Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-24746 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Quotes functions of InvoicePlan... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-12063 An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-24885 Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard ... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-47147 Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device to extract the s... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-24819 Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application. | 5.7 | MEDIUM | β | 0 |
| CVE-2025-46305 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-30867 CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a comprom... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-34944 Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, On x86-64 platforms with SSE3 disabled Wasmtime's compilation of the f64x2.splat WebAssembly instruction with Cranel... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-24744 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the Edit Invoices functions of InvoicePl... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-25797 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the ps coders, responsible for writing PostScript files, fails ... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-35241 Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerabi... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-35451 Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock compone... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-70829 An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-24743 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting (XSS) vulnerability occurs in the upload Invoice Logo functions of Inv... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-13821 Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to sanitize sensitive data in WebSocket messages which allows authenticated users to exfiltrate password hashes and MFA ... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-26049 The web management interface of the device renders the passwords in a plaintext input field. The current password is directly visible to anyone with access to the UI, potentially exposing administra... | 5.7 | MEDIUM | β | 0 |
| CVE-2026-5673 A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local atta... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7554 A vulnerability was determined in D-Link M60 up to 1.20B02. Affected by this issue is some unknown functionality of the file /usr/bin/httpd. This manipulation causes weak password recovery. The attack... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-40190 LangSmith Client SDKs provide SDK's for interacting with the LangSmith platform. Prior to 0.5.18, the LangSmith JavaScript/TypeScript SDK (langsmith) contains an incomplete prototype pollution fix in ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5246 A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mg_tls_verify_cert_signature of the file mongoose.c of the component P-384 Public Key Handler. Executing a manip... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7306 A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenA... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7141 A vulnerability was found in vllm up to 0.19.0. The affected element is the function has_mamba_layers of the file vllm/v1/kv_cache_interface.py of the component KV Block Handler. Performing a manipula... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-34867 Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability. | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7292 A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The manipulation leads to improper authorizatio... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6578 A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-4621 Hidden Functionality vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to enable telnet via network. | 5.6 | MEDIUM | β | 0 |
| CVE-2026-4592 A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7113 A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The mani... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-4830 A vulnerability was identified in kalcaddle kodbox 1.64. This issue affects the function Add of the file app/controller/explorer/userShare.class.php of the component Public Share Handler. Such manipul... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7112 A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-33412 Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7020 A security flaw has been discovered in Ollama up to 0.20.2. This affects the function digestToPath of the file x/imagegen/transfer/transfer.go of the component Tensor Model Transfer Handler. The manip... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5245 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the arg... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7669 A vulnerability was detected in sgl-project SGLang up to 0.5.9. Impacted is the function get_tokenizer of the file python/sglang/srt/utils/hf_transformers_utils.py of the component HuggingFace Transfo... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-4349 A vulnerability was determined in Duende IdentityServer4 up to 4.1.2. The affected element is an unknown function of the file /connect/authorize of the component Token Renewal Endpoint. This manipulat... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-40602 The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates instea... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6011 A weakness has been identified in OpenClaw up to 2026.1.26. Affected by this issue is some unknown functionality of the file src/agents/tools/web-fetch.ts of the component assertPublicHostname Handler... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-2711 A vulnerability has been found in zhutoutoutousan worldquant-miner up to 1.0.9. The impacted element is an unknown function of the file worldquant-miner-master/agent-dify-api/core/helper/ssrf_proxy.py... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-35363 A vulnerability in the rm utility of uutils coreutils allows the bypass of safeguard mechanisms intended to protect the current directory. While the utility correctly refuses to delete . or .., it fai... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-24311 The SAP Customer Checkout application exhibits certain design characteristics that involve locally storing operational data using reversible protection mechanisms. Access to this data, combined with u... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-52638 HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-5618 A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results i... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-15551 The response coming from TP-Link Archer MR200 v5.2, C20 v5 and v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly without any check.Β A... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-20801 Cleartext Transmission of Sensitive Information (CWE-319) inΒ a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrationsΒ allows unprivileged users with local network access t... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6878 A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate ... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-6572 A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileUp... | 5.6 | MEDIUM | β | 0 |
| CVE-2024-13785 The The Contact Form, Survey, Quiz & Popup Form Builder β ARForms plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.2. This is due to the so... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-3192 A security vulnerability has been detected in Chia Blockchain 2.1.0. This issue affects the function _authenticate of the file rpc_server_base.py of the component RPC Credential Handler. The manipulat... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7018 A vulnerability was determined in Datavane Datavines up to 13607645e14a4982468cfdbcf75c85cde63bae71. The affected element is an unknown function of the file datavines-core/src/main/java/io/datavines/c... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-23403 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.