Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-20667 A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to brea... | 8.8 | HIGH | β | 0 |
| CVE-2020-37032 Wing FTP Server 6.3.8 contains a remote code execution vulnerability in its Lua-based web console that allows authenticated users to execute system commands. Attackers can leverage the console to send... | 8.8 | HIGH | β | 0 |
| CVE-2024-50619 Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access ... | 8.8 | HIGH | β | 0 |
| CVE-2026-25201 An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1. | 8.8 | HIGH | β | 0 |
| CVE-2026-2315 Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security ... | 8.8 | HIGH | β | 0 |
| CVE-2025-69213 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when han... | 8.8 | HIGH | β | 0 |
| CVE-2026-2314 Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-25056 n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or mod... | 8.8 | HIGH | β | 0 |
| CVE-2026-2313 Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-25059 OpenList Frontend is a UI component for OpenList. Prior to 4.1.10, the application contains path traversal vulnerability in multiple file operation handlers in server/handles/fsmanage.go. Filename com... | 8.8 | HIGH | β | 0 |
| CVE-2025-65480 An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading... | 8.8 | HIGH | β | 0 |
| CVE-2026-1637 A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer ove... | 8.8 | HIGH | β | 0 |
| CVE-2024-36324 Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution. | 8.8 | HIGH | β | 0 |
| CVE-2026-25512 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office.... | 8.8 | HIGH | β | 0 |
| CVE-2026-24512 A security issue was discovered in ingress-nginx where the `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the contex... | 8.8 | HIGH | β | 0 |
| CVE-2020-37023 Koken CMS 0.22.24 contains a file upload vulnerability that allows authenticated attackers to bypass file extension restrictions by renaming malicious PHP files. Attackers can upload PHP files with sy... | 8.8 | HIGH | β | 0 |
| CVE-2026-20098 A vulnerability in the Certificate Management feature of Cisco Meeting Management could allow an authenticated, remote attacker to upload arbitrary files, execute arbitrary commands, and elevate privi... | 8.8 | HIGH | β | 0 |
| CVE-2026-0910 The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' funct... | 8.8 | HIGH | β | 0 |
| CVE-2025-57707 An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they ca... | 8.8 | HIGH | β | 0 |
| CVE-2025-30276 An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify or corrupt memory. We have... | 8.8 | HIGH | β | 0 |
| CVE-2025-15096 The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly va... | 8.8 | HIGH | β | 0 |
| CVE-2026-1560 The Custom Block Builder β Lazy Blocks plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.0 via multiple functions in the 'LazyBlocks_Blocks' class. ... | 8.8 | HIGH | β | 0 |
| CVE-2024-5386 In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's acc... | 8.8 | HIGH | β | 0 |
| CVE-2025-10465 Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sens... | 8.8 | HIGH | β | 0 |
| CVE-2026-24070 During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication l... | 8.8 | HIGH | β | 0 |
| CVE-2026-25253 OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value. | 8.8 | HIGH | β | 0 |
| CVE-2022-50975 An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled. | 8.8 | HIGH | β | 0 |
| CVE-2026-25161 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation hand... | 8.8 | HIGH | β | 0 |
| CVE-2026-1756 The WP FOFT Loader plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'WP_FOFT_Loader_Mimes::file_and_ext' function in all versions up to, and in... | 8.8 | HIGH | β | 0 |
| CVE-2026-1819 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS.This issue affects ViPor... | 8.8 | HIGH | β | 0 |
| CVE-2026-20408 In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. Us... | 8.8 | HIGH | β | 0 |
| CVE-2026-24780 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platfor... | 8.8 | HIGH | β | 0 |
| CVE-2026-1427 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2026-21537 Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network. | 8.8 | HIGH | β | 0 |
| CVE-2026-21516 Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-1428 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server. | 8.8 | HIGH | β | 0 |
| CVE-2026-2630 A Command Injection vulnerability exists where an authenticated, remote attacker could execute arbitrary code on the underlying server where Tenable Security Center is hosted. | 8.8 | HIGH | β | 0 |
| CVE-2025-14756 Command injection vulnerability was found in the admin interface component of TP-Link Archer MR600 v5 firmware, allowing authenticated attackers to execute system commands with a limited character len... | 8.8 | HIGH | β | 0 |
| CVE-2026-21518 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network... | 8.8 | HIGH | β | 0 |
| CVE-2025-12062 The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21256 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-21255 Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | 8.8 | HIGH | β | 0 |
| CVE-2026-2001 The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and inc... | 8.8 | HIGH | β | 0 |
| CVE-2026-24763 OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClawβs Docker sandbox execution mechanism due... | 8.8 | HIGH | β | 0 |
| CVE-2026-25134 Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang par... | 8.8 | HIGH | β | 0 |
| CVE-2025-15467 Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to... | 8.8 | HIGH | β | 0 |
| CVE-2026-24869 Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2. | 8.8 | HIGH | β | 0 |
| CVE-2026-23526 CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.0.0 through 2.54.0, users that have the staff status may freely change their permissions, includin... | 8.8 | HIGH | β | 0 |
| CVE-2025-32062 The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-suppli... | 8.8 | HIGH | β | 0 |
| CVE-2026-0652 On TP-Link Tapo C260 v1, command injection vulnerability exists due to improper sanitization in certain POST parameters during configuration synchronization. An authenticated attacker can execute arbi... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.