Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-1572 The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0.... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2352 The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ao_post_preload' meta value in all versions up to, and including, 3.1.14. This is due to insufficient input s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2430 The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the lazy-loading image processing in all versions up to, and including, 3.1.14. This is due to the use of an overl... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4278 The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sdc_menu' shortcode in all versions up to, and including, 2.3. This is due to insufficient input ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14732 The Elementor Website Builder β More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widget parameters in all versions up to, and including, 3.35... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34716 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the ca... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-2496 The Ed's Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `eds_font_awesome` shortcode in all versions up to, and including, 2.0. This is due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3875 The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-3997 The Text Toggle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' shortcode attribute of the [tt_part] and [tt] shortcodes in all versions up to and including 1.1. This... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4341 The Prime Slider β Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'follow_us_text' setting of the Mount widget in all versions up to, and including, 4.1... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4333 The LearnPress β WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'skin' attribute of the learn_press_courses shortcode in all versions up to and includin... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4083 The Scoreboard for HTML5 Games Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'scoreboard' shortcode in all versions up to, and including, 1.2. The shortcode function s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-4766 The Easy Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gallery shortcode post meta field in all versions up to, and including, 1.5.3. This is due to insuffici... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1275 The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute in all versions up to, and including, 1.4. This is due to ins... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-33246 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. Thi... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-39921 GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outboun... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5328 A weakness has been identified in shsuishang modulithshop up to 829bac71f507e84684c782b9b062b8bf3b5585d6. The impacted element is the function listItem of the file src/main/java/com/suisung/shopsuite/... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6033 A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fnam... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5126 A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to b... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5205 A vulnerability was identified in chatwoot up to 4.11.2. Affected by this vulnerability is the function Webhooks::Trigger in the library lib/webhooks/trigger.rb of the component Webhook API. Such mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4954 A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endp... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5259 A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/control... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4963 A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4513 A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function ask of the file vanna\legacy\base\base.py. Performing a manipulation results in sql injection... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6030 A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6006 A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edit_hpatient.php. The manipulation of the argument ID le... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4778 A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6005 A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematology_print.php. Executing a manipulation of the argument hem... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4573 A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Pa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4574 A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firs... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4589 A vulnerability was identified in kalcaddle kodbox 1.64. The affected element is the function PathDriverUrl of the file /workspace/source-code/app/controller/explorer/editor.class.php of the component... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-32921 OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for scr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5206 A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4780 A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1879 A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34245 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `plugin/PlayLists/View/Playlists_schedules/add.json.php` endpoint allows any authenticated user with streaming p... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4970 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argum... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6111 A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5196 A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injectio... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4999 A security vulnerability has been detected in z-9527 admin up to 72aaf2dd05cf4ec2e98f390668b41e128eec5ad2. This issue affects the function uploadFile of the file /server/utils/upload.js of the compone... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4554 A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4586 A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4568 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5101 A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6488 A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Pa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5103 A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes c... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6497 A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compone... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5105 A vulnerability was detected in Totolink A3300R 17.0.0cu.557_b20221024. The affected element is the function setVpnPassCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performi... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6215 A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6202 A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection.... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.