Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-4118 The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4138 The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-6236 The Posts map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' shortcode attribute in all versions up to, and including, 0.1.3 due to insufficient input sanitization an... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-6843 A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application a... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6844 A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable F... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-6845 A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially cr... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-6846 A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker co... | 7.8 | HIGH | β | 0 |
| CVE-2026-33257 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6848 A flaw was found in Red Hat Quay. When Red Hat Quay requests password re-verification for sensitive operations, such as token generation or robot account creation, the re-authentication prompt can be ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-20122 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the atta... | 5.4 | MEDIUM | KEV | 0 |
| CVE-2026-1838 The Hostel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode_id' parameter in all versions up to, and including, 1.1.6 due to insufficient input sanitization and ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-4801 The Page Builder Gutenberg Blocks β CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffici... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-33619 PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook deliver... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-33750 The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..... | 6.5 | MEDIUM | β | 0 |
| CVE-2016-20049 JAD 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2399 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the P... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-2400 CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc req... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2401 CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an at... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-2402 CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authenticati... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2403 CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettin... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2404 CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-66335 Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intend... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33557 A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` isΒ set to `org.apache.kafka.common.security.oauthbearer.D... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-33558 Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By defaul... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35587 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation o... | 8.8 | HIGH | β | 0 |
| CVE-2026-22009 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 6.5 | MEDIUM | β | 0 |
| CVE-2000-5001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2005-20001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2008-20002 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2008-20003 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2009-20012 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2010-20110 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2010-20116 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2010-20117 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2010-20118 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2010-20124 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2011-10031 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2013-10041 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2013-10045 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2013-10056 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2014-125120 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | β | 0 |
| CVE-2026-0539 Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This s... | N/A | NONE | β | 0 |
| CVE-2026-31434 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub_... | N/A | NONE | β | 0 |
| CVE-2026-31443 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, a... | N/A | NONE | β | 0 |
| CVE-2026-31448 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid infinite loops caused by residual data On the mkdir/mknod path, when mapping logical blocks to physical blocks, if ins... | N/A | NONE | β | 0 |
| CVE-2026-31456 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concur... | N/A | NONE | β | 0 |
| CVE-2026-31460 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_caps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer... | N/A | NONE | β | 0 |
| CVE-2026-31465 In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for fil... | N/A | NONE | β | 0 |
| CVE-2026-31469 In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false A UAF issue occurs when the virtio_net dr... | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.