Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-69893 A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 h... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-26175 Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-20945 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-27659 Mattermost versions 11.2.x <= 11.2.2, 10.11.x <= 10.11.10, 11.4.x <= 11.4.0, 11.3.x <= 11.3.1 fail to properly validate CSRF tokens in the /api/v4/access_control_policies/{policy_id}/activate endpoint... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-5476 A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation ... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-39417 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of ... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-6060 A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31066 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the selDateType parameter of the formTaskEdit function. This vulnerability allows attackers to cause a Denial o... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-34384 Admidio is an open-source user management solution. Prior to version 5.0.8, the create_user, assign_member, and assign_user action modes in modules/registration.php approve pending user registrations ... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31063 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the pools parameter of the formArpBindConfig function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31058 UTT Aggressive HiPER 1200GW v2.5.3-170306 was discovered to contain a buffer overflow in the timeRangeName parameter of the formConfigDnsFilterGlobal function. This vulnerability allows attackers to c... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-6058 ** UNSUPPORTED WHEN ASSIGNED ** An improper encoding or escaping vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version V1.00(ABDV.3)C0 could allow an adjacent attacker on the WLAN to c... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31060 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of S... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31061 UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the timestart parameter of the ConfigAdvideo function. This vulnerability allows attackers to cause a Denial of... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-5473 A vulnerability has been found in NASA cFS up to 7.0.0. The impacted element is the function pickle.load of the component Pickle Module. Such manipulation leads to deserialization. The attack needs to... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31065 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-31062 UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial ... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-24511 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 andΒ versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. AΒ high privilege... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-32220 Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-5169 The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input ... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-36187 IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileg... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-28265 PowerStore, contains a Path Traversal vulnerability in the Service user. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-34450 The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-3995 The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitiz... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-3574 The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'H... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-6439 The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen... | 4.4 | MEDIUM | β | 0 |
| CVE-2025-43935 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerab... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-25645 Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system te... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-40025 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bou... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-27906 Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-6712 The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-40026 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk ima... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-34224 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication pro... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-5383 An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated C... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-39864 Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers t... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-34726 Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's _subdirectory setting is documented as the subdirectory to use as the template root. However, the cur... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-41330 OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass secu... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-35206 Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's co... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-3551 The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insuffici... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-2838 The Whole Enquiry Cart for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βwoowhole_success_msgβ parameter in all versions up to, and including, 1.2.1 due to ins... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-4479 The WholeSale Products Dynamic Pricing Management WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2 due to insu... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-6032 A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20446 In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has physical access to the device, with User execution privi... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5705 A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5900 Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | β | 0 |
| CVE-2026-21783 HCL Traveler is affected by sensitive information disclosure.Β The application generates some error messages that provide detailed information about errors and failures, such as internal paths, file n... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5624 A security flaw has been discovered in ProjectSend r2002. This vulnerability affects unknown code of the file upload.php. Performing a manipulation results in cross-site request forgery. The attack ma... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5572 A security flaw has been discovered in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack can b... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5529 A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipula... | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.