Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-66286 An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-39440 Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-4402 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2026-5300 Unauthenticated functionality in CoolerControl/coolercontrold <4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests | 5.9 | MEDIUM | β | 0 |
| CVE-2026-33654 nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, u... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33879 Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login pag... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33881 Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals withou... | 7.2 | HIGH | β | 0 |
| CVE-2026-33882 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the markdown preview endpoint could be manipulated to return augmented data from arbitrary f... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33883 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the `user:reset_password_form` tag could render user-input directly into HTML without escapi... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33884 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated Control Panel user with access to live preview could use a live preview tok... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33885 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, the external URL detection used for redirect validation on unauthenticated endpoints could b... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33886 Statamic is a Laravel and Git powered content management system (CMS). Starting in version 5.7.12 and prior to versions 5.73.16 and 6.7.2, a control panel user with access to Antlers-enabled fields co... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33887 Statamic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, authenticated Control Panel users could view entry revisions for any collection with revisio... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33891 Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, a Denial of Service (DoS) vulnerability exists in the node-forge library ... | 7.5 | HIGH | β | 0 |
| CVE-2026-35398 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically thr... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58713 A container privilege escalation flaw was found in certain Red Hat Process Automation Manager images. This issue stems from the /etc/passwd file being created with group-writable permissions during bu... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htm... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-25231 HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-25233 WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV c... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25234 SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can past... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25235 NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25653 Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can ... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25654 Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a mal... | 7.5 | HIGH | β | 0 |
| CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection d... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-30305 Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular e... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30306 In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by th... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30308 In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30313 DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25227 Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-5032 The W3 Total Cache plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 2.9.3. This is due to the plugin bypassing its entire output buffering and processin... | 7.5 | HIGH | β | 0 |
| CVE-2026-25742 Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable_... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35169 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From to before 27.0.3 and 28.0.1, the he... | 8.7 | HIGH | β | 0 |
| CVE-2017-20227 JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boun... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25044 Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is ... | 8.8 | HIGH | β | 0 |
| CVE-2026-31818 Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-35214 Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() withou... | 8.7 | HIGH | β | 0 |
| CVE-2026-35216 Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that conta... | 9.0 | CRITICAL | β | 0 |
| CVE-2026-35218 Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive wi... | 8.7 | HIGH | β | 0 |
| CVE-2025-47374 Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-47389 Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | 7.8 | HIGH | β | 0 |
| CVE-2025-47390 Memory corruption while preprocessing IOCTL request in JPEG driver. | 7.8 | HIGH | β | 0 |
| CVE-2025-47391 Memory corruption while processing a frame request from user. | 7.8 | HIGH | β | 0 |
| CVE-2025-47392 Memory corruption when decoding corrupted satellite data files with invalid signature offsets. | 8.8 | HIGH | β | 0 |
| CVE-2025-47400 Cryptographic issue while copying data to a destination buffer without validating its size. | 7.1 | HIGH | β | 0 |
| CVE-2026-21367 Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | 7.6 | HIGH | β | 0 |
| CVE-2026-21371 Memory Corruption when retrieving output buffer with insufficient size validation. | 7.8 | HIGH | β | 0 |
| CVE-2026-21373 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | β | 0 |
| CVE-2026-21374 Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | 7.8 | HIGH | β | 0 |
| CVE-2026-21375 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.