Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-10878 A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unau... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-62601 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, m... | 7.5 | HIGH | β | 0 |
| CVE-2025-62602 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, m... | 7.5 | HIGH | β | 0 |
| CVE-2025-62603 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that car... | 7.5 | HIGH | β | 0 |
| CVE-2025-62799 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-64098 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, m... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-64438 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory... | 7.5 | HIGH | β | 0 |
| CVE-2026-1803 A weakness has been identified in Ziroom ZHOME A0101 1.0.1.0. Impacted is an unknown function of the component Dropbear SSH Service. This manipulation causes use of default credentials. Remote exploit... | 8.1 | HIGH | β | 0 |
| CVE-2026-1846 Rejected reason: loading template... | N/A | NONE | β | 0 |
| CVE-2026-24149 NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may ... | 7.8 | HIGH | β | 0 |
| CVE-2026-24434 Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24441 Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-25614 Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680. | 7.5 | HIGH | β | 0 |
| CVE-2026-25615 Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668. | 7.2 | HIGH | β | 0 |
| CVE-2026-25616 Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665. | 4.7 | MEDIUM | β | 0 |
| CVE-2025-65077 A relative path traversal vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code... | N/A | NONE | β | 0 |
| CVE-2025-65078 An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2025-65079 A heap-based buffer overflow vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as... | N/A | NONE | β | 0 |
| CVE-2025-65080 A type confusion vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivil... | N/A | NONE | β | 0 |
| CVE-2025-65081 An out-of-bounds read vulnerability has been identified in the Postscript interpreter in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code as an unp... | N/A | NONE | β | 0 |
| CVE-2020-37067 Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT command with 11,008 by... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1861 Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-1862 Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-24052 Claude Code is an agentic coding tool. Prior to version 1.0.111, Claude Code contained insufficient URL validation in its trusted domain verification mechanism for WebFetch requests. The application u... | 7.4 | HIGH | β | 0 |
| CVE-2026-24053 Claude Code is an agentic coding tool. Prior to version 2.0.74, due to a Bash command validation flaw in parsing ZSH clobber syntax, it was possible to bypass directory restrictions and write files ou... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24887 Claude Code is an agentic coding tool. Prior to version 2.0.72, due to an error in command parsing, it was possible to bypass the Claude Code confirmation prompt to trigger execution of untrusted comm... | 8.8 | HIGH | β | 0 |
| CVE-2019-25260 OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerabi... | 8.2 | HIGH | β | 0 |
| CVE-2026-35635 OpenClaw before 2026.3.22 contains a webhook path route replacement vulnerability in the Synology Chat extension that allows attackers to collapse multi-account configurations onto shared webhook path... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit th... | 7.3 | HIGH | β | 0 |
| CVE-2026-35638 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verific... | 8.8 | HIGH | β | 0 |
| CVE-2026-35639 OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the device.pair.approve method that allows an operator.pairing approver to approve pending device requests with broader opera... | 8.8 | HIGH | β | 0 |
| CVE-2026-5054 NoMachine External Control of File Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker m... | N/A | NONE | β | 0 |
| CVE-2026-5055 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attack... | N/A | NONE | β | 0 |
| CVE-2026-34630 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2026-27295 Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... | 7.8 | HIGH | β | 0 |
| CVE-2026-27296 Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. E... | 7.8 | HIGH | β | 0 |
| CVE-2026-27297 Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. E... | 7.8 | HIGH | β | 0 |
| CVE-2026-27298 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context... | 7.8 | HIGH | β | 0 |
| CVE-2026-27299 Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27300 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to discl... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-27301 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5588 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules), Legion of the Bouncy Castle Inc. BCPKIX-FIPS bcpkix on All (pki... | N/A | NONE | β | 0 |
| CVE-2024-53412 Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads... | 8.4 | HIGH | β | 0 |
| CVE-2026-30364 CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function. | 7.5 | HIGH | β | 0 |
| CVE-2025-15610 Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4. | N/A | NONE | β | 0 |
| CVE-2025-15635 Cross-Site Request Forgery (CSRF) vulnerability in ZAYTECH Smart Online Order for Clover clover-online-orders allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15636 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emarket-design YouTube Showcase youtube-showcase allows Stored XSS.This issue affects YouTube Show... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-63029 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace wc-multivendor-marketplace allows SQL Injection.This issue affects WCFM... | 7.6 | HIGH | β | 0 |
| CVE-2026-30995 Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint. | 8.6 | HIGH | β | 0 |
| CVE-2026-6370 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for ... | 5.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.