Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-71257 BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets.... | 7.3 | HIGH | β | 0 |
| CVE-2026-5824 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to s... | 7.3 | HIGH | β | 0 |
| CVE-2026-4508 A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The man... | 7.3 | HIGH | β | 0 |
| CVE-2026-4223 A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to... | 7.3 | HIGH | β | 0 |
| CVE-2022-4987 Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute a... | 7.3 | HIGH | β | 0 |
| CVE-2026-4504 A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. I... | 7.3 | HIGH | β | 0 |
| CVE-2026-5827 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sq... | 7.3 | HIGH | β | 0 |
| CVE-2026-4580 A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-4288 A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoi... | 7.3 | HIGH | β | 0 |
| CVE-2026-4287 A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpo... | 7.3 | HIGH | β | 0 |
| CVE-2026-5526 A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results... | 7.3 | HIGH | β | 0 |
| CVE-2026-34544 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B... | 7.3 | HIGH | β | 0 |
| CVE-2026-5534 A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such m... | 7.3 | HIGH | β | 0 |
| CVE-2026-5536 A weakness has been identified in FedML-AI FedML up to 0.8.9. Affected is the function sendMessage of the file grpc_server.py of the component gRPC server. Executing a manipulation can lead to deseria... | 7.3 | HIGH | β | 0 |
| CVE-2026-5540 A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-5962 A vulnerability was detected in Tenda CH22 1.0.0.6(468). This issue affects the function R7WebsSecurityHandlerfunction of the component httpd. The manipulation results in path traversal. The attack ma... | 7.3 | HIGH | β | 0 |
| CVE-2026-4289 A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipu... | 7.3 | HIGH | β | 0 |
| CVE-2026-5961 A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument pos... | 7.3 | HIGH | β | 0 |
| CVE-2026-5551 A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. Th... | 7.3 | HIGH | β | 0 |
| CVE-2026-5554 A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/proc... | 7.3 | HIGH | β | 0 |
| CVE-2026-5555 A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parame... | 7.3 | HIGH | β | 0 |
| CVE-2026-32594 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pa... | 7.3 | HIGH | β | 0 |
| CVE-2026-5562 A vulnerability was identified in provectus kafka-ui up to 0.7.2. This impacts the function validateAccess of the file /api/smartfilters/testexecutions of the component Endpoint. The manipulation lead... | 7.3 | HIGH | β | 0 |
| CVE-2026-5564 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. T... | 7.3 | HIGH | β | 0 |
| CVE-2026-5565 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Ha... | 7.3 | HIGH | β | 0 |
| CVE-2026-5569 A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper ac... | 7.3 | HIGH | β | 0 |
| CVE-2026-5570 A vulnerability was determined in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. The affected element is the function index_config of the file /LoginCB. This manipulation causes improper authentication... | 7.3 | HIGH | β | 0 |
| CVE-2026-5573 A weakness has been identified in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. This impacts an unknown function of the file /fs. Executing a manipulation of the argument cwd can lead to unrestricted ... | 7.3 | HIGH | β | 0 |
| CVE-2026-5575 A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulat... | 7.3 | HIGH | β | 0 |
| CVE-2026-5577 A vulnerability has been found in Song-Li cross_browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a. This affects an unknown part of the file flask/uniquemachine_app.py of the component details End... | 7.3 | HIGH | β | 0 |
| CVE-2026-5584 A vulnerability has been found in Fosowl agenticSeek 0.1.0. Impacted is the function PyInterpreter.execute of the file sources/tools/PyInterpreter.py of the component query Endpoint. Such manipulation... | 7.3 | HIGH | β | 0 |
| CVE-2026-5333 A security flaw has been discovered in DefaultFuction Content-Management-System 1.0. This issue affects some unknown processing of the file /admin/tools.php. The manipulation of the argument host resu... | 7.3 | HIGH | β | 0 |
| CVE-2026-35489 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from requ... | 7.3 | HIGH | β | 0 |
| CVE-2026-4237 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argumen... | 7.3 | HIGH | β | 0 |
| CVE-2026-5616 A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/mod... | 7.3 | HIGH | β | 0 |
| CVE-2026-4236 A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument t... | 7.3 | HIGH | β | 0 |
| CVE-2026-35455 immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360Β° panorama viewer allows any authenticated user to execute ar... | 7.3 | HIGH | β | 0 |
| CVE-2026-4232 A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulati... | 7.3 | HIGH | β | 0 |
| CVE-2026-2991 The KiviCare β Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin(... | 7.3 | HIGH | β | 0 |
| CVE-2026-5631 A vulnerability has been found in assafelovic gpt-researcher up to 3.4.3. This affects the function extract_command_data of the file backend/server/server_utils.py of the component ws Endpoint. Such m... | 7.3 | HIGH | β | 0 |
| CVE-2026-5632 A vulnerability was found in assafelovic gpt-researcher up to 3.4.3. This impacts an unknown function of the component HTTP REST API Endpoint. Performing a manipulation results in missing authenticati... | 7.3 | HIGH | β | 0 |
| CVE-2026-4231 A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Per... | 7.3 | HIGH | β | 0 |
| CVE-2026-5633 A vulnerability was determined in assafelovic gpt-researcher up to 3.4.3. Affected is an unknown function of the component ws Endpoint. Executing a manipulation of the argument source_urls can lead to... | 7.3 | HIGH | β | 0 |
| CVE-2026-5634 A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The man... | 7.3 | HIGH | β | 0 |
| CVE-2026-5637 A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manip... | 7.3 | HIGH | β | 0 |
| CVE-2026-4229 A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes ... | 7.3 | HIGH | β | 0 |
| CVE-2026-35574 ChurchCRM is an open-source church management system. Prior to 6.5.3, a stored Cross-Site Scripting (XSS) vulnerability in ChurchCRM's Note Editor allows authenticated users with note-adding permissio... | 7.3 | HIGH | β | 0 |
| CVE-2026-5642 A vulnerability was determined in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown function of the file /viva/update.php of the component HTT... | 7.3 | HIGH | β | 0 |
| CVE-2026-5645 A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a m... | 7.3 | HIGH | β | 0 |
| CVE-2026-5646 A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/pa... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.