Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-2985 A security flaw has been discovered in Tiandy Video Surveillance System θ§ι’ηζ§εΉ³ε° 7.17.0. This impacts the function downloadImage of the file /com/tiandy/easy7/core/bo/CLSBODownLoad.java. Performing a ma... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3795 A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path tra... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2954 A vulnerability was found in Dromara UJCMS 10.0.2. Impacted is the function importChanel of the file /api/backend/ext/import-data/import-channel of the component ImportDataController. Performing a man... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2945 A weakness has been identified in JeecgBoot 3.9.0. Affected by this vulnerability is an unknown functionality of the file /sys/common/uploadImgByHttp. Executing a manipulation of the argument fileUrl ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7102 A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comma... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7264 A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function get_cart_items of the file /admin/ajax.php?action=get_cart_items. Executing a manipulation of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4826 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7118 A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argum... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4825 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32010 OpenClaw versions prior to 2026.2.22 contain an allowlist bypass vulnerability in the safe-bin configuration when sort is manually added to tools.exec.safeBins. Attackers can invoke sort with the --co... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2665 A vulnerability was detected in huanzi-qch base-admin up to 57a8126bb3353a004f3c7722089e3b926ea83596. Impacted is the function Upload of the file SysFileController.java of the component JSP Parser. Pe... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-20162 In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.9, and Splunk Cloud Platform versions below 10.2.2510.4, 10.1.2507.15, 10.0.2503.11, and 9.3.2411.123, a low-privileged user who does... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4554 A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7093 A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7045 A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessor#doDetermineDatasource of the file dynamic-datasource-sprin... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7044 A vulnerability was found in GreenCMS up to 2.3. Affected is the function themeadd of the file /index.php?m=admin&c=custom&a=themeadd. The manipulation results in unrestricted upload. The attack can b... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6994 A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/header_mutation/header_mutation.cc of the component Query Parameter... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6982 A vulnerability was determined in star7th ShowDoc up to 2.10.10/3.6.2/3.8.0. Affected by this vulnerability is an unknown functionality of the file server/Application/Api/Controller/PageController.cla... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33455 Livestatus injection in the monitoring quicksearch in Checkmk <2.5.0b4 allows an authenticated attacker to inject livestatus commands via the search query due to insufficient input sanitization in sea... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5681 A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7290 A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7268 A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argume... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7265 A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is the function Category of the file pizza/index.php?page=category. The manipulation of ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4597 A security flaw has been discovered in 648540858 wvp-GB28181-pro up to 2.7.4. Impacted is the function selectAll of the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyPro... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7150 A vulnerability was found in dh1011 auto-favicon up to f189116a9259950c2393f114dbcb94dde0ad864b. This issue affects the function generate_favicon_from_url of the file src/auto_favicon/server.py of the... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7148 A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack c... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27605 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files (project l... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-29786 node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target suc... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13687 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13688 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-11950 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KNOWHY Advanced Technology Trading Ltd. Co. EduAsist allows Reflected XSS.This issue affect... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13327 A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that e... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1200 A flaw was found in the rgaufman/live555 fork of live555. A remote attacker could exploit a segmentation fault, in the `increaseBufferTo` function. This vulnerability can lead to memory corruption pro... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2435 Tanium addressed a SQL injection vulnerability in Asset. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-22268 Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulne... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3263 A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the com... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3484 A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28509 LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBotβs web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerabi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28361 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the MCP token service did not validate token ownership, allowing a Creator within the same base to read, regenerate... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27127 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMSβs GraphQL Asset mutation performs DNS resolution separa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27113 Liquid Prompt is an adaptive prompt for Bash and Zsh. Starting in commit cf3441250bb5d8b45f6f8b389fcdf427a99ac28a and prior to commit a4f6b8d8c90b3eaa33d13dfd1093062ab9c4b30c on the master branch, arb... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13686 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27837 Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3a... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5317 A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be per... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2009 A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead t... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-2008 A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Perfo... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1977 A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component vi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1813 A vulnerability was found in bolo-blog bolo-solo up to 2.6.4. Affected is an unknown function of the file src/main/java/org/b3log/solo/bolo/pic/PicUploadProcessor.java of the component FreeMarker Temp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7447 A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/len... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7445 A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP L... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.