Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-27699 The `basic-ftp` FTP client library for Node.js contains a path traversal vulnerability (CWE-22) in versions prior to 5.2.0 in the `downloadToDir()`ย method. A malicious FTP server can send directory li... | 9.1 | CRITICAL | โ | 0 |
| CVE-2026-2878 In Progressยฎ Telerikยฎ UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filena... | 5.3 | MEDIUM | โ | 0 |
| CVE-2026-3197 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | โ | 0 |
| CVE-2026-3201 USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | 4.7 | MEDIUM | โ | 0 |
| CVE-2026-3202 NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service | 4.7 | MEDIUM | โ | 0 |
| CVE-2026-3203 RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-1242 The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attack... | 9.1 | CRITICAL | โ | 0 |
| CVE-2025-50180 esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from internal websit... | 7.5 | HIGH | โ | 0 |
| CVE-2026-22866 Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contract... | 7.5 | HIGH | โ | 0 |
| CVE-2026-27700 Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application Load Ba... | 8.2 | HIGH | โ | 0 |
| CVE-2026-27701 LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's `i18n-update-pull` GitHub Actions workflow is vulnerable to JavaScript inj... | N/A | NONE | โ | 0 |
| CVE-2026-27702 Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows a... | 9.9 | CRITICAL | โ | 0 |
| CVE-2026-20010 A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which could cause an... | 7.4 | HIGH | โ | 0 |
| CVE-2026-27704 The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub cli... | 7.5 | HIGH | โ | 0 |
| CVE-2026-27730 esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.shโs `/http(s)` fetch route. The service tries to ... | 7.5 | HIGH | โ | 0 |
| CVE-2026-27846 Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the networkย to gain access to sensitive information, includi... | 6.2 | MEDIUM | โ | 0 |
| CVE-2026-27847 Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-27848 Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.20... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-3206 Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE (CircuitBreaker modules), KrakenD, SLU KrakenD-EE (CircuitBreaker modules).ย This issue affects KrakenD-CE: before 2.13.1;... | N/A | NONE | โ | 0 |
| CVE-2026-20048 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause a denial of ser... | 7.7 | HIGH | โ | 0 |
| CVE-2026-20051 A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an unauthenticated, a... | 7.4 | HIGH | โ | 0 |
| CVE-2026-20091 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)... | 4.8 | MEDIUM | โ | 0 |
| CVE-2026-20099 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform ... | 6.7 | MEDIUM | โ | 0 |
| CVE-2026-20107 A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpe... | 5.5 | MEDIUM | โ | 0 |
| CVE-2026-20126 A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is d... | 8.8 | HIGH | โ | 0 |
| CVE-2026-20129 A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to gain access to an affected system as a user who has the netadmin... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-27728 OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in `NetworkPathMonitor.performTraceroute()` allows any authenticated... | 9.9 | CRITICAL | โ | 0 |
| CVE-2026-26717 An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function.... | 4.8 | MEDIUM | โ | 0 |
| CVE-2026-27705 Plane is an an open-source project management tool. Prior to version 1.2.2, the `ProjectAssetEndpoint.patch()` method in `apps/api/plane/app/views/asset/v2.py` (lines 579โ593) performs a global asset ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-27706 Plane is an an open-source project management tool. Prior to version 1.2.2, a Full Read Server-Side Request Forgery (SSRF) vulnerability has been identified in the "Add Link" feature. This flaw allows... | 7.7 | HIGH | โ | 0 |
| CVE-2026-27727 mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by whi... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-22428 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Tooth Fairy tooth-fairy allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | โ | 0 |
| CVE-2026-27736 BigBlueButton is an open-source virtual classroom. In versions on the 3.x branch prior to 3.0.20, the string received with errorRedirectUrl lacks validation, using it directly in the respondWithRedire... | 6.1 | MEDIUM | โ | 0 |
| CVE-2026-27738 The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, th... | N/A | NONE | โ | 0 |
| CVE-2026-27849 Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh netw... | 9.8 | CRITICAL | โ | 0 |
| CVE-2026-3189 A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability affects unknown code of the file /api/admin/common/files/download. Executing a manipulation of the ar... | 3.1 | LOW | โ | 0 |
| CVE-2026-25554 OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c whe... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-27739 The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Ang... | N/A | NONE | โ | 0 |
| CVE-2026-27794 LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable ... | 6.6 | MEDIUM | โ | 0 |
| CVE-2026-24890 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature e... | 8.1 | HIGH | โ | 0 |
| CVE-2026-27850 Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the loc... | 7.5 | HIGH | โ | 0 |
| CVE-2026-23627 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any au... | 8.8 | HIGH | โ | 0 |
| CVE-2026-24005 Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The ... | 0.0 | NONE | โ | 0 |
| CVE-2026-24487 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource end... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24908 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows ... | 9.9 | CRITICAL | โ | 0 |
| CVE-2026-25164 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php`... | 8.1 | HIGH | โ | 0 |
| CVE-2026-25220 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-25476 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `... | 7.5 | HIGH | โ | 0 |
| CVE-2026-25743 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("fo... | 4.8 | MEDIUM | โ | 0 |
| CVE-2026-25746 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be explo... | 8.8 | HIGH | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.