Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-24882 In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys. | 8.4 | HIGH | β | 0 |
| CVE-2026-24883 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). | 3.7 | LOW | β | 0 |
| CVE-2025-12810 Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change pa... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24472 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper hand... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24473 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information disclo... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24771 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of the... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-21589 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1504 Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1513 billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-24736 Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as actions within the R... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24741 ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to construct a filesystem path and deletes it via `unli... | 8.1 | HIGH | β | 0 |
| CVE-2026-24747 PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file (`.... | 8.8 | HIGH | β | 0 |
| CVE-2026-24770 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to o... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-24778 Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that, when accessed by an authentic... | 8.8 | HIGH | β | 0 |
| CVE-2026-24784 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-24779 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within the vL... | 7.1 | HIGH | β | 0 |
| CVE-2026-24909 vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-24910 In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for file, link, git, or github). | 5.9 | MEDIUM | β | 0 |
| CVE-2025-54373 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed t... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-67645 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authentic... | 8.8 | HIGH | β | 0 |
| CVE-2026-23830 SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandb... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-24833 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its descript... | 7.6 | HIGH | β | 0 |
| CVE-2026-24836 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write... | 7.6 | HIGH | β | 0 |
| CVE-2026-24837 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name... | 7.6 | HIGH | β | 0 |
| CVE-2026-21569 This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with a... | N/A | NONE | β | 0 |
| CVE-2026-24838 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24839 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting headers. This a... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-24840 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line ... | 8.0 | HIGH | β | 0 |
| CVE-2026-24841 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-termina... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24842 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation... | 8.2 | HIGH | β | 0 |
| CVE-2026-24850 The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24852 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer over-read when the ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1505 A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os command injecti... | 7.2 | HIGH | β | 0 |
| CVE-2026-1506 A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument mac ... | 7.2 | HIGH | β | 0 |
| CVE-2026-1514 Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official docu... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24859 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24860 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24861 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24862 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24863 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24864 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24865 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24866 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-24867 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-13471 The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for example to enable Use... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14610 The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not restricting which URLs can be... | 7.2 | HIGH | β | 0 |
| CVE-2025-8072 The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βplaceholder_imgβ parameter in all versions up to, and including, 3.8.8 due to insufficient inpu... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-15511 The Rupantorpay plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_webhook() function in all versions up to, and including, 2.0.0. ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1083 The Appointment Hour Booking β Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including, 1.5.60 d... | 4.4 | MEDIUM | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.