Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-6119 A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request for... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-39420 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the L... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6202 A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6215 A weakness has been identified in DbGate up to 7.1.4. The impacted element is the function apiServerUrl1 of the file packages/rest/src/openApiDriver.ts of the component REST/GraphQL. This manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4966 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID ca... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5578 A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a man... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5579 A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parame... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5580 A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5583 A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulati... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5586 A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5587 A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5594 A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5595 A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function load_files_from_disk/list_files_from_disk/save_content_to_file/save_memory_art... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5596 A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipula... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5597 A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument f... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5563 A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipula... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5606 A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5607 A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-43210 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6488 A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Pa... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34626 Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5183 A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest can lead ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6191 A vulnerability was determined in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /equipments.php. Executing a manipulation of the argument Name can lead ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6190 A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name res... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4505 A vulnerability has been found in eosphoros-ai DB-GPT up to 0.7.5. This issue affects the function module_plugin.refresh_plugins of the file packages/dbgpt-serve/src/dbgpt_serve/agent/hub/controller.p... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4500 A vulnerability was identified in bagofwords1 bagofwords up to 0.0.297. This impacts the function generate_df of the file backend/app/ai/code_execution/code_execution.py. Such manipulation leads to in... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5206 A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-27299 Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5803 A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5317 A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be per... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6143 A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. T... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5248 A vulnerability has been found in gougucms 4.08.18. This affects the function reg_submit of the file gougucms-master\app\home\controller\Login.php of the component User Registration Handler. Such mani... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6141 A vulnerability was determined in danielmiessler Personal_AI_Infrastructure up to 2.3.0. Affected is an unknown function of the file Skills/Parser/Tools/parse_url.ts. Executing a manipulation can lead... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34861 Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34862 Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5020 A vulnerability was detected in Totolink A3600R 4.1.2cu.5182_B20201102. Affected by this issue is the function setNoticeCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The man... | 6.3 | MEDIUM | β | 0 |
| CVE-2024-58342 XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The getDynamicRedirect() function does not adequately validate the redirect target, allowing attackers to redirect use... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6111 A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5101 A vulnerability was identified in Totolink A3300R 17.0.0cu.557_b20221024. This affects the function setLanCfg of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. The manipulation of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5103 A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. This issue affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument enable causes c... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5302 CORS misconfiguration in CoolerControl/coolercontrold <4.0.0 allows unauthenticated remote attackers to read data and send commands to the service via malicious websites | 6.3 | MEDIUM | β | 0 |
| CVE-2026-39922 GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attacke... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6033 A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fnam... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6030 A flaw has been found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /del1.php. This manipulation of the argument toolname causes sql injec... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5153 A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command inje... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6489 A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backgr... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5823 A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4836 A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id re... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34397 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escal... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5259 A vulnerability was determined in AutohomeCorp frostmourne up to 1.0. The affected element is an unknown function of the file frostmourne-monitor/src/main/java/com/autohome/frostmourne/monitor/control... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.