Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2019-25502 Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Att... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20022 A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpec... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20023 A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacen... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27982 An open redirect vulnerability exists in django-allauth versions prior to 65.14.1 when SAML IdP initiated SSO is enabled (it is disabled by default), which may allow an attacker to redirect users to a... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-26195 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handli... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-28348 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the _has_sneaky_javascript() method strips backslashes before checking for dangero... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-28350 lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.4, the <base> tag passes through the default Cleaner configuration. While page_struct... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25406 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25407 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attac... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-31809 SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) checks href attributes for the javascript: prefix using strings.HasPrefix(). However, inserting ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-31807 SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer (SanitizeSVG) blocks dangerous elements (<script>, <iframe>, <foreignobject>) and removes on* event handlers a... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25408 Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attacker... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69606 Cross-Site Scripting (XSS) vulnerability was discovered in the GSVoIP web panel version 2.0.90. The `msg` parameter in the `/painel/gateways.php/error` endpoint does not properly sanitize user-supplie... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-40638 A reflected Cross-Site Scripting (XSS) vulnerability has been found in Eventobot. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malici... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33812 Parsing a malicious font file can cause excessive memory allocation. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20044 A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerab... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20017 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-68649 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all ... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20136 A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges t... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-22003 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; O... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-49784 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20063 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20016 A vulnerability in the Cisco FXOS Software CLI feature for Cisco Secure Firewall ASA Software and Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the ... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-35247 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20008 A vulnerability in a small subset of CLI commands that are used on Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow ... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-22615 Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious code... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-20982 Path traversal in ShortcutService prior to SMR Feb-2026 Release 1 allows privileged local attacker to create file with system privilege. | 6.0 | MEDIUM | β | 0 |
| CVE-2025-48508 Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or res... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-36238 IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information f... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-27243 Out-of-bounds write in the firmware for some Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with ... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-27560 Loop with unreachable exit condition ('infinite loop') for some Intel(R) Platform within Ring 0: Kernel may allow a denial of service. System software adversary with a privileged user combined with a ... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-46310 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system fi... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-24851 Uncaught exception in the firmware for some 100GbE Intel(R) Ethernet Controller E810 before version cvl fw 1.7.8.x within Ring 0: Bare Metal OS may allow a denial of service. System software adversary... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-24919 Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.0 | MEDIUM | β | 0 |
| CVE-2026-39810 A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump. | 6.0 | MEDIUM | β | 0 |
| CVE-2025-12624 Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usabl... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-61624 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions,... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-5525 A stack-based buffer overflow vulnerability exists in Notepad++ version 8.9.3 in the file drop handler component. When a user drags and drops a directory path of exactly 259 characters without a trail... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-34765 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open() with a ... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-40091 SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-32037 OpenClaw versions prior to 2026.2.22 fail to consistently validate redirect chains against configured mediaAllowHosts allowlists during MSTeams media downloads. Attackers can supply or influence attac... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-39670 Server-Side Request Forgery (SSRF) vulnerability in Brecht Visual Link Preview visual-link-preview allows Server Side Request Forgery.This issue affects Visual Link Preview: from n/a through <= 2.3.0. | 6.0 | MEDIUM | β | 0 |
| CVE-2026-35572 ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SSRF) by supplying a crafted URL in the Referer requ... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-31997 OpenClaw versions prior to 2026.3.1 fail to pin executable identity for non-path-like argv[0] tokens in system.run approvals, allowing post-approval executable rebind attacks. Attackers can modify PAT... | 6.0 | MEDIUM | β | 0 |
| CVE-2026-30850 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.9 and 9.5.0-alpha.9, the file metadata endpoint (GET /files/:appId/metadat... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-33610 A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-3579 wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operan... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-32035 OpenClaw versions prior to 2026.3.2 fail to pass the senderIsOwner flag when processing Discord voice transcripts in agentCommand, causing the flag to default to true. Non-owner voice participants can... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-28044 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Media WP Rocket allows Stored XSS.This issue affects WP Rocket: from n/a through 3.19.4. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-28546 Buffer overflow vulnerability in the scanning module.Β Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.