Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-71008 A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a cr... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-71009 An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-1589 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch cause... | 7.3 | HIGH | — | 0 |
| CVE-2026-1590 A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql... | 7.3 | HIGH | — | 0 |
| CVE-2026-1593 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipul... | 7.3 | HIGH | — | 0 |
| CVE-2026-1594 A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2025-13905 CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installat... | N/A | NONE | — | 0 |
| CVE-2025-71011 An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-0936 An Insertion of Sensitive Information into Log File vulnerability in B&R PVI client versions prior to 6.5 may be abused by an authenticated local attacker to gather credential information which is pro... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-63652 A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server... | 7.5 | HIGH | — | 0 |
| CVE-2026-1595 A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results ... | 7.3 | HIGH | — | 0 |
| CVE-2026-1596 A flaw has been found in D-Link DWR-M961 1.1.47. This vulnerability affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes com... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-45160 A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-24780 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platfor... | 8.8 | HIGH | — | 0 |
| CVE-2026-1453 A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1601 A weakness has been identified in Totolink A7000R 4.1cu.4154. The impacted element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument FileName... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-47399 Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | 7.8 | HIGH | — | 0 |
| CVE-2025-63653 An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the s... | 7.5 | HIGH | — | 0 |
| CVE-2025-63655 A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63656 An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the ser... | 7.5 | HIGH | — | 0 |
| CVE-2025-63657 An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the ... | 7.5 | HIGH | — | 0 |
| CVE-2025-63658 A stack overflow in the mk_http_index_lookup function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the serve... | 7.5 | HIGH | — | 0 |
| CVE-2025-69516 A Server-Side Template Injection (SSTI) vulnerability in the /reporting/templates/preview/ endpoint of Amidaware Tactical RMM, affecting versions equal to or earlier than v1.3.1, allows low-privileged... | 8.8 | HIGH | — | 0 |
| CVE-2025-69604 An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and F... | 7.8 | HIGH | — | 0 |
| CVE-2026-22806 vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to versions 4.6.0, 4.5.4, 4.4.2, and 4.3.10, when an access key is created wit... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25068 alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplg_decode_control_mixer1() function rea... | N/A | NONE | — | 0 |
| CVE-2026-1623 A weakness has been identified in Totolink A7000R 4.1cu.4154. Impacted is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument FileName causes command injectio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-25046 Kimi Agent SDK is a set of libraries that expose the Kimi Code (Kimi CLI) agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to execSync() as shell command s... | 2.9 | LOW | — | 0 |
| CVE-2026-25117 pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to ... | N/A | NONE | — | 0 |
| CVE-2026-1637 A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer ove... | 8.8 | HIGH | — | 0 |
| CVE-2026-1665 A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment va... | N/A | NONE | — | 0 |
| CVE-2026-24714 Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box. | N/A | NONE | — | 0 |
| CVE-2026-24728 A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrat... | N/A | NONE | — | 0 |
| CVE-2026-24729 An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system comm... | N/A | NONE | — | 0 |
| CVE-2026-25090 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25091 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25092 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25093 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25094 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25095 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25096 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-25097 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-12899 A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory read and creates a potential info... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25211 Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. | 3.2 | LOW | — | 0 |
| CVE-2025-1395 Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects Hey... | 8.2 | HIGH | — | 0 |
| CVE-2025-26385 Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability co... | N/A | NONE | — | 0 |
| CVE-2025-13176 Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | N/A | NONE | — | 0 |
| CVE-2026-1498 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed a... | N/A | NONE | — | 0 |
| CVE-2025-9226 Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details. | 4.6 | MEDIUM | — | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.