Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-3751 A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3750 A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3Clien... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2081 A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2082 A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injec... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3956 A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weima... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3957 A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/mo... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-33682 Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6984 A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manip... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6983 A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url l... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6978 A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sql... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-6561 A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4471 A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin_edit_employee.php. Executing a manipulation of the argumen... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23167 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nci_unregister_device(). syzbot reported the splat below [0] without a repro. It indicates ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5404 K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5148 A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3201 USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2162 A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. T... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-26079 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled. | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2063 A security flaw has been discovered in D-Link DIR-823X 250416. This vulnerability affects unknown code of the file /goform/set_ac_server of the component Web Management Interface. The manipulation of ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7673 A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of th... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23153 In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix race condition against transaction list The list of transaction is enumerated without acquiring card lock when... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-52206 ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. | 4.7 | MEDIUM | β | 0 |
| CVE-2026-22269 Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remot... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1277 The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.12.1 due to insufficient validation on the 'redirect_to' parameter in the promotional dismi... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7578 A weakness has been identified in MacCMS Pro up to 2022.1.3. This vulnerability affects the function install of the file /admi.php/admin/addon/add.html of the component Plugin Installation Handler. Ex... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3202 NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7293 A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argume... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-33311 DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied optio... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23342 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix race in cpumap on PREEMPT_RT On PREEMPT_RT kernels, the per-CPU xdp_bulk_queue (bq) can be accessed concurrently by multi... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-40223 In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User=<unset> unit exists and is running. | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4591 A weakness has been identified in kalcaddle kodbox 1.64. This affects the function checkBin of the file /workspace/source-code/plugins/fileThumb/app.php of the component fileThumb Endpoint. Executing ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4253 A security flaw has been discovered in Tenda AC8 16.03.50.11. This affects the function route_set_user_policy_rule of the file /cgi-bin/UploadCfg of the component Web Interface. The manipulation of th... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4467 A vulnerability was found in Comfast CF-AC100 2.6.0.8. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=wireless_device_dissoc. The manipulation results in command ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-25392 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs β Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows P... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-32932 Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrat... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3580 In wolfSSL 5.8.4, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-c... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-5469 A weakness has been identified in Casdoor 2.356.0. This vulnerability affects unknown code of the component Webhook URL Handler. Executing a manipulation can lead to server-side request forgery. The a... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-35404 Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() wit... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3798 A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component Request Path Handler. Th... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7238 A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrest... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-34562 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-3774 The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redactio... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-66286 An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-39417 MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of ... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-31620 In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-30613 An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attac... | 4.6 | MEDIUM | β | 0 |
| CVE-2025-60948 Census CSWeb 8.0.1 allows stored cross-site scripting in user supplied fields. A remote, authenticated attacker could store malicious javascript that executes in a victim's browser. Fixed in 8.1.0 alp... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-32040 OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values i... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-1527 ImpactWhen an application passes user-controlled input to theΒ upgradeΒ option ofΒ client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate th... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-32953 Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) ... | 4.6 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.