Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-37600 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37601 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37602 SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php. | 2.7 | LOW | β | 0 |
| CVE-2026-37980 A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cros... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-21742 A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 ... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-22154 An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-22155 A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22573 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22574 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-22576 A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all ve... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-22828 A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary ... | 8.1 | HIGH | β | 0 |
| CVE-2026-23708 A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through... | 7.5 | HIGH | β | 0 |
| CVE-2026-25691 A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all vers... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-27316 A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed admi... | 2.7 | LOW | β | 0 |
| CVE-2026-38526 An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.9 | CRITICAL | β | 0 |
| CVE-2026-38527 A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. | 8.5 | HIGH | β | 0 |
| CVE-2026-38530 A Broken Object-Level Authorization (BOLA) in the /Controllers/Lead/LeadController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently ... | 8.1 | HIGH | β | 0 |
| CVE-2026-38532 A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently... | 8.1 | HIGH | β | 0 |
| CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. | N/A | NONE | β | 0 |
| CVE-2026-5713 The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresse... | N/A | NONE | β | 0 |
| CVE-2026-23653 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-23666 Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23670 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-27911 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-27912 Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network. | 8.0 | HIGH | β | 0 |
| CVE-2026-27913 Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | 7.7 | HIGH | β | 0 |
| CVE-2026-32081 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32082 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32083 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32084 Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32087 Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32090 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32091 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-32152 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32153 Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32154 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32155 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32156 Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to execute code locally. | 7.4 | HIGH | β | 0 |
| CVE-2026-32157 Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-32167 Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | 6.7 | MEDIUM | β | 0 |
| CVE-2026-32168 Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32171 Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-25133 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex pa... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-33100 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-33103 Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33827 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | 8.1 | HIGH | β | 0 |
| CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfilt... | 7.5 | HIGH | β | 0 |
| CVE-2026-24893 openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an... | 8.8 | HIGH | β | 0 |
| CVE-2026-6489 A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backgr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6490 A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramete... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.