Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-7121 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7122 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7123 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7124 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function setIpv6LanCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Exec... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32688 Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib... | N/A | NONE | β | 0 |
| CVE-2026-7126 A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument... | 7.3 | HIGH | β | 0 |
| CVE-2026-7127 A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete_receiving. This manipulation of th... | 7.3 | HIGH | β | 0 |
| CVE-2026-30350 An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 7.5 | HIGH | β | 0 |
| CVE-2026-40514 SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from Sys... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-7131 A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/... | 7.3 | HIGH | β | 0 |
| CVE-2026-7132 A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-54505 A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality. | N/A | NONE | β | 0 |
| CVE-2026-41462 ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41463 ProjeQtor versions 7.0 through 12.4.3 contain a ZipSlip path traversal vulnerability in the plugin upload functionality that allows authenticated attackers with upload permissions to write files outsi... | 8.8 | HIGH | β | 0 |
| CVE-2026-41464 ProjeQtor versions 7.0 through 12.4.3 contain a missing authorization vulnerability in the objectDetail.php endpoint that allows authenticated users with guest-level privileges to retrieve sensitive d... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-41465 ProjeQtor versions 7.0 through 12.4.3 contains a path traversal vulnerability in the log file viewer at dynamicDialog.php where the logname parameter is not validated against directory traversal seque... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-41466 ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only de... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-41467 ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file u... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-6970 authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either beca... | N/A | NONE | β | 0 |
| CVE-2026-7136 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setDmzCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a mani... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7137 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setStorageCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulat... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7138 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30346 An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-30462 A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-38934 Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings... | 8.8 | HIGH | β | 0 |
| CVE-2026-38935 A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter | 6.1 | MEDIUM | β | 0 |
| CVE-2026-38936 A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter | 6.1 | MEDIUM | β | 0 |
| CVE-2026-7139 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7140 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argu... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69689 The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploit... | 8.8 | HIGH | β | 0 |
| CVE-2026-25908 Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain an Execution with Unnecessary Privileges vulnerability in the AWCC. A low privileged attacker with local access could potentia... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-31686 In the Linux kernel, the following vulnerability has been resolved: mm/kasan: fix double free for kasan pXds kasan_free_pxd() assumes the page table is always struct page aligned. But that's not al... | N/A | NONE | β | 0 |
| CVE-2026-31687 In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_drive... | N/A | NONE | β | 0 |
| CVE-2026-31688 In the Linux kernel, the following vulnerability has been resolved: driver core: enforce device_lock for driver_match_device() Currently, driver_match_device() is called from three sites. One site (... | N/A | NONE | β | 0 |
| CVE-2026-31689 In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the error path wil... | N/A | NONE | β | 0 |
| CVE-2026-31690 In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol drive... | N/A | NONE | β | 0 |
| CVE-2026-31691 In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buf... | N/A | NONE | β | 0 |
| CVE-2026-7145 A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invita... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-26928 SzafirHostΒ downloads necessary files in the context of the initiating web page.Β When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file ha... | N/A | NONE | β | 0 |
| CVE-2025-69893 A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 h... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-30616 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application, ... | 7.3 | HIGH | β | 0 |
| CVE-2026-30617 LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management i... | 8.6 | HIGH | β | 0 |
| CVE-2026-40155 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-40351 FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attack... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-40279 BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes u... | 3.7 | LOW | β | 0 |
| CVE-2026-40584 RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web/... | 7.5 | HIGH | β | 0 |
| CVE-2026-40372 Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | 9.1 | CRITICAL | β | 0 |
| CVE-2026-41059 OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions 7.5.0 through 7.15.1 have a configuration-dependent authentication bypass. Deployments are affected when a... | 8.2 | HIGH | β | 0 |
| CVE-2026-41133 pyLoad is a free and open-source download manager written in Python. Versions up to and including 0.5.0b3.dev97 cache `role` and `permission` in the session at login and continues to authorize request... | 8.8 | HIGH | β | 0 |
| CVE-2026-41145 MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSI... | 8.2 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.