Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32457 Missing Authorization vulnerability in Wombat Plugins Advanced Product Fields (Product Addons) for WooCommerce advanced-product-fields-for-woocommerce allows Exploiting Incorrectly Configured Access C... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32453 Missing Authorization vulnerability in ThemeFusion Avada Core fusion-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Avada Core: from n/a through < 5.15... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32452 Missing Authorization vulnerability in ThemeFusion Fusion Builder fusion-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fusion Builder: from n/a thr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32432 Missing Authorization vulnerability in codepeople WP Time Slots Booking Form wp-time-slots-booking-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Ti... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25527 changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("st... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32428 Missing Authorization vulnerability in Ays Pro Popup Like box ays-facebook-popup-likebox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Like box: from... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32425 Missing Authorization vulnerability in linknacional Payment Gateway Pix For GiveWP payment-gateway-pix-for-givewp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue aff... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32363 Missing Authorization vulnerability in Funlus Oy WPLifeCycle free-php-version-info allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPLifeCycle: from n/a thro... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32362 Missing Authorization vulnerability in activity-log.com WP Sessions Time Monitoring Full Automatic activitytime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-41168 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-refe... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39585 Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32329 Missing Authorization vulnerability in Ays Pro Advanced Related Posts advanced-related-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Related... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33254 An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tab... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-31915 Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through <= 3.19.6. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2888 The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the `frm_strp_amount` AJAX han... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25325 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Dat... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1944 The CallbackKiller service widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cbk_save() function in all versions up to, and includ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1314 The 3D FlipBook β PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the send_post_pages_j... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-27631 Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulne... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-6792 The One to one user Chat by WPGuppy plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/guppylite/v2/channel-authorize rest endpoint in ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39605 Missing Authorization vulnerability in Obadiah Super Custom Login super-custom-login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Custom Login: from... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39609 Missing Authorization vulnerability in Wava.co Wava Payment wava-payment allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wava Payment: from n/a through <= 0.... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13973 The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a pred... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39612 Missing Authorization vulnerability in kutethemes KuteShop kuteshop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KuteShop: from n/a through <= 4.2.9. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1920 The Booking Calendar for Appointments and Service Businesses β Booktics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'Extension_Cont... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-7423 Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39616 Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32404 Missing Authorization vulnerability in Studio99 Studio99 WP Monitor studio99-wp-monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Studio99 WP Monitor: ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39624 Missing Authorization vulnerability in kutethemes Biolife biolife allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Biolife: from n/a through <= 3.2.3. | 5.3 | MEDIUM | β | 0 |
| CVE-2023-38265 IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could disclose folder location information to an unauthenticated attacker that could aid in further attacks against the system. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39626 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32438 Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-27899 IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2126 The User Submitted Posts β Enable Users to Submit Posts from the Front End plugin for WordPress is vulnerable to Incorrect Authorization in all versions up to, and including, 20260113. This is due to ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39628 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <=... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1919 The Booking Calendar for Appointments and Service Businesses β Booktics plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple REST API endpoin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3719 A vulnerability was identified in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This issue affects some unknown processing of the file /System/Cms/downLoad. The manipulation of the a... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1722 The WCFM Marketplace β Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is due to the pl... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4015 A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-26745 OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it is... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-4532 A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the comp... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-41301 OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature valid... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3783 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-39586 Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a throug... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5527 A weakness has been identified in Tenda 4G03 Pro 1.0/1.0re/01.bin/04.03.01.53. Affected by this issue is some unknown functionality of the file /etc/www/pem/server.key of the component ECDSA P-256 Pri... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-5549 A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Priv... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-32636 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-21286 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3581 The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is au... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.