Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-67115 A path traversal vulnerability in /ftl/web/setup.cgi in Small Cell Sercomm SCE4255W (FreedomFi Englewood) firmware before DG3934v3@2308041842 allows remote authenticated users to read arbitrary files ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-2399 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-33853 NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33854 Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 8.8 | HIGH | β | 0 |
| CVE-2026-33855 Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-4753 Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72. | 9.1 | CRITICAL | β | 0 |
| CVE-2026-40947 Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path. | 2.9 | LOW | β | 0 |
| CVE-2026-4880 The Barcode Scanner (+Mobile App) β Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5363 Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation.Β The web interface encrypts the admin password client-side using RS... | N/A | NONE | β | 0 |
| CVE-2026-39846 SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is tha... | 9.0 | CRITICAL | β | 0 |
| CVE-2026-34853 Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.7 | HIGH | β | 0 |
| CVE-2026-34856 UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
| CVE-2026-34860 Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 4.1 | MEDIUM | β | 0 |
| CVE-2026-22615 Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-3551 The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insuffici... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-3581 The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is au... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33852 Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 7.5 | HIGH | β | 0 |
| CVE-2026-4754 CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-4755 CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6319 Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted ... | 7.5 | HIGH | β | 0 |
| CVE-2026-25400 Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0. | 8.8 | HIGH | β | 0 |
| CVE-2026-25429 Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25397 Path Traversal: '.../...//' vulnerability in Snowray Software File Uploader for WooCommerce file-uploader-for-woocommerce allows Path Traversal.This issue affects File Uploader for WooCommerce: from n... | 7.5 | HIGH | β | 0 |
| CVE-2026-25398 Missing Authorization vulnerability in Webilia Inc. Vertex Addons for Elementor addons-for-elementor-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25396 Missing Authorization vulnerability in CoderPress Commerce Coinbase For WooCommerce commerce-coinbase-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue... | 7.5 | HIGH | β | 0 |
| CVE-2026-27076 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes LuxeDrive luxedrive allows PHP Local File Inclusion.This issue af... | 8.1 | HIGH | β | 0 |
| CVE-2026-27071 Missing Authorization vulnerability in Arraytics WPCafe wp-cafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through <= 3.0.7. | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27073 Use of Hard-coded Credentials vulnerability in Addi Addi – Cuotas que se adaptan a ti buy-now-pay-later-addi allows Password Recovery Exploitation.This issue affects Addi – Cuotas que se a... | 7.5 | HIGH | β | 0 |
| CVE-2026-27075 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Belfort belfort allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-27077 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes MultiOffice multioffice allows PHP Local File Inclusion.This issu... | 8.1 | HIGH | β | 0 |
| CVE-2026-27079 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Amfissa amfissa allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | β | 0 |
| CVE-2026-27084 Deserialization of Untrusted Data vulnerability in ThemeREX Buisson buisson allows Object Injection.This issue affects Buisson: from n/a through <= 1.1.11. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-29092 Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-2745 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass We... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-31913 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Whitebox-Studio Scape scape allows Path Traversal.This issue affects Scape: from n/a through < 1.5.16. | 8.6 | HIGH | β | 0 |
| CVE-2026-32502 Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2414 Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22739 Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible t... | 8.6 | HIGH | β | 0 |
| CVE-2025-5804 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User case-theme-user allows PHP Local File Inclusion.Thi... | 7.5 | HIGH | β | 0 |
| CVE-2026-33092 Local privilege escalation due to improper handling of environment variables. The following products are affected: Acronis True Image OEM (macOS) before build 42571, Acronis True Image (macOS) before ... | N/A | NONE | β | 0 |
| CVE-2026-29510 Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device N... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-29513 Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device L... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-29520 Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-39528 Missing Authorization vulnerability in WP Delicious WP Delicious delicious-recipes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delicious: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39543 Missing Authorization vulnerability in Themefic Tourfic tourfic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tourfic: from n/a through <= 2.21.4. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39615 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shahjada Download Manager download-manager allows Stored XSS.This issue affects Download Manager: ... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-52222 D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20... | 7.5 | HIGH | β | 0 |
| CVE-2025-52221 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the formSetCfm function via the funcname, funcpara1, and funcpara2 parameters. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-29002 CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation reques... | 7.2 | HIGH | β | 0 |
| CVE-2026-34727 Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the OIDC callback handler issues a full JWT token without checking whether the matched user has TOTP two-factor authenti... | 7.4 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.