Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-1787 Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privile... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-32507 Deserialization of Untrusted Data vulnerability in Elated-Themes Leroux leroux allows Object Injection.This issue affects Leroux: from n/a through < 1.4. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-1789 Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. | 7.8 | HIGH | β | 0 |
| CVE-2026-7057 A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes ... | 8.8 | HIGH | β | 0 |
| CVE-2026-7058 A vulnerability has been found in 666ghj MiroFish up to 0.1.2. The impacted element is the function SimulationIPCClient.send_command of the file backend/app/services/simulation_ipc.py of the component... | 7.3 | HIGH | β | 0 |
| CVE-2026-3104 A specially crafted domain can be used to cause a memory leak in a BIND resolver simply by querying this domain. This issue affects BIND 9 versions 9.20.0 through 9.20.20, 9.21.0 through 9.21.19, and ... | 7.5 | HIGH | β | 0 |
| CVE-2026-32537 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in nK Visual Portfolio, Photo Gallery & Post Grid visual-portfolio allows PHP Loca... | 7.5 | HIGH | β | 0 |
| CVE-2026-32538 Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through <= 1.1.24. | 7.5 | HIGH | β | 0 |
| CVE-2026-32540 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bookly Bookly bookly-responsive-appointment-booking-tool allows Reflected XSS.This issue affects B... | 7.1 | HIGH | β | 0 |
| CVE-2026-2348 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Quick Edit allows Cross-Site Scripting (XSS).This issue affects Quick Edit: from 0.0.0 befo... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2349 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-3703 A flaw has been found in Wavlink NU516U1 251208. This affects the function sub_401A10 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to out-of-bounds write. T... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25187 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-3705 A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno r... | 7.3 | HIGH | β | 0 |
| CVE-2025-70046 An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3714 A vulnerability has been found in OpenCart 4.0.2.3. Affected by this issue is the function Save of the file admin/controller/design/template.php of the component Incomplete Fix CVE-2024-36694. Such ma... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3715 A vulnerability was found in Wavlink WL-WN579X3-C 231124. This affects the function sub_40139C of the file /cgi-bin/firewall.cgi. Performing a manipulation of the argument del_flag results in stack-ba... | 8.8 | HIGH | β | 0 |
| CVE-2026-3726 A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-... | 8.8 | HIGH | β | 0 |
| CVE-2026-3727 A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results i... | 8.8 | HIGH | β | 0 |
| CVE-2026-3728 A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-base... | 8.8 | HIGH | β | 0 |
| CVE-2026-3729 A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-b... | 8.8 | HIGH | β | 0 |
| CVE-2026-3731 A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Nam... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3732 A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer... | 8.8 | HIGH | β | 0 |
| CVE-2026-3734 A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of th... | 7.3 | HIGH | β | 0 |
| CVE-2026-3738 A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to imprope... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-25188 Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network. | 8.8 | HIGH | β | 0 |
| CVE-2025-70047 An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | 7.5 | HIGH | β | 0 |
| CVE-2025-70048 An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. | 7.5 | HIGH | β | 0 |
| CVE-2026-3768 A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO le... | 8.8 | HIGH | β | 0 |
| CVE-2026-3769 A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function WrlclientSet of the file /goform/WrlclientSet. The manipulation of the argument GO results in stack-based buf... | 8.8 | HIGH | β | 0 |
| CVE-2026-26121 Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-3630 Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3631 Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability. | 7.5 | HIGH | β | 0 |
| CVE-2026-3799 A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument funcpara1 causes stack-based buffer overflow. Remote... | 8.8 | HIGH | β | 0 |
| CVE-2026-3801 A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. Performing a manipulation of the argument ping1/pin... | 8.8 | HIGH | β | 0 |
| CVE-2026-3822 Taipower APP for Andorid developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-s... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3802 A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can le... | 8.8 | HIGH | β | 0 |
| CVE-2026-30896 The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected... | N/A | NONE | β | 0 |
| CVE-2026-3803 A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-bas... | 8.8 | HIGH | β | 0 |
| CVE-2026-3804 A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index... | 8.8 | HIGH | β | 0 |
| CVE-2026-3807 A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_s... | 8.8 | HIGH | β | 0 |
| CVE-2026-3823 EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbi... | 8.8 | HIGH | β | 0 |
| CVE-2026-3808 A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSit... | 8.8 | HIGH | β | 0 |
| CVE-2026-3809 A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Executing a manipulation of the argument page can le... | 8.8 | HIGH | β | 0 |
| CVE-2026-3810 A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-base... | 8.8 | HIGH | β | 0 |
| CVE-2025-70050 An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-41754 A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-41755 A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to open (e.g., /tmp/we... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-41756 A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system. | 8.1 | HIGH | β | 0 |
| CVE-2025-41757 A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive to create ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.