Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-59308 In Mahara before 24.04.10 and 25 before 25.04.1, an institution administrator or institution support administrator on a multi-tenanted site can masquerade as an institution member in an institution fo... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4470 A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_edit_menu.php. Performing a m... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-39484 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost hide-my-wp allows Phishing.This issue affects Hide My WP Ghost: from n/a through < 7.0.00. | 4.7 | MEDIUM | β | 0 |
| CVE-2025-52643 HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential security r... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2213 A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of t... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4466 A vulnerability has been found in Comfast CF-AC100 2.6.0.8. This affects an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone. The manipulation leads to command injecti... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4469 A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_edit_menu_action.php. Such m... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4468 A vulnerability was determined in Comfast CF-AC100 2.6.0.8. Affected is an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=update_interface_png. This manipulation causes command i... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7083 A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5987 A security vulnerability has been detected in Sanluan PublicCMS up to 6.202506.d. This affects the function AbstractFreemarkerView.doRender of the file publiccms-parent/publiccms-core/src/main/java/co... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23348 In the Linux kernel, the following vulnerability has been resolved: cxl: Fix race of nvdimm_bus object when creating nvdimm objects Found issue during running of cxl-translate.sh unit test. Adding a... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-21359 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-34298 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnera... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5576 A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipu... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-31535 In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5339 A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function action_set_net_settings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5338 A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function action_set_system_settings of the file system.lua of the component Setting Handler. Such manipula... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-62320 HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML co... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-32723 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.35, SandboxJS timers have an execution-quota bypass. A global tick state (`currentTicks.current`) is shared between sandboxes. Timer string h... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2227 A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3040 A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. Th... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2082 A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injec... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5839 A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescript... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2969 A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Templat... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2163 A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3486 A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lead... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5838 A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername cau... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3750 A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3Clien... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3751 A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3752 A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3487 A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument cours... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3957 A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/mo... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3956 A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weima... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2081 A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3662 A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command i... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2537 A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. S... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5417 A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6561 A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1277 The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismi... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2134 A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7612 A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql in... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4564 A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulati... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-21517 Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally. | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2162 A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. T... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5404 K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7697 A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4189 A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipula... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4284 A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-mod... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-35359 A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link u... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7409 A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql injecti... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.