Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2018-25215 Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the 'E-Mail an... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-25216 AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field. Attackers can past... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25218 PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. ... | 8.4 | HIGH | β | 0 |
| CVE-2019-25648 MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field. At... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25649 River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input strin... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-25650 River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the Lame_enc... | 8.4 | HIGH | β | 0 |
| CVE-2026-22593 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MA... | 8.4 | HIGH | β | 0 |
| CVE-2026-22790 EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payload... | 8.8 | HIGH | β | 0 |
| CVE-2026-23995 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routi... | 8.4 | HIGH | β | 0 |
| CVE-2026-26008 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends U... | 7.5 | HIGH | β | 0 |
| CVE-2026-4825 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2823 A vulnerability was detected in Comfast CF-E7 2.6.0.9. The impacted element is the function sub_41ACCC of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component webmggnt. Perfo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2824 A flaw has been found in Comfast CF-E7 2.6.0.9. This affects the function sub_441CF4 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component webmggnt. Executing a manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2825 A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation leads to cross sit... | 3.5 | LOW | β | 0 |
| CVE-2025-15582 A security flaw has been discovered in detronetdip E-commerce 1.0.0. The impacted element is the function Delete/Update of the component Product Management Module. Performing a manipulation of the arg... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-30892 crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the `crun exec` option `-u` (`--user`) is incorrectly parsed. The value `1` is interpreted as UID 0 and... | 0.0 | NONE | β | 0 |
| CVE-2025-15583 A weakness has been identified in detronetdip E-commerce 1.0.0. This affects the function get_safe_value of the file utility/function.php. Executing a manipulation can lead to cross site scripting. Th... | 3.5 | LOW | β | 0 |
| CVE-2026-2848 A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component Re... | 7.3 | HIGH | β | 0 |
| CVE-2026-2849 A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function deleteCache/removeAllCache/syncCache of the file dataset\repos... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2850 A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addCustomer/updateCustomer/deleteCustomer of the file dataset\repos\warehouse\sr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2851 A vulnerability was determined in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addInport/updateInport/deleteInport of the file dataset\repos... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2865 A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2867 A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql i... | 7.3 | HIGH | β | 0 |
| CVE-2026-2869 A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The m... | 3.3 | LOW | β | 0 |
| CVE-2026-2887 A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontroll... | 3.3 | LOW | β | 0 |
| CVE-2026-2889 A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only ... | 3.3 | LOW | β | 0 |
| CVE-2026-33526 Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This problem allows a remote attacker to per... | 7.5 | HIGH | β | 0 |
| CVE-2026-2239 A flaw was found in GIMP. Heap-buffer-overflow vulnerability exists in the fread_pascal_string function when processing a specially crafted PSD (Photoshop Document) file. This occurs because the buffe... | 2.8 | LOW | β | 0 |
| CVE-2026-2271 A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP... | 3.3 | LOW | β | 0 |
| CVE-2018-25207 Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST... | 7.1 | HIGH | β | 0 |
| CVE-2026-32700 Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3528 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Calculation Fields allows Cross-Site Scripting (XSS).This issue affects Calculation Fields:... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3525 Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3526 Incorrect Authorization vulnerability in Drupal File Access Fix (deprecated) allows Forceful Browsing.This issue affects File Access Fix (deprecated): from 0.0.0 before 1.2.0. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4875 A vulnerability was determined in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /admin/mod_amenities/index.php?view=add. This manipulation of ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4393 Cross-Site Request Forgery (CSRF) vulnerability in Drupal Automated Logout allows Cross Site Request Forgery.This issue affects Automated Logout: from 0.0.0 before 1.7.0, from 2.0.0 before 2.0.2. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4933 Incorrect Authorization vulnerability in Drupal Unpublished Node Permissions allows Forceful Browsing.This issue affects Unpublished Node Permissions: from 0.0.0 before 1.7.0. | 7.5 | HIGH | β | 0 |
| CVE-2026-3622 The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploita... | 7.5 | HIGH | β | 0 |
| CVE-2026-4898 A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the arg... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-40931 Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a M... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-40385 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-6133 A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-ba... | 8.8 | HIGH | β | 0 |
| CVE-2026-6134 A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument q... | 8.8 | HIGH | β | 0 |
| CVE-2026-4902 A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument p... | 8.8 | HIGH | β | 0 |
| CVE-2026-29070 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, an access control check is missing when deleting a file from a knowledge base... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-29071 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.8.6, any authenticated user can read other users' private memories via `/api/v1/re... | 3.1 | LOW | β | 0 |
| CVE-2026-33911 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a JSON response built... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33744 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.37, the `docker.system_packages` field in `bentofile.yaml` accepts arbitrary str... | 7.8 | HIGH | β | 0 |
| CVE-2025-13651 Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. | 7.5 | HIGH | β | 0 |
| CVE-2026-32808 pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encry... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.