Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-21248 Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally. | 7.3 | HIGH | β | 0 |
| CVE-2026-2165 A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Exec... | 7.3 | HIGH | β | 0 |
| CVE-2026-2171 A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2026-2184 A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php... | 7.3 | HIGH | β | 0 |
| CVE-2026-2225 A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2025-10463 Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026.Β NOTE: Becaus... | 7.3 | HIGH | β | 0 |
| CVE-2026-2684 A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. ... | 7.3 | HIGH | β | 0 |
| CVE-2026-25926 Notepad++ is a free and open-source source code editor. An Unsafe Search Path vulnerability (CWE-426) exists in versions prior to 8.9.2 when launching Windows Explorer without an absolute executable p... | 7.3 | HIGH | β | 0 |
| CVE-2026-2691 A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argume... | 7.3 | HIGH | β | 0 |
| CVE-2026-2690 A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. Thi... | 7.3 | HIGH | β | 0 |
| CVE-2026-2689 A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql inje... | 7.3 | HIGH | β | 0 |
| CVE-2026-2668 A vulnerability was found in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This affects an unknown function of the file /dm/dispatch/user/add of the component User Handle... | 7.3 | HIGH | β | 0 |
| CVE-2026-2059 A vulnerability has been found in SourceCodester Medical Center Portal Management System 1.0. Affected is an unknown function of the file /emp_edit1.php. Such manipulation of the argument ID leads to ... | 7.3 | HIGH | β | 0 |
| CVE-2026-2058 A flaw has been found in mathurvishal CloudClassroom-PHP-Project up to 5dadec098bfbbf3300d60c3494db3fb95b66e7be. This impacts an unknown function of the file /postquerypublic.php of the component Post... | 7.3 | HIGH | β | 0 |
| CVE-2026-2057 A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sq... | 7.3 | HIGH | β | 0 |
| CVE-2026-2018 A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injectio... | 7.3 | HIGH | β | 0 |
| CVE-2025-9062 Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection.This issue affects Envanty: before 1.0.6.Β Β NOTE:... | 7.3 | HIGH | β | 0 |
| CVE-2026-2014 A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument I... | 7.3 | HIGH | β | 0 |
| CVE-2026-2013 A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql in... | 7.3 | HIGH | β | 0 |
| CVE-2026-2012 A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2026-2011 A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument I... | 7.3 | HIGH | β | 0 |
| CVE-2025-40905 WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. | 7.3 | HIGH | β | 0 |
| CVE-2025-33042 Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: ... | 7.3 | HIGH | β | 0 |
| CVE-2026-24925 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
| CVE-2026-0508 The SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker with high privileges to insert malicious URL within the application. Upon successful exploitation, the victim ma... | 7.3 | HIGH | β | 0 |
| CVE-2026-25076 Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQ... | 7.3 | HIGH | β | 0 |
| CVE-2026-32663 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predic... | 7.3 | HIGH | β | 0 |
| CVE-2026-5824 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to s... | 7.3 | HIGH | β | 0 |
| CVE-2026-5837 A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The atta... | 7.3 | HIGH | β | 0 |
| CVE-2026-5814 A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the a... | 7.3 | HIGH | β | 0 |
| CVE-2026-4287 A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpo... | 7.3 | HIGH | β | 0 |
| CVE-2026-5813 A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid c... | 7.3 | HIGH | β | 0 |
| CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql inj... | 7.3 | HIGH | β | 0 |
| CVE-2026-41342 OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Atta... | 7.3 | HIGH | β | 0 |
| CVE-2026-5842 A security vulnerability has been detected in decolua 9router up to 0.3.47. The impacted element is an unknown function of the file /api of the component Administrative API Endpoint. The manipulation ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5961 A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument pos... | 7.3 | HIGH | β | 0 |
| CVE-2026-5985 A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument user_Id results... | 7.3 | HIGH | β | 0 |
| CVE-2026-41355 OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute a... | 7.3 | HIGH | β | 0 |
| CVE-2026-5334 A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This m... | 7.3 | HIGH | β | 0 |
| CVE-2026-3794 A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authe... | 7.3 | HIGH | β | 0 |
| CVE-2026-6004 A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument cat_id results... | 7.3 | HIGH | β | 0 |
| CVE-2026-5805 A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name c... | 7.3 | HIGH | β | 0 |
| CVE-2026-3980 A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_i... | 7.3 | HIGH | β | 0 |
| CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID resul... | 7.3 | HIGH | β | 0 |
| CVE-2026-4014 A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulati... | 7.3 | HIGH | β | 0 |
| CVE-2026-3759 A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads... | 7.3 | HIGH | β | 0 |
| CVE-2026-3818 A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injec... | 7.3 | HIGH | β | 0 |
| CVE-2026-4528 A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component ... | 7.3 | HIGH | β | 0 |
| CVE-2026-6031 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category lead... | 7.3 | HIGH | β | 0 |
| CVE-2026-4536 A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may b... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.