Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6618 A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolS... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6619 A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePreview... | 3.5 | LOW | β | 0 |
| CVE-2026-6620 A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6633 A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exten... | 3.5 | LOW | β | 0 |
| CVE-2026-6634 A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6635 A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. S... | 7.3 | HIGH | β | 0 |
| CVE-2026-6649 A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serve... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6743 A vulnerability has been found in WebSystems WebTOTUM 2026. This impacts an unknown function of the component Calendar. The manipulation leads to cross site scripting. The attack may be initiated remo... | 3.5 | LOW | β | 0 |
| CVE-2026-6745 A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scriptin... | 3.5 | LOW | β | 0 |
| CVE-2026-6977 A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorizatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-6990 A vulnerability was found in projeto-siga siga 11.0.3.18. The affected element is an unknown function of the file /sigawf/app/responsavel/novo. Performing a manipulation of the argument Nome/Descrição... | 3.5 | LOW | β | 0 |
| CVE-2026-6991 A vulnerability was determined in colinhacks Zod up to 4.3.6. The impacted element is an unknown function of the file packages/zod/src/v4/core/regexes.ts of the component CUID Data Type Handler. Execu... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6996 A weakness has been identified in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This affects an unknown function of the component rmon event Tab. Executing a manipulation of the argument Description can lea... | 2.4 | LOW | β | 0 |
| CVE-2026-6997 A security vulnerability has been detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. This impacts an unknown function of the component New RMON History Page. The manipulation of the argument Owner le... | 2.4 | LOW | β | 0 |
| CVE-2026-6998 A vulnerability was detected in BDCOM P3310D 0.4.2 10.1.0F Build 86345. Affected is an unknown function of the component New RMON Statistics Page. The manipulation of the argument Owner results in cro... | 2.4 | LOW | β | 0 |
| CVE-2026-7012 A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument f_all/f_all404 results in cross site scripting.... | 2.4 | LOW | β | 0 |
| CVE-2026-7022 A security vulnerability has been detected in SmythOS sre up to 0.0.15. Affected is the function AgentRuntime of the file packages/core/src/subsystems/AgentManager/AgentRuntime.class.ts of the compone... | 7.3 | HIGH | β | 0 |
| CVE-2026-7024 A flaw has been found in rawchen sims up to 004f783b1db5ecdfad81c8fdc3b34171211112de. Affected by this issue is some unknown functionality of the file sims-master/src/web/servlet/file/DeleteFileServle... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-7025 A vulnerability was found in Typecho up to 1.3.0. This vulnerability affects the function Service::sendPingHandle of the file var/Widget/Service.php of the component Ping Back Service Endpoint. The ma... | 7.3 | HIGH | β | 0 |
| CVE-2026-7028 A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perfo... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7039 A security vulnerability has been detected in tufantunc ssh-mcp up to 1.5.0. The affected element is the function shell.write of the file src/index.ts. Such manipulation of the argument Description le... | 7.8 | HIGH | β | 0 |
| CVE-2026-7042 A flaw has been found in 666ghj MiroFish up to 0.1.2. This affects the function create_app of the file backend/app/__init__.py of the component REST API Endpoint. Executing a manipulation can lead to ... | 7.3 | HIGH | β | 0 |
| CVE-2026-7043 A vulnerability has been found in GreenCMS up to 2.3. This impacts the function pluginAddLocal of the file /index.php?m=admin&c=custom&a=pluginadd. The manipulation leads to unrestricted upload. The a... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7060 A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupictur... | 7.3 | HIGH | β | 0 |
| CVE-2026-7061 A weakness has been identified in Toowiredd chatgpt-mcp-server up to 0.1.0. Affected by this issue is some unknown functionality of the file src/services/docker.service.ts of the component MCP/HTTP. T... | 7.3 | HIGH | β | 0 |
| CVE-2026-7064 A flaw has been found in AgentDeskAI browser-tools-mcp up to 1.2.0. This issue affects some unknown processing of the file browser-tools-server/browser-connector.ts. Executing a manipulation can lead ... | 7.3 | HIGH | β | 0 |
| CVE-2026-7065 A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the compo... | 7.3 | HIGH | β | 0 |
| CVE-2026-1733 A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1735 A weakness has been identified in Yealink MeetingBar A30 133.321.0.3. This issue affects some unknown processing of the component Diagnostic Handler. This manipulation causes command injection. It is ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1740 A vulnerability was found in EFM ipTIME A8004T 14.18.2. This impacts the function httpcon_check_session_url of the file /cgi/timepro.cgi of the component Hidden Hiddenloginsetup Interface. The manipul... | 7.3 | HIGH | β | 0 |
| CVE-2026-1742 A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such ma... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1743 A vulnerability has been found in DJI Mavic Mini, Air, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manip... | 3.1 | LOW | β | 0 |
| CVE-2026-1811 A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename H... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2075 A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2076 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2077 A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2078 A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\war... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3703 A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25187 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-3705 A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno r... | 7.3 | HIGH | β | 0 |
| CVE-2025-70046 An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3714 A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such ma... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3715 A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-ba... | 8.8 | HIGH | β | 0 |
| CVE-2026-3726 A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-... | 8.8 | HIGH | β | 0 |
| CVE-2026-3727 A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results i... | 8.8 | HIGH | β | 0 |
| CVE-2026-3728 A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-base... | 8.8 | HIGH | β | 0 |
| CVE-2026-3729 A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-b... | 8.8 | HIGH | β | 0 |
| CVE-2026-3731 A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Nam... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3732 A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer... | 8.8 | HIGH | β | 0 |
| CVE-2026-3734 A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of th... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.