Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6762 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6799 A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component En... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4781 A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-35588 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, the Cassandra export module (`glances/exports/glances_cassandra/__init__.py`) interpolates `keyspace`, `table`,... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0964 A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or confi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4999 A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the compone... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4970 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argum... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2169 A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command in... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1812 A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Fi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2168 A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2135 A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames r... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6829 nesquena hermes-webui contains a trust-boundary failure vulnerability that allows authenticated attackers to set or change a session workspace to an arbitrary existing directory on disk by manipulatin... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4614 A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2122 A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5184 A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads to command in... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4476 A vulnerability was found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manip... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1898 A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper a... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7305 A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4966 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID ca... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34323 Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-31014 Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent pr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3955 A security vulnerability has been detected in elecV2P up to 3.8.3. Affected by this issue is the function runJSFile of the file source-code/elecV2P-master/webser/wbjs.js of the component jsfile Endpoi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3977 A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-31370 Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4171 A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/m... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4013 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper autho... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4964 A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the compo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6362 Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: Hi... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13686 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27837 Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3a... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13327 A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that e... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-11950 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affect... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4548 A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28361 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3484 A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-29786 node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target suc... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3738 A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to imprope... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28689 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, domain="path" authorization is checked before final file open/u... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2435 Tanium addressed a SQL injection vulnerability in Asset. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32128 FastGPT is an AI Agent building platform. In 4.14.7 and earlier, FastGPT's Python Sandbox (fastgpt-sandbox) includes guardrails intended to prevent file writes (static detection + seccomp). These guar... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4836 A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id re... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3965 A security vulnerability has been detected in whyour qinglong up to 2.20.1. Affected is an unknown function of the file back/loaders/express.ts of the component API Interface. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3992 A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of the arg... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4039 A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-24125 Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and delete content documents using relative file paths (relativePath, newRelativePath) via GraphQL... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13913 A privileged Ignition user, intentionally or otherwise, imports an external file with a specially crafted payload, which executes embedded malicious code. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32745 In JetBrains Datalore before 2026.1 session hijacking was possible due to missing secure attribute for cookie settings | 6.3 | MEDIUM | β | 0 |
| CVE-2025-25277 in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted s... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4197 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4215 A security flaw has been discovered in FlowCI flow-core-x up to 1.23.01. The impacted element is the function Save of the file core/src/main/java/com/flowci/core/config/service/ConfigServiceImpl.java ... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.