Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5597 A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument f... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5601 A vulnerability was found in Acrel Electrical Prepaid Cloud Platform 1.0. This issue affects some unknown processing of the file /bin.rar of the component Backup File Handler. The manipulation results... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5616 A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/mod... | 7.3 | HIGH | β | 0 |
| CVE-2026-5619 A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipul... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5620 A vulnerability has been found in itsourcecode Construction Management System 1.0. Affected is an unknown function of the file /borrowed_equip_report.php of the component Parameter Handler. The manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5621 A vulnerability was found in ChrisChinchilla Vale-MCP up to 0.1.0. Affected by this vulnerability is an unknown functionality of the file src/index.ts of the component HTTP Interface. The manipulation... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5622 A vulnerability was determined in hcengineering Huly Platform 0.7.382. Affected by this issue is some unknown functionality of the file foundations/core/packages/token/src/token.ts of the component JW... | 3.7 | LOW | β | 0 |
| CVE-2026-5623 A vulnerability was identified in hcengineering Huly Platform 0.7.382. This affects an unknown part of the file server/front/src/index.ts of the component Import Endpoint. Such manipulation leads to s... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5624 A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5647 A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argume... | 2.4 | LOW | β | 0 |
| CVE-2026-5648 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of t... | 7.3 | HIGH | β | 0 |
| CVE-2026-5649 A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5650 A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in i... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-30078 OpenAirInterface V2.2.0 AMF crashes when it receives an NGAP message with invalid procedure code or invalid PDU-type. For example when the message specification requires InitiatingMessage but sent wit... | 7.5 | HIGH | β | 0 |
| CVE-2026-5659 A vulnerability was found in pytries datrie up to 0.8.3. The affected element is the function Trie.load/Trie.read/Trie.__setstate__ of the file src/datrie.pyx of the component trie File Handler. The m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5660 A vulnerability was determined in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /borrowed_equip.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-21376 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | β | 0 |
| CVE-2026-21378 Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | 7.8 | HIGH | β | 0 |
| CVE-2026-33405 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders d... | 3.1 | LOW | β | 0 |
| CVE-2026-31350 An authenticated stored cross-site scripting (XSS) vulnerability in Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Page Sign parame... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35030 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC userinfo cache uses token[:2... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-35039 fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can l... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-5668 A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipul... | 2.4 | LOW | β | 0 |
| CVE-2026-35029 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, the /config/update endpoint does not enforce admin role authorization. A user who is already auth... | 8.8 | HIGH | β | 0 |
| CVE-2026-35045 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authentica... | 8.1 | HIGH | β | 0 |
| CVE-2026-35050 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-35164 Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController... | 8.8 | HIGH | β | 0 |
| CVE-2026-35166 Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-35209 defu is software that allows uers to assign default properties recursively. Prior to version 6.1.5, applications that pass unsanitized user input (e.g. parsed JSON request bodies, database records, or... | 7.5 | HIGH | β | 0 |
| CVE-2026-35470 OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Inject... | 8.8 | HIGH | β | 0 |
| CVE-2026-5672 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5675 A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowed_tool.php of the component Parameter Handler. The manipulation of the ar... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-35175 Ajenti is a Linux and BSD modular server admin panel. Prior to 2.2.15, an authenticated user (using the auth_users plugin authentication method) could install a custom package even if this user is not... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-35172 Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor... | 7.5 | HIGH | β | 0 |
| CVE-2026-35179 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the SocialMediaPublisher plugin exposes a publishInstagram.json.php endpoint that acts as an unauthenticated proxy to the Face... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-35180 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the site customization endpoint at admin/customize_settings_nativeUpdate.json.php lacks CSRF token validation and writes uploa... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-35178 Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains remote code execution vulnerab... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-35201 Discount is an implementation of John Gruber's Markdown markup language in C. From 1.3.1.1 to before 2.2.7.4, a signed length truncation bug causes an out-of-bounds read in the default Markdown parse ... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-5679 A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argume... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5681 A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5682 A vulnerability has been found in Meesho Online Shopping App up to 27.3 on Android. Affected is an unknown function of the file /api/endpoint of the component com.meesho.supply. Such manipulation lead... | 3.7 | LOW | β | 0 |
| CVE-2026-35459 pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, pyLoad has a server-side request forgery (SSRF) vulnerability. The fix for CVE-2026-33992 added IP va... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-35410 Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed func... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-5685 A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer ov... | 8.8 | HIGH | β | 0 |
| CVE-2026-5686 A security flaw has been discovered in Tenda CX12L 16.03.53.12. This vulnerability affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page results i... | 8.8 | HIGH | β | 0 |
| CVE-2026-5687 A weakness has been identified in Tenda CX12L 16.03.53.12. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. This manipulation of the argument page causes stac... | 8.8 | HIGH | β | 0 |
| CVE-2026-5688 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Impacted is the function setDdnsCfg of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument provider le... | 7.3 | HIGH | β | 0 |
| CVE-2026-5689 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. The affected element is the function setNtpCfg of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument tz res... | 7.3 | HIGH | β | 0 |
| CVE-2026-5690 A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. The impacted element is the function setRemoteCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of the argument enable can ... | 7.3 | HIGH | β | 0 |
| CVE-2025-65115 Remote Code Execution VulnerabilityΒ in JP1/IT Desktop Management 2 - Manager on Windows, JP1/IT Desktop Management 2 - Operations Director on Windows, Job Management Partner 1/IT Desktop Management 2 ... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.