Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-42040 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode() function in lib/helpers/AxiosURLSearchParams.js contains a character mapping (charMap) at lin... | 3.7 | LOW | β | 0 |
| CVE-2026-42041 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype ... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-42042 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict b... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-42044 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-30351 A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences. | 7.5 | HIGH | β | 0 |
| CVE-2026-30352 A remote code execution (RCE) vulnerability in the /devserver/start endpoint of leonvanzyl autocoder commit 79d02a allows attackers to execute arbitrary code via providing a crafted command parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32655 Dell Alienware Command Center (AWCC), versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerab... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35901 A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-40970 When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0β4.... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-7147 A vulnerability was detected in JoeCastrom mcp-chat-studio up to 1.5.0. Affected by this issue is some unknown functionality of the file server/routes/llm.js of the component LLM Models API. Performin... | 7.3 | HIGH | β | 0 |
| CVE-2025-69428 An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. | 7.5 | HIGH | β | 0 |
| CVE-2026-35903 MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, t... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5394 An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. T... | N/A | NONE | β | 0 |
| CVE-2026-6741 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriza... | 8.8 | HIGH | β | 0 |
| CVE-2026-7151 A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ove... | 8.8 | HIGH | β | 0 |
| CVE-2026-7152 A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulati... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7153 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. P... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-31480 In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 ... | 5.5 | MEDIUM | β | 0 |
| CVE-2024-46636 NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter | 9.4 | CRITICAL | β | 0 |
| CVE-2026-7157 A flaw has been found in disler aider-mcp-server up to b2516fa466d0d851932da92ee6d0e66946db9efc. Affected by this vulnerability is an unknown functionality of the file src/aider_mcp_server/server.py o... | 7.3 | HIGH | β | 0 |
| CVE-2026-7158 A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function _validate_url_safe of the file src/mcp_url_downlo... | 7.3 | HIGH | β | 0 |
| CVE-2026-28747 A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | 7.1 | HIGH | β | 0 |
| CVE-2026-7183 A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls_pdu.cpp of the component Radio Link Simulatio... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-7194 A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save_product. This manipulation of the argument ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3488 The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers includin... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-40385 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-6133 A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-ba... | 8.8 | HIGH | β | 0 |
| CVE-2026-6134 A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument q... | 8.8 | HIGH | β | 0 |
| CVE-2026-28736 ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the conte... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-34992 Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to 2.4.5 and 2.5.2, a missing encryption vulnerability affects inter-Node Pod traffic. In Antrea clusters configured ... | 7.5 | HIGH | β | 0 |
| CVE-2026-5329 Rapid7 Velociraptor versions prior to 0.76.2Β contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server (primarily Linux) that allows an aut... | 8.5 | HIGH | β | 0 |
| CVE-2026-31473 In the Linux kernel, the following vulnerability has been resolved: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex MEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBU... | 7.8 | HIGH | β | 0 |
| CVE-2026-31474 In the Linux kernel, the following vulnerability has been resolved: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() isotp_sendmsg() uses only cmpxchg() on so->tx.state to serialize access t... | 7.8 | HIGH | β | 0 |
| CVE-2026-31476 In the Linux kernel, the following vulnerability has been resolved: ksmbd: do not expire session on binding failure When a multichannel session binding request fails (e.g. wrong password), the error... | 8.2 | HIGH | β | 0 |
| CVE-2026-31477 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leaks and NULL deref in smb2_lock() smb2_lock() has three error handling issues after list_del() detaches smb_lo... | 7.5 | HIGH | β | 0 |
| CVE-2026-31478 In the Linux kernel, the following vulnerability has been resolved: ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() After this commit (e2b76ab8b5c9 "ksmbd: add suppo... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-40977 When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7199 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_product. Performi... | 7.3 | HIGH | β | 0 |
| CVE-2026-7200 A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=types. Executing a manipulation of the... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20766 An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | 8.8 | HIGH | β | 0 |
| CVE-2026-32644 Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32649 A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-7202 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWiFiWpsStart of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7203 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setUrlFilterRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7204 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setPptpServerCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulatio... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7212 A security vulnerability has been detected in edvardlindelof notes-mcp up to 0.1.4. This affects an unknown function of the file notes_mcp.py. The manipulation of the argument root_dir/path leads to p... | 7.3 | HIGH | β | 0 |
| CVE-2026-7213 A vulnerability was detected in ef10007 MLOps_MCP 1.0.0. This impacts an unknown function of the file fastmcp_server.py of the component save_file Tool. The manipulation of the argument filename/desti... | 7.3 | HIGH | β | 0 |
| CVE-2026-32589 A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users,... | 7.4 | HIGH | β | 0 |
| CVE-2026-3087 If `shutil.unpack_archive()` is given a ZIP archive with an absolute Windows path containing a drive (`C:\\...`) then the archive will be extracted outside the target directory which is different than... | N/A | NONE | β | 0 |
| CVE-2026-42510 OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | 6.6 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.