Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-40176 Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs shel... | 7.8 | HIGH | β | 0 |
| CVE-2026-40186 ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-40500 ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arbi... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-6388 A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace bounda... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-40026 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk ima... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-33780 A Missing Release of Memory after Effective Lifetime vulnerability in theΒ Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-67992 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean PatioTime patiotime allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2025-67993 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-67995 Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through < 2.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67996 Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through < 1.2.6. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67997 Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through < 1.6.7. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-67998 Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a ... | 8.8 | HIGH | β | 0 |
| CVE-2025-68002 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 100plugins Open User Map open-user-map allows Path Traversal.This issue affects Open User Map: from n/a ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33781 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated,... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33782 A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Justicia justicia allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2025-69406 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX FreightCo freightco allows PHP Local File Inclusion.This issue affects... | 8.1 | HIGH | β | 0 |
| CVE-2025-69407 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Struktur struktur allows PHP Local File Inclusion.This issue affe... | 8.1 | HIGH | β | 0 |
| CVE-2025-69408 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issu... | 8.1 | HIGH | β | 0 |
| CVE-2025-68024 Missing Authorization vulnerability in Addonify Addonify β WooCommerce Wishlist addonify-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Addonify β ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-69409 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.Th... | 8.1 | HIGH | β | 0 |
| CVE-2025-69410 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Edge-Themes Belletrist belletrist allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2026-33779 An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to c... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68026 Missing Authorization vulnerability in Niaj Morshed LC Wizard ghl-wizard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LC Wizard: from n/a through <= 2.1.1... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22412 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Eona eona allows PHP Local File Inclusion.This issue affects Eona... | 8.1 | HIGH | β | 0 |
| CVE-2026-22356 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue a... | 7.5 | HIGH | β | 0 |
| CVE-2025-68031 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in faraz sms Ψ§ΩΨ²ΩΩΩ ΩΎΫΨ§Ω Ϊ© ΨΨ±ΩΩ Ψ§Ϋ ΩΨ±Ψ§Ψ² Ψ§Ψ³ Ψ§Ω Ψ§Ψ³ farazsms allows Reflected XSS.This issue affects Ψ§ΩΨ²Ω... | 7.1 | HIGH | β | 0 |
| CVE-2026-22361 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes A-Mart a-mart allows PHP Local File Inclusion.This issue affects A-... | 8.1 | HIGH | β | 0 |
| CVE-2025-68037 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Me... | 7.1 | HIGH | β | 0 |
| CVE-2025-68042 Missing Authorization vulnerability in Travelpayouts Travelpayouts travelpayouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travelpayouts: from n/a thro... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68043 Missing Authorization vulnerability in LottieFiles LottieFiles lottiefiles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LottieFiles: from n/a through <= 3... | 7.3 | HIGH | β | 0 |
| CVE-2025-68048 Missing Authorization vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite... | 7.5 | HIGH | β | 0 |
| CVE-2025-68050 Missing Authorization vulnerability in Leadpages Leadpages leadpages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leadpages: from n/a through <= 1.1.3. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68051 Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket... | 7.5 | HIGH | β | 0 |
| CVE-2025-68495 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a throug... | 7.1 | HIGH | β | 0 |
| CVE-2026-22362 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Photolia photolia allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2025-68501 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This i... | 7.1 | HIGH | β | 0 |
| CVE-2025-68514 Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68526 Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1. | 8.8 | HIGH | β | 0 |
| CVE-2026-22363 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Rhodos rhodos allows PHP Local File Inclusion.This issue affects Rh... | 8.1 | HIGH | β | 0 |
| CVE-2026-22413 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MalgrΓ© malgre allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | β | 0 |
| CVE-2026-22364 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes SevenTrees seventrees allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2025-68531 Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons f... | 8.8 | HIGH | β | 0 |
| CVE-2025-68536 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Zota zota allows PHP Local File Inclusion.This issue affects Zota: from... | 8.1 | HIGH | β | 0 |
| CVE-2025-68539 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Fana fana allows PHP Local File Inclusion.This issue affects Fana: from... | 8.1 | HIGH | β | 0 |
| CVE-2025-68541 Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through <= 1.2.0. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-68542 Missing Authorization vulnerability in vgdevsolutions Checkout Gateway for IRIS checkout-gateway-iris allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkou... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68543 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in thembay Diza diza allows PHP Local File Inclusion.This issue affects Diza: from... | 8.1 | HIGH | β | 0 |
| CVE-2025-68549 Unrestricted Upload of File with Dangerous Type vulnerability in zozothemes Wiguard wiguard allows Upload a Web Shell to a Web Server.This issue affects Wiguard: from n/a through < 2.0.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.