Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected ap... | 3.3 | LOW | — | 0 |
| CVE-2025-43238 An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system te... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-3880 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report. | 7.3 | HIGH | — | 0 |
| CVE-2026-4107 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report. | 7.3 | HIGH | — | 0 |
| CVE-2026-4108 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Non-Owner Mailbox Permission report. | 7.3 | HIGH | — | 0 |
| CVE-2026-27655 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions Based on Mailboxes report. | 7.3 | HIGH | — | 0 |
| CVE-2026-2272 A flaw was found in GIMP. An integer overflow vulnerability exists when processing ICO image files, specifically in the `ico_read_info` and `ico_read_icon` functions. This issue arises because a size ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-34835 Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Request parses the Host header using an AUTHORITY regular expression that acce... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-34726 Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the cur... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-34730 Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _external_data feature allows a template to load YAML files using template-controlled paths. If untru... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 7.3 | HIGH | — | 0 |
| CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 7.3 | HIGH | — | 0 |
| CVE-2026-32186 Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | — | 0 |
| CVE-2026-4949 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22744 In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} ... | 7.5 | HIGH | — | 0 |
| CVE-2026-41030 In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-41034 ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass. | 5.0 | MEDIUM | — | 0 |
| CVE-2026-23772 Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially ex... | 7.3 | HIGH | — | 0 |
| CVE-2026-31843 The goodoneuz/pay-uz Laravel package (<= 2.2.24) contains a critical vulnerability in the /payment/api/editable/update endpoint that allows unauthenticated attackers to overwrite existing PHP payment ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29140 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signa... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5785 Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module. | 8.1 | HIGH | — | 0 |
| CVE-2026-6270 @fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent sc... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-6410 @fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-30459 An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-ma... | 7.1 | HIGH | — | 0 |
| CVE-2026-30656 A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the in... | 7.5 | HIGH | — | 0 |
| CVE-2026-37345 SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-37346 SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-29142 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | 5.3 | MEDIUM | — | 0 |
| CVE-2023-20585 Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in ... | N/A | NONE | — | 0 |
| CVE-2025-43935 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerab... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-43937 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit thi... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-54510 A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potent... | N/A | NONE | — | 0 |
| CVE-2026-40249 free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/poli... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6576 A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Inte... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-41113 sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. | 8.1 | HIGH | — | 0 |
| CVE-2026-6581 A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument pa... | 8.8 | HIGH | — | 0 |
| CVE-2026-6582 A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector D... | 7.3 | HIGH | — | 0 |
| CVE-2026-6583 A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key M... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-40263 Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediatel... | 3.7 | LOW | — | 0 |
| CVE-2026-40265 Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware, ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-4525 If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin back... | 7.5 | HIGH | — | 0 |
| CVE-2026-5052 Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially lead... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6482 The Rapid7 Insight Agent (versions > 4.1.0.2) is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. Upon startup the agent service atte... | N/A | NONE | — | 0 |
| CVE-2026-35153 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizati... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-5131 GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker to... | N/A | NONE | — | 0 |
| CVE-2025-46605 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote acc... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-46606 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability. ... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-46607 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with re... | 6.6 | MEDIUM | — | 0 |
| CVE-2025-46641 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with re... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-23777 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.