Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32837 miniaudio version 0.11.25 and earlier contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WA... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32836 dr_libsΒ dr_flac.h version 0.13.3 and earlier contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-30707 An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypas... | 8.1 | HIGH | β | 0 |
| CVE-2026-25936 GLPI is a free Asset and IT management software package. Starting in version 11.0.0 and prior to version 11.0.6, an authenticated user can perfom a SQL injection. Version 11.0.6 fixes the issue. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-15584 Netskope was notified about a potential gap in its Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an unprivileged user to trig... | N/A | NONE | β | 0 |
| CVE-2026-3207 Configuration issueΒ in Java Management Extensions (JMX) in TIBCO BPM Enterprise version 4.x allows unauthorised access. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25790 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25772 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25771 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in t... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22882 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20726 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66633 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66617 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66503 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66342 A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitra... | 7.8 | HIGH | β | 0 |
| CVE-2025-66042 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66000 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-65119 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64776 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64735 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64733 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64301 An outβofβbounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an outβofβbounds ... | 7.8 | HIGH | β | 0 |
| CVE-2025-62500 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-62403 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61979 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-61952 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-58427 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-47873 An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds r... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-4319 A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2026-32298 The Angeet ES3 KVM does not properly sanitize user-supplied variables parsed by the 'cfg.lua' script, allowing an authenticated attacker to execute OS-level commands. | 9.1 | CRITICAL | β | 0 |
| CVE-2026-32297 The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an ... | 7.5 | HIGH | β | 0 |
| CVE-2026-32296 Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network... | 8.2 | HIGH | β | 0 |
| CVE-2026-32295 JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials. | 7.5 | HIGH | β | 0 |
| CVE-2026-32294 JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 has... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-32293 The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker... | 3.7 | LOW | β | 0 |
| CVE-2026-32292 The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials. | 7.5 | HIGH | β | 0 |
| CVE-2026-32291 The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-32290 The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the ... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-25770 Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the ... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25769 Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of U... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25534 ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle undersc... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-21570 This High severity RCE (Remote Code Execution)Β vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Co... | N/A | NONE | β | 0 |
| CVE-2026-4148 A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline. | 8.8 | HIGH | β | 0 |
| CVE-2026-4147 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28506 Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24901 Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to u... | 8.1 | HIGH | β | 0 |
| CVE-2026-23759 Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command doe... | 7.2 | HIGH | β | 0 |
| CVE-2026-21886 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to all... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-4318 A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buf... | 8.8 | HIGH | β | 0 |
| CVE-2026-3564 A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scen... | 9.0 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.