Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32442 Missing Authorization vulnerability in E2Pdf e2pdf e2pdf allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through <= 1.28.15. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32443 Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooComm... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32445 Missing Authorization vulnerability in Elementor Elementor Website Builder elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Website Builde... | 2.7 | LOW | β | 0 |
| CVE-2026-32446 Missing Authorization vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPFor... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32447 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32448 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.T... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32449 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Event Post themify-event-post allows Stored XSS.This issue affects Themify Event... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32450 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows DO... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32451 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32452 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32453 Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32454 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeFusion Avada Core fusion-core allows DOM-Based XSS.This issue affects Avada Core: from n/a th... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32455 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 MDTF wp-meta-data-filter-and-taxonomy-filter allows DOM-Based XSS.This issue affects MD... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32456 Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor admin-menu-editor allows Cross Site Request Forgery.This issue affects Admin Menu Editor: from n/a through <= 1.14.1. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32457 Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access C... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32458 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through <... | 7.6 | HIGH | β | 0 |
| CVE-2026-32459 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects Ups... | 8.5 | HIGH | β | 0 |
| CVE-2026-32460 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Ultimate Addons for Contact Form 7 ultimate-addons-for-contact-form-7 allows Exploiting I... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-32461 Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simpl... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32462 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Mas... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-32486 Missing Authorization vulnerability in wptravelengine Travel Booking travel-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel Booking: from n/a ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32487 Missing Authorization vulnerability in raratheme Lawyer Landing Page lawyer-landing-page allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Lawyer Landing Page:... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32543 Missing Authorization vulnerability in CyberChimps Responsive Blocks responsive-block-editor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsiv... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3045 The Appointment Booking Calendar β Simply Schedule Appointments plugin for WordPress is vulnerable to unauthorized access of sensitive data in all versions up to and including 1.6.9.29. This is due to... | 7.5 | HIGH | β | 0 |
| CVE-2026-3891 The Pix for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check and missing file type validation in the 'lkn_pix_for_woocommerce_c6_save_settings' ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3986 The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form settings in all versions up to, and including, 5.4.5.0. This is due to insufficient capability... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4063 The Social Icons Widget & Block by WPZOOM plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check in the add_menu_item() method hooked to admin_menu in a... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1883 The Wicked Folders β Folder Organizer for Pages, Posts, and Custom Post Types plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1947 The NEX-Forms β Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 9.1.9 via the submit_nex_form() functio... | 7.5 | HIGH | β | 0 |
| CVE-2026-1948 The NEX-Forms β Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deactivate_license() function in al... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2233 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabil... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4163 A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manip... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4164 A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a mani... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4165 A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argumen... | 2.4 | LOW | β | 0 |
| CVE-2026-4166 A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cr... | 3.5 | LOW | β | 0 |
| CVE-2026-4167 A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overf... | 8.8 | HIGH | β | 0 |
| CVE-2026-4168 A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument N... | 2.4 | LOW | β | 0 |
| CVE-2026-4169 A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manip... | 2.4 | LOW | β | 0 |
| CVE-2026-4170 A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Han... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-4171 A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4172 A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument p... | 7.2 | HIGH | β | 0 |
| CVE-2026-4173 A flaw has been found in CodePhiliaX Chat2DB up to 0.3.7. This vulnerability affects the function exportTable/exportTableColumnComment/exportView/exportProcedure/exportTriggers/exportTrigger/updatePro... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4174 A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation lead... | 3.3 | LOW | β | 0 |
| CVE-2026-4175 A vulnerability was determined in Aureus ERP up to 1.3.0-BETA2. The affected element is an unknown function of the file plugins/webkul/chatter/resources/views/filament/infolists/components/messages/co... | 3.5 | LOW | β | 0 |
| CVE-2026-4185 A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4186 A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This mani... | 3.5 | LOW | β | 0 |
| CVE-2026-4187 A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4188 A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of th... | 8.8 | HIGH | β | 0 |
| CVE-2026-4189 A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipula... | 4.7 | MEDIUM | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.