Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-54013 Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to prote... | N/A | NONE | — | 0 |
| CVE-2026-7235 A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-7241 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulat... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-7264 A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of th... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7279 AVACAST developed by eMPIA Technology, has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a malicious DLL in a specific directory, resulting in arbitrary code execution... | 7.8 | HIGH | — | 0 |
| CVE-2026-7280 AVACAST developed by eMPIA Technology has a Unquoted Service Path vulnerability, allowing privileged local attackers to place a malicious executable file in a specific directory, resulting in arbitrar... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-3323 An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes. | 7.5 | HIGH | — | 0 |
| CVE-2026-41636 Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. | 7.5 | HIGH | — | 0 |
| CVE-2026-34865 Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-40175 Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any ... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-2728 LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation cou... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-24511 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privilege... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27102 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access c... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-39415 Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6204 LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires... | 7.2 | HIGH | — | 0 |
| CVE-2026-31486 In the Linux kernel, the following vulnerability has been resolved: hwmon: (pmbus/core) Protect regulator operations with mutex The regulator operations pmbus_regulator_get_voltage(), pmbus_regulato... | 7.1 | HIGH | — | 0 |
| CVE-2026-31488 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 ("drm/amd/display: Add dsc... | 7.8 | HIGH | — | 0 |
| CVE-2026-31489 In the Linux kernel, the following vulnerability has been resolved: spi: meson-spicc: Fix double-put in remove path meson_spicc_probe() registers the controller with devm_spi_register_controller(), ... | 7.8 | HIGH | — | 0 |
| CVE-2026-31490 In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix use-after-free in migration restore When an error is returned from xe_sriov_pf_migration_restore_produce(), the dat... | 7.8 | HIGH | — | 0 |
| CVE-2026-31492 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Initialize free_qp completion before using it In irdma_create_qp, if ib_copy_to_udata fails, it will call irdma_destro... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-24303 Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | 9.6 | CRITICAL | — | 0 |
| CVE-2026-35431 Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-7266 A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. The impacted element is the function save_order of the file /admin/ajax.php?action=save_order. The manipulation of the argu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7269 A vulnerability was found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /index.php?page=product. Performing a manipulation of the argument ID r... | 2.4 | LOW | — | 0 |
| CVE-2026-40938 Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to before 1.11.0, the git resolver's revision parameter is passed directly as a positional argumen... | 7.5 | HIGH | — | 0 |
| CVE-2026-31482 In the Linux kernel, the following vulnerability has been resolved: s390/entry: Scrub r12 register on kernel entry Before commit f33f2d4c7c80 ("s390/bp: remove TIF_ISOLATE_BP"), all entry handlers l... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31483 In the Linux kernel, the following vulnerability has been resolved: s390/syscalls: Add spectre boundary for syscall dispatch table The s390 syscall number is directly controlled by userspace, but do... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31494 In the Linux kernel, the following vulnerability has been resolved: net: macb: use the current queue number for stats There's a potential mismatch between the memory reserved for statistics and the ... | 7.8 | HIGH | — | 0 |
| CVE-2026-31495 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations in... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31496 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_expect: skip expectations in other netns via proc Skip expectations that do not reside in this netns. Sim... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31498 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop l2cap_config_req() processes CONFIG_REQ for channels in BT_CONNE... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31499 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() l2cap_conn_del() calls cancel_delayed_work_sync() for both info_timer and id_ad... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31501 In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5_hdesc_get_psdata() returns a pointer into the CPPI d... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31502 In the Linux kernel, the following vulnerability has been resolved: team: fix header_ops type confusion with non-Ethernet ports Similar to commit 950803f72547 ("bonding: fix type confusion in bond_s... | 7.8 | HIGH | — | 0 |
| CVE-2026-31504 In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_UP race `packet_release()` has a race window where `NETDEV_UP` can re-register ... | 7.8 | HIGH | — | 0 |
| CVE-2026-31507 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer smc_rx_splice() allocates one smc_spd_priv per p... | 7.8 | HIGH | — | 0 |
| CVE-2026-31508 In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Avoid releasing netdev before teardown completes The patch cited in the Fixes tag below changed the teardown cod... | 7.8 | HIGH | — | 0 |
| CVE-2026-31509 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix circular locking dependency in nci_close_device nci_close_device() flushes rx_wq and tx_wq while holding req_lock. T... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31510 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb Before using sk pointer, check if it is null. Fix the following: KA... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31512 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() l2cap_ecred_data_rcv() reads the SDU len... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-40886 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() func... | 7.7 | HIGH | — | 0 |
| CVE-2026-31618 In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31619 In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value sup... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31623 In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can overf... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31624 In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a val... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-41478 Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authent... | 9.9 | CRITICAL | — | 0 |
| CVE-2021-36438 SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-31255 A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31256 A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1... | 7.5 | HIGH | — | 0 |
| CVE-2026-35902 The RTSP service of MERCURY IP camera MIPC252W 1.0.5 Build 230306 has an issue handling failed Digest authentication attempts. By repeatedly sending RTSP requests with invalid authentication parameter... | 6.2 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.