Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-1246 The ShortPixel Image Optimizer plugin for WordPress is vulnerable to Arbitrary File Read via path traversal in the 'loadFile' parameter in all versions up to, and including, 6.4.2 due to insufficient ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-47205 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-23797 In Quick.Cart user passwords are stored in plaintext form. An attacker with high privileges can display users' password in user editing page. The vendor was notified early about this vulnerability, b... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-66274 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-1258 The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and in... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54161 An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnera... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-1921 The Loco Translate plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.8.2 via the `fsReference` AJAX route. This is due to the `findSourceFile()` method norma... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54162 A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54163 A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-57710 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerab... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-57711 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerab... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-20148 A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit t... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-58466 A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnera... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-58471 An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerab... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-58472 A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch a denial-of-s... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-59386 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabilit... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-36348 IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22549 A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.Β Note: Software versions which have reached End of Technical Support (EoTS)... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-8781 The Bookster β WordPress Appointment Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the βrawβ parameter in all versions up to, and including, 2.1.1 due to insufficient escaping... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22821 mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25964 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allo... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-15329 Tanium addressed an information disclosure vulnerability in Threat Response. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25511 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigg... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-13681 The BFG Tools β Extension Zipper plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0.7. This is due to insufficient input validation on the user-supplied `fi... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-54155 An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains an administrator account, they can then exploit the vulnera... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-20693 This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete p... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34304 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-39345 OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-29092 Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-35238 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-29098 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the `action_exportCustom` function in `modules/ModuleBuild... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-35235 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attac... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-32947 Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. In versions 2.15.1 and below, a DNS over HTTPS (DoH) vulnerability allows attackers to bypass egress-policy: ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-32879 New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Starting in version 0.10.0, a logic flaw in the universal secure verification flow allows an au... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34608 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the hook_work_cb() function processes nng messages by parsing the message ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-35239 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerabili... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22005 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-30889 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts th... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34278 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privilege... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22004 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-30873 OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to both 24.10.6 and 25.12.1, the jp_get_token function, which performs lexical analysis by breaking input expr... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25525 Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-34267 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45. Easily exploitable vulnerability allows high privilege... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-28823 A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files. | 4.9 | MEDIUM | β | 0 |
| CVE-2026-35237 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22002 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-21998 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-35240 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-6948 Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server v... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-4853 The JetBackup β Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insuffic... | 4.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.