Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-30975 Sonarr is a PVR for Usenet and BitTorrent users. Versions prior to 4.0.16.2942 have an authentication bypass that affected users that had disabled authentication for local addresses (Authentication Re... | 8.1 | HIGH | — | 0 |
| CVE-2026-2485 IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI t... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-2484 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2483 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the in... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1561 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to sen... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1262 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1015 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-1014 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-64648 IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-64647 IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | 5.9 | MEDIUM | — | 0 |
| CVE-2025-64646 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-36440 IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-36438 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints. | 5.1 | MEDIUM | — | 0 |
| CVE-2025-36422 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and un... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-36258 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user. | 7.1 | HIGH | — | 0 |
| CVE-2025-14974 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR). | 5.7 | MEDIUM | — | 0 |
| CVE-2025-14917 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings. | 6.7 | MEDIUM | — | 0 |
| CVE-2025-14915 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14912 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-14810 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive info... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-14808 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obta... | 3.1 | LOW | — | 0 |
| CVE-2025-14807 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-33247 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials for all clients pr... | 7.4 | HIGH | — | 0 |
| CVE-2026-33246 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. Thi... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-33219 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the WebSockets port can ca... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33218 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode port can crash the nats... | 7.5 | HIGH | — | 0 |
| CVE-2026-33217 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied i... | 7.1 | HIGH | — | 0 |
| CVE-2026-33216 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are... | 8.6 | HIGH | — | 0 |
| CVE-2026-29785 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled (not d... | 7.5 | HIGH | — | 0 |
| CVE-2026-27889 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity check on a WebSocke... | 7.5 | HIGH | — | 0 |
| CVE-2025-70888 An issue in mtrojnar Osslsigncode affected at v2.10 and before allows a remote attacker to escalate privileges via the osslsigncode.c component | 9.8 | CRITICAL | — | 0 |
| CVE-2025-14790 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12708 IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-33809 A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33751 n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, a flaw in the LDAP node's filter escape logic allowed LDAP metacharacters to pass through unescaped ... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-33749 n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that prod... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-33724 n8n is an open source workflow automation platform. Prior to version 2.5.0, when the Source Control feature is configured to use SSH, the SSH command used for git operations explicitly disabled host k... | 7.4 | HIGH | — | 0 |
| CVE-2026-33722 n8n is an open source workflow automation platform. Prior to versions 2.6.4 and 1.123.23, an authenticated user without permission to list external secrets could reference a secret by the external nam... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33720 n8n is an open source workflow automation platform. Prior to version 2.8.0, when the `N8N_SKIP_AUTH_ON_OAUTH_CALLBACK` environment variable is set to `true`, the OAuth callback handler skips ownership... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-27602 Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly in... | 7.2 | HIGH | — | 0 |
| CVE-2026-1001 Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators ... | N/A | NONE | — | 0 |
| CVE-2025-70952 pf4j before 20c2f80 has a path traversal vulnerability in the extract() function of Unzip.java, where improper handling of zip entry names can allow directory traversal or Zip Slip attacks, due to a l... | 7.5 | HIGH | — | 0 |
| CVE-2025-70887 An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components | 8.8 | HIGH | — | 0 |
| CVE-2026-33713 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could exploit a SQL injection vu... | 8.8 | HIGH | — | 0 |
| CVE-2026-33696 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with permission to create or modify workflows could exploit a prototype pollut... | 8.8 | HIGH | — | 0 |
| CVE-2026-33665 n8n is an open source workflow automation platform. Prior to versions 2.4.0 and 1.121.0, when LDAP authentication is enabled, n8n automatically linked an LDAP identity to an existing local account if ... | N/A | NONE | — | 0 |
| CVE-2026-33663 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.27, an authenticated user with the `global:member` role could exploit chained authorization flaws in n8n... | N/A | NONE | — | 0 |
| CVE-2026-33660 n8n is an open source workflow automation platform. Prior to versions 2.14.1, 2.13.3, and 1.123.26, an authenticated user with permission to create or modify workflows could use the Merge node's "Comb... | N/A | NONE | — | 0 |
| CVE-2026-30587 Multiple Stored XSS vulnerabilities exist in Seafile Server version 13.0.15,13.0.16-pro,12.0.14 and prior and fixed in 13.0.17, 13.0.17-pro, and 12.0.20-pro, via the Seadoc (sdoc) editor. The applicat... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27496 n8n is an open source workflow automation platform. Prior to versions 1.123.22, 2.9.3, and 2.10.1, an authenticated user with permission to create or modify workflows could use the JavaScript Task Run... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.