Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-25720 A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requir... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25775 A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-rel... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-27841 A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application doe... | 8.1 | HIGH | — | 0 |
| CVE-2026-27843 A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By applyi... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-35064 A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, ident... | 7.5 | HIGH | — | 0 |
| CVE-2026-35503 A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rathe... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-39462 A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device ... | 8.1 | HIGH | — | 0 |
| CVE-2026-40431 A vulnerability exists in SenseLive X3050’s web management interface due to its reliance on unencrypted HTTP for all administrative communication. Because management traffic, including authentication ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-40620 A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config applic... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-40623 A vulnerability in SenseLive X3050's web management interface allows critical system and network configuration parameters to be modified without sufficient validation and safety controls. Due to inade... | 8.1 | HIGH | — | 0 |
| CVE-2026-40630 A vulnerability in SenseLive X3050’s web management interface allows unauthorized access to certain configuration endpoints due to improper access control enforcement. An attacker with network acce... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2028 The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versi... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6393 The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() f... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5347 The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the ad... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5364 The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file exte... | 8.1 | HIGH | — | 0 |
| CVE-2026-5428 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-1950 Delta Electronics AS320T has No checking of the length of the buffer with the file name vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1951 Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1952 Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-11762 The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/adm... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3565 The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() f... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4078 The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to an... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-21728 Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result... | 7.5 | HIGH | — | 0 |
| CVE-2026-40466 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may byp... | N/A | NONE | — | 0 |
| CVE-2026-41043 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsing... | N/A | NONE | — | 0 |
| CVE-2026-6043 P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate ... | N/A | NONE | — | 0 |
| CVE-2026-21515 Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. | 9.9 | CRITICAL | — | 0 |
| CVE-2026-5265 When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total lengt... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-5367 A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cau... | 8.6 | HIGH | — | 0 |
| CVE-2026-25660 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain ... | N/A | NONE | — | 0 |
| CVE-2026-4484 The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the ... | 8.8 | HIGH | — | 0 |
| CVE-2026-4831 A security flaw has been discovered in kalcaddle kodbox 1.64. Impacted is the function can of the file /workspace/source-code/app/controller/explorer/auth.class.php of the component Password-protected... | 3.7 | LOW | — | 0 |
| CVE-2026-4833 A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled re... | 3.3 | LOW | — | 0 |
| CVE-2026-4835 A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. ... | 3.5 | LOW | — | 0 |
| CVE-2026-4836 A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id re... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1986 The FloristPress for Woo – Customize your eCommerce store for your Florist plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'noresults' parameter in all versions up to, and... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3328 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31.... | 7.2 | HIGH | — | 0 |
| CVE-2026-4075 The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4335 The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the attachment post_title in all versions up to, and including, 6.4.3. This is due to insufficient ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-4839 A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2026-2931 The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to object... | 8.8 | HIGH | — | 0 |
| CVE-2026-4278 The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4281 The FormLift for Infusionsoft Web Forms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 7.5.21. This is due to missing capability checks on the connec... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4329 The Blackhole for Bad Bots plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the User-Agent HTTP header in all versions up to and including 3.8. This is due to insufficient input s... | 7.2 | HIGH | — | 0 |
| CVE-2026-4331 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to unauthorized data loss in all versions up to, and including, 8.8.2. This is due to the resetSocialMetaTags() f... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4389 The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `leafext-cookie-time` and `leafext-delete-cookie` shortcodes in all versi... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-4840 A security flaw has been discovered in Netcore Power 15AX up to 3.0.0.6938. Affected by this issue is the function setTools of the file /bin/netis.cgi of the component Diagnostic Tool Interface. Perfo... | 8.8 | HIGH | — | 0 |
| CVE-2026-4841 A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4846 A vulnerability has been found in dameng100 muucmf 1.9.5.20260309. The affected element is an unknown function of the file channel/admin.Account/autoReply.html. Such manipulation of the argument keywo... | 4.3 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.