Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-25794 ImageMagick is free and open-source software used for editing and manipulating digital images. `WriteUHDRImage` in `coders/uhdr.c` uses `int` arithmetic to compute the pixel buffer size. Prior to vers... | 8.2 | HIGH | — | 0 |
| CVE-2026-3062 Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severi... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3063 Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged ... | 5.4 | MEDIUM | — | 0 |
| CVE-2024-58041 Smolder versions through 1.51 for Perl uses insecure rand() function for cryptographic functions. Smolder 1.51 and earlier for Perl uses the rand() function as the default source of entropy, which is... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-69250 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks d... | 7.5 | HIGH | — | 0 |
| CVE-2025-69251 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25545 Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page (eg. `404.astro` or `500.astro`) are vulnerable to SSRF. If the `... | 8.6 | HIGH | — | 0 |
| CVE-2026-25576 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in multiple raw im... | 5.1 | MEDIUM | — | 0 |
| CVE-2026-25591 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the `/api/toke... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25637 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak in the ASHLAR image writer allows an attacker to exhaust process... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25638 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, memory leak exists in `coders/msl.c`. In the `WriteMSLImage` fu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25795 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25796 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSTEGANOImage()` (`coders/stegano.c`), the `watermark` I... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25797 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails ... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-25798 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25799 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a logic error in YUV sampling factor validation allows an inval... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25802 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRend... | 7.6 | HIGH | — | 0 |
| CVE-2026-26024 free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when... | 7.5 | HIGH | — | 0 |
| CVE-2026-26025 free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when... | 7.5 | HIGH | — | 0 |
| CVE-2026-27642 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers can inject ... | 7.5 | HIGH | — | 0 |
| CVE-2026-27643 free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the NEF component reliably lea... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27729 Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-25967 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a stack-based buffer overflow exists in the ImageMagick FTXT image reader. A c... | 7.4 | HIGH | — | 0 |
| CVE-2026-25968 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a stack buffer overflow occurs when processing the an attribute... | 7.4 | HIGH | — | 0 |
| CVE-2026-25969 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25970 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a signed integer overflow vulnerability in ImageMagick's SIXEL ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25971 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for circular references between two MSLs,... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-25982 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap out-of-bounds read vulnerability exists in the `coders/d... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26340 Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access l... | 7.5 | HIGH | — | 0 |
| CVE-2026-25983 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted MSL script triggers a heap-use-after-free. The operat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25985 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file containing an malicious element causes Image... | 7.5 | HIGH | — | 0 |
| CVE-2026-25986 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer overflow write vulnerability exists in ReadYUVIma... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25987 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap buffer over-read vulnerability exists in the MAP image d... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25988 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, sometimes msl.c fails to update the stack index, so an image is... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2679 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es/#/incomes/salesInvoices' endpoint, which could allow an attacker to ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-1459 A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated a... | 7.2 | HIGH | — | 0 |
| CVE-2026-25989 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one... | 7.5 | HIGH | — | 0 |
| CVE-2026-26066 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted profile contain invalid IPTC data may cause an infini... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-26198 Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into `sql... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26283 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a `continue` statement in the JPEG extent binary search loop in... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-2680 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es/#/incomes/salesDeliveryNotes' endpoint, which could allow an at... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26284 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huff... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26331 yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) i... | 8.8 | HIGH | — | 0 |
| CVE-2026-26981 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26983 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` e... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27126 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` com... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-27127 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation performs DNS resolution separa... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-27128 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a Time-of-Check-Time-of-Use (TOCTOU) race condition exists in Craft CMS’s token validati... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-27129 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-15386 The Responsive Lightbox & Gallery WordPress plugin before 2.6.1 is vulnerable to an Unauthenticated Stored-XSS attack due to flawed regex replacement rules that can be abused by posting a comment with... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.