Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-37343 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php. | 7.2 | HIGH | β | 0 |
| CVE-2026-37344 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php. | 7.2 | HIGH | β | 0 |
| CVE-2026-37100 An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio range... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-5426 Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remote... | 7.5 | HIGH | β | 0 |
| CVE-2026-41080 libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. | 2.9 | LOW | β | 0 |
| CVE-2026-4541 A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulati... | 2.5 | LOW | β | 0 |
| CVE-2026-4581 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2026-23100 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One fu... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23110 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23113 In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop Currently this is checked before running the pending work. Normally this... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23155 In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix error message Sinc commit 79a6d1bfe114 ("can: gs_usb: gs_usb_receive_bulk_callbac... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23302 In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk->sk_{data_ready,write_space} skmsg (and probably other layers) are changing these pointers whil... | N/A | NONE | β | 0 |
| CVE-2026-23293 In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is neve... | N/A | NONE | β | 0 |
| CVE-2026-23296 In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid h... | N/A | NONE | β | 0 |
| CVE-2026-23298 In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to... | N/A | NONE | β | 0 |
| CVE-2026-23300 In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loop... | N/A | NONE | β | 0 |
| CVE-2026-23303 In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the ke... | N/A | NONE | β | 0 |
| CVE-2026-23304 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() l3mdev_master_dev_rcu() can return NULL when the slave device is being un-sla... | N/A | NONE | β | 0 |
| CVE-2026-23312 In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number and... | N/A | NONE | β | 0 |
| CVE-2026-23391 In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_CT: drop pending enqueued packets on template removal Templates refer to objects that can go away while packets are ... | 7.8 | HIGH | β | 0 |
| CVE-2026-23403 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23405 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31400 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_r... | N/A | NONE | β | 0 |
| CVE-2026-31403 In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init... | N/A | NONE | β | 0 |
| CVE-2026-31405 In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tab... | N/A | NONE | β | 0 |
| CVE-2026-31408 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold sco_recv_frame() reads conn->sk under sco_conn_loc... | N/A | NONE | β | 0 |
| CVE-2026-31416 In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for th... | N/A | NONE | β | 0 |
| CVE-2026-31417 In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` al... | N/A | NONE | β | 0 |
| CVE-2026-31418 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops th... | N/A | NONE | β | 0 |
| CVE-2026-31421 In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dere... | N/A | NONE | β | 0 |
| CVE-2026-31422 In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle to... | N/A | NONE | β | 0 |
| CVE-2026-6611 A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation... | 3.1 | LOW | β | 0 |
| CVE-2025-13480 Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive informat... | N/A | NONE | β | 0 |
| CVE-2026-31429 In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 val... | N/A | NONE | β | 0 |
| CVE-2026-31430 In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty ... | N/A | NONE | β | 0 |
| CVE-2026-6654 Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | 5.1 | MEDIUM | β | 0 |
| CVE-2025-32453 Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated u... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-32739 Improper conditions check in some firmware for some Intel(R) Graphics Drivers and Intel LTS kernels within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an... | 2.8 | LOW | β | 0 |
| CVE-2026-0995 An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME. | 3.6 | LOW | β | 0 |
| CVE-2026-21853 AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedd... | 8.8 | HIGH | β | 0 |
| CVE-2026-28428 Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perf... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28429 Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement... | 7.5 | HIGH | β | 0 |
| CVE-2026-33691 The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS tha... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-6056 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-41242 protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32105 xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classic... | N/A | NONE | β | 0 |
| CVE-2026-32107 xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management co... | 8.8 | HIGH | β | 0 |
| CVE-2026-32324 Anviz CX7 FirmwareΒ isΒ vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at sc... | 7.7 | HIGH | β | 0 |
| CVE-2026-32623 xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in the NeutrinoRDP module. When proxying RDP sessions from xrdp to another server, the mod... | N/A | NONE | β | 0 |
| CVE-2026-32624 xrdp is an open source RDP server. Versions through 0.10.5 contain a heap-based buffer overflow vulnerability in its logon processing. In environments where domain_user_separator is configured in xrdp... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.