Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32448 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Teubert Podlove Podcast Publisher podlove-podcasting-plugin-for-wordpress allows Stored XSS.T... | 6.5 | MEDIUM | โ | 0 |
| CVE-2024-56208 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in desertthemes NewsMash newsmash allows Stored XSS.This issue affects NewsMash: from n/a through <= ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-27069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Soledad soledad allows DOM-Based XSS.This issue affects Soledad: from n/a through <= 8... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32541 Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premme... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32443 Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooComm... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39488 Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32424 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Stored XSS.This issue affects Sprout Clients: from n... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-2668 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted qu... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36001 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL state... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36009 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36070 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tab... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36423 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36366 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger a... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36387 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-36407 IBMยฎ Db2ยฎ is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-71242 SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32411 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simpma Embed Calendly embed-calendly-scheduling allows Stored XSS.This issue affects Embed Calendl... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32403 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in toocheke Toocheke Companion toocheke-companion allows DOM-Based XSS.This issue affects Toocheke Co... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-0683 The SupportCandy โ Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. Th... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-40924 Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Prior to 1.11.1, the HTTP resolver's FetchHttpResource function calls io.ReadAll(resp.Body) with no response ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2021-47921 Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can ex... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32361 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketing Fire Editorial Calendar editorial-calendar allows DOM-Based XSS.This issue affects Edito... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-34306 Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability all... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32359 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins Icon List Block icon-list-block allows Stored XSS.This issue affects Icon List Block: fro... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-1461 The Simple Membership plugin for WordPress is vulnerable to Improper Handling of Missing Values in all versions up to, and including, 4.7.0 via the Stripe webhook handler. This is due to the plugin on... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-32356 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robosoft Robo Gallery robo-gallery allows DOM-Based XSS.This issue affects Robo Gallery: from n/a ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2022-50980 A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-41312 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-20419 In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution pri... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-20420 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-20421 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-20422 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-25463 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpEstate Wpresidence Core wpresidence-core allows Stored XSS.This issue affects Wpresidence Core: ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-25453 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mdempfle Advanced iFrame advanced-iframe allows DOM-Based XSS.This issue affects Advanced iFrame: ... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-42412 Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from n/a through 4.3.1. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-25372 Missing Authorization vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.5.3... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-25368 Missing Authorization vulnerability in codepeople Calculated Fields Form calculated-fields-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Calculated Fi... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24958 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetElements For Elementor jet-elements allows DOM-Based XSS.This issue affects JetEleme... | 6.5 | MEDIUM | โ | 0 |
| CVE-2019-25436 Sricam DeviceViewer 3.12.0.1 contains a password change security bypass vulnerability that allows authenticated users to change passwords without proper validation of the old password field. Attackers... | 6.5 | MEDIUM | โ | 0 |
| CVE-2020-37115 GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive info... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-67969 Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.T... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-67189 A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates m... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24666 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Cross-Site Request Forgery (CSRF) vulnerability in multiple teacher-restricted... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24668 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add conte... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-24670 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create ne... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39633 Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Car Rental grandcarrental allows Cross Site Request Forgery.This issue affects Grand Car Rental: from n/a through <= 3.6.9. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39639 Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Co... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39641 Cross-Site Request Forgery (CSRF) vulnerability in Skywarrior Blackfyre blackfyre allows Cross Site Request Forgery.This issue affects Blackfyre: from n/a through <= 2.5.4. | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-0665 An off-by-one error was found in QEMU's KVM Xen guest support. A malicious guest could use this flaw to trigger out-of-bounds heap accesses in the QEMU process via the emulated Xen physdev hypercall i... | 6.5 | MEDIUM | โ | 0 |
| CVE-2026-39651 Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a th... | 6.5 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.