was found in Red Hat Quay's Proxy Cache configuration feature. When an organization administrator configures an upstream registry for proxy caching, Quay makes a network connection to the speci... | 5.2 | MEDIUM | β | 0 |
| CVE-2026-32590 A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow a... | 7.1 | HIGH | β | 0 |
| CVE-2026-32589 A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users,... | 7.4 | HIGH | β | 0 |
| CVE-2025-52222 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20... | 7.5 | HIGH | β | 0 |
| CVE-2025-52221 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-45059 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a cra... | 7.5 | HIGH | β | 0 |
| CVE-2025-45058 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fx parameter in the jingx_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a craf... | 7.5 | HIGH | β | 0 |
| CVE-2025-45057 D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via ... | 7.5 | HIGH | β | 0 |
| CVE-2026-4837 An eval() injection vulnerability in the Rapid7 Insight Agent beaconing logic for Linux versions could theoretically allow an attacker to achieve remote code execution as root via a crafted beacon res... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-4498 Execution with Unnecessary Privileges (CWE-250) in Kibanaβs Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse (CAPEC-122). ... | 7.7 | HIGH | β | 0 |
| CVE-2026-33461 Incorrect Authorization (CWE-863) in Kibana can lead to information disclosure via Privilege Abuse (CAPEC-122). A user with limited Fleet privileges can exploit an internal API endpoint to retrieve se... | 7.7 | HIGH | β | 0 |
| CVE-2026-33460 Incorrect Authorization (CWE-863) in Kibana can lead to cross-space information disclosure via Privilege Abuse (CAPEC-122). A user with Fleet agent management privileges in one Kibana space can retrie... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-31017 A Server-Side Request Forgery (SSRF) vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before... | 9.1 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.