Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5692 A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os co... | 7.3 | HIGH | — | 0 |
| CVE-2026-5648 A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of t... | 7.3 | HIGH | — | 0 |
| CVE-2026-5536 A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deseria... | 7.3 | HIGH | — | 0 |
| CVE-2026-4223 A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to... | 7.3 | HIGH | — | 0 |
| CVE-2026-5016 A vulnerability was identified in elecV2 elecV2P up to 3.8.3. This affects the function eAxios of the file /mock of the component URL Handler. Such manipulation of the argument req leads to server-sid... | 7.3 | HIGH | — | 0 |
| CVE-2026-5841 A weakness has been identified in Tenda i3 1.0.0.6(2204). The affected element is the function R7WebsSecurityHandler of the component HTTP Handler. Executing a manipulation can lead to path traversal.... | 7.3 | HIGH | — | 0 |
| CVE-2026-5849 A vulnerability was determined in Tenda i12 1.0.0.11(3862). The impacted element is an unknown function of the component HTTP Handler. Executing a manipulation can lead to path traversal. The attack m... | 7.3 | HIGH | — | 0 |
| CVE-2026-5244 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pub... | 7.3 | HIGH | — | 0 |
| CVE-2026-5970 A vulnerability was detected in FoundationAgents MetaGPT up to 0.8.1. This affects the function check_solution of the component HumanEvalBenchmark/MBPPBenchmark. Performing a manipulation results in c... | 7.3 | HIGH | — | 0 |
| CVE-2026-5971 A flaw has been found in FoundationAgents MetaGPT up to 0.8.1. This vulnerability affects the function ActionNode.xml_fill of the file metagpt/actions/action_node.py of the component XML Handler. Exec... | 7.3 | HIGH | — | 0 |
| CVE-2026-25456 Missing Authorization vulnerability in Aarsiv Groups Automated FedEx live/manual rates with shipping labels a2z-fedex-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.T... | 7.3 | HIGH | — | 0 |
| CVE-2026-6151 A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument... | 7.3 | HIGH | — | 0 |
| CVE-2026-6152 A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2026-6158 A flaw has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setUpgradeUboot of the file upgrade.so. This manipulation of the argument FileName causes os command injection. T... | 7.3 | HIGH | — | 0 |
| CVE-2026-6166 A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipula... | 7.3 | HIGH | — | 0 |
| CVE-2026-4319 A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the arg... | 7.3 | HIGH | — | 0 |
| CVE-2026-0932 Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the serve... | 7.3 | HIGH | — | 0 |
| CVE-2026-4953 A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4959 A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function check_user of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Perfor... | 7.3 | HIGH | — | 0 |
| CVE-2026-4850 A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2026-6189 A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argum... | 7.3 | HIGH | — | 0 |
| CVE-2026-6126 A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing... | 7.3 | HIGH | — | 0 |
| CVE-2025-32355 Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request ... | 7.3 | HIGH | — | 0 |
| CVE-2026-6224 A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javasc... | 7.3 | HIGH | — | 0 |
| CVE-2026-6187 A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-5002 A vulnerability has been found in PromtEngineer localGPT up to 4d41c7d1713b16b216d8e062e51a5dd88b20b054. The impacted element is the function _route_using_overviews of the file backend/server.py of th... | 7.3 | HIGH | — | 0 |
| CVE-2026-3872 A flaw was found in Keycloak. This issue allows an attacker, who controls another path on the same web server, to bypass the allowed path in redirect Uniform Resource Identifiers (URIs) that use a wil... | 7.3 | HIGH | — | 0 |
| CVE-2026-6183 A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of... | 7.3 | HIGH | — | 0 |
| CVE-2026-6182 A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of ... | 7.3 | HIGH | — | 0 |
| CVE-2026-6490 A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramete... | 7.3 | HIGH | — | 0 |
| CVE-2026-21629 The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | 7.3 | HIGH | — | 0 |
| CVE-2026-4499 A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launc... | 7.3 | HIGH | — | 0 |
| CVE-2026-5346 A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2026-28754 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Distribution Lists report. | 7.3 | HIGH | — | 0 |
| CVE-2026-6594 A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly con... | 7.3 | HIGH | — | 0 |
| CVE-2026-28756 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Permissions based on Distribution Groups report. | 7.3 | HIGH | — | 0 |
| CVE-2026-3879 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Equipment Mailbox Details report. | 7.3 | HIGH | — | 0 |
| CVE-2026-23772 Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially ex... | 7.3 | HIGH | — | 0 |
| CVE-2026-22767 Dell AppSync, version(s) 4.6.0, contain(s) an UNIX Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to... | 7.3 | HIGH | — | 0 |
| CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. | 7.3 | HIGH | — | 0 |
| CVE-2026-28703 Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Mails Exchanged Between Users report. | 7.3 | HIGH | — | 0 |
| CVE-2026-4844 A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2026-35637 OpenClaw before 2026.3.22 performs cite expansion before completing channel and DM authorization checks, allowing cite work and content handling prior to final auth decisions. Attackers can exploit th... | 7.3 | HIGH | — | 0 |
| CVE-2026-22768 Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabil... | 7.3 | HIGH | — | 0 |
| CVE-2026-5035 A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_... | 7.3 | HIGH | — | 0 |
| CVE-2026-6193 A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql in... | 7.3 | HIGH | — | 0 |
| CVE-2026-36948 Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. | 7.3 | HIGH | — | 0 |
| CVE-2026-4842 A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Param... | 7.3 | HIGH | — | 0 |
| CVE-2026-5034 A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation ... | 7.3 | HIGH | — | 0 |
| CVE-2026-35489 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from requ... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.