Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6156 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setIpQosRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipula... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-6157 A vulnerability was detected in Totolink A800R 4.1.2cu.5137_B20200730. This impacts the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. The manipulation of the argument apcliS... | 8.8 | HIGH | β | 0 |
| CVE-2026-40880 ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and zebra-consensus version 5.0.2, a logic error in Zebra's transaction verification cache could allow a malicious miner t... | 8.1 | HIGH | β | 0 |
| CVE-2018-25262 Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25265 LanSpy 2.0.1.159 contains a local buffer overflow vulnerability in the scan section that allows local attackers to execute arbitrary code by exploiting structured exception handling mechanisms. Attack... | 8.4 | HIGH | β | 0 |
| CVE-2018-25266 Angry IP Scanner 3.5.3 contains a buffer overflow vulnerability in the preferences dialog that allows local attackers to crash the application by supplying an excessively large string. Attackers can g... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25268 LanSpy 2.0.1.159 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by supplying oversized input to the scan field. Attackers can craft a payload... | 8.4 | HIGH | β | 0 |
| CVE-2018-25270 ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can cr... | 9.8 | CRITICAL | β | 0 |
| CVE-2018-25271 Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attacker... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1352 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow anΒ authenticated user to cause a denial of service due to improper neutra... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-41322 @astrojs/node allows Astro to deploy your SSR site to Node targets. Prior to 10.0.5, requesting a static js/css resources from _astro path with an incorrect/malformed if-match header returns a 500 err... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-41676 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out leng... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-41680 Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab,... | 7.5 | HIGH | β | 0 |
| CVE-2026-41326 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile... | N/A | NONE | β | 0 |
| CVE-2026-41419 4ga Boards is a boards system for realtime project management. Prior to 3.3.5, a path traversal vulnerability allows an authenticated user with board import privileges to make the server ingest arbitr... | 7.6 | HIGH | β | 0 |
| CVE-2026-41894 SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, the fix for CVE-2026-30869 only added a denylist check (IsSensitivePath) but did not address the root cause β a redundant... | N/A | NONE | β | 0 |
| CVE-2026-41907 uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This all... | N/A | NONE | β | 0 |
| CVE-2026-41244 Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 int... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-41429 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS ... | 8.8 | HIGH | β | 0 |
| CVE-2026-41433 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From 0.4.0 to before 0.8.0, a flaw in the Java agent injection path allows a local attacker contro... | 8.4 | HIGH | β | 0 |
| CVE-2026-6966 Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold r... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6967 Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TUF... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-6968 Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute ... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-41473 CyberPanel versions prior toΒ 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the dat... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-41488 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) val... | 3.1 | LOW | β | 0 |
| CVE-2026-42171 NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTem... | 7.8 | HIGH | β | 0 |
| CVE-2026-31673 In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock Exact UNIX diag lookups hold a reference to the socket, but not to u->path.... | 7.8 | HIGH | β | 0 |
| CVE-2026-31675 In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet corruption In netem_enqueue(), the packet corruption logic uses get_rando... | 7.8 | HIGH | β | 0 |
| CVE-2026-31676 In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC_... | 7.5 | HIGH | β | 0 |
| CVE-2026-31678 In the Linux kernel, the following vulnerability has been resolved: openvswitch: defer tunnel netdev_put to RCU release ovs_netdev_tunnel_destroy() may run after NETDEV_UNREGISTER already detached t... | 7.8 | HIGH | β | 0 |
| CVE-2026-31680 In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until RCU teardown `ip6fl_seq_show()` walks the global flowlabel hash under the ... | 7.8 | HIGH | β | 0 |
| CVE-2026-31682 In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: linearize skb before parsing ND options br_nd_send() parses neighbour discovery options from ns->opt[] and ass... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-31684 In the Linux kernel, the following vulnerability has been resolved: net: sched: act_csum: validate nested VLAN headers tcf_csum_act() walks nested VLAN headers directly from skb->data when an skb st... | N/A | NONE | β | 0 |
| CVE-2026-31685 In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_eui64: reject invalid MAC header for all packets `eui64_mt6()` derives a modified EUI-64 from the Ethernet source ... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-6982 A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cla... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6985 A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6992 A vulnerability was identified in Linksys MR9600 2.0.6.206937. This affects the function BTRequestGetSmartConnectStatus of the file /etc/init.d/run_central2.sh of the component JNAP Action Handler. Th... | 7.2 | HIGH | β | 0 |
| CVE-2026-6993 A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6994 A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-42254 Hickory DNS hickory-recursor 0.1 through 0.25.2 allows cross-zone poisoning because cached data is not directly associated with a query that triggered a response. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-42255 Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. | 7.2 | HIGH | β | 0 |
| CVE-2026-7026 A vulnerability was determined in D-Link DGS-3420 1.50.018. This issue affects some unknown processing of the component System Information Settings Page. This manipulation of the argument System Name ... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-7027 A vulnerability was identified in D-Link DSL-2740R EU_01.15. Impacted is an unknown function of the component Wireless Setup Section. Such manipulation of the argument Wireless Network Name leads to c... | 2.4 | LOW | β | 0 |
| CVE-2026-7033 A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menufa... | 8.8 | HIGH | β | 0 |
| CVE-2026-7034 A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2026-7037 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulati... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7038 A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently... | 3.3 | LOW | β | 0 |
| CVE-2018-25263 Faleemi Desktop Software 1.8.2 contains a local buffer overflow vulnerability in the Device alias field that allows local attackers to trigger a structured exception handler (SEH) overwrite. Attackers... | 8.4 | HIGH | β | 0 |
| CVE-2018-25264 TransMac 12.2 contains a buffer overflow vulnerability in the license key input field that allows local attackers to crash the application by submitting an oversized string. Attackers can generate a p... | 6.2 | MEDIUM | β | 0 |
| CVE-2018-25273 CrossFont 7.5 contains a buffer overflow vulnerability that allows local attackers to crash the application by submitting an oversized payload in the License Key field. Attackers can generate a malici... | 6.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.