Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-3848 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintend... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-31892 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely b... | 8.1 | HIGH | β | 0 |
| CVE-2026-30741 A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30234 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the <Snapshot... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29777 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language v... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28803 Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28229 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to 4.0.2 and 3.7.11, Workflow templates endpoints allow any client to retrieve Wo... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27897 Vociferous provides cross-platform, offline speech-to-text with local AI refinement. Prior to 4.4.2, the vulnerability exists in src/api/system.py within the export_file route. The application accepts... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-22248 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. From 11.0.0 to before 11.0.5, an authenticated techni... | 8.0 | HIGH | β | 0 |
| CVE-2026-21888 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably trig... | 7.5 | HIGH | β | 0 |
| CVE-2026-1732 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose conf... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1663 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group impor... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1497 Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:Β an admin that intends to give a user an ... | N/A | NONE | β | 0 |
| CVE-2026-1230 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause reposito... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-1090 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markd... | 8.7 | HIGH | β | 0 |
| CVE-2026-1069 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted ... | 7.5 | HIGH | β | 0 |
| CVE-2026-0602 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose meta... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14513 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a de... | 7.5 | HIGH | β | 0 |
| CVE-2025-13929 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a den... | 7.5 | HIGH | β | 0 |
| CVE-2025-13690 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a deni... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-12704 GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual R... | 3.5 | LOW | β | 0 |
| CVE-2025-12697 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-... | 2.2 | LOW | β | 0 |
| CVE-2025-12690 Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine through 6.10.19,Β through 7.3.0, through 7.2.4, through 7.1.10. | N/A | NONE | β | 0 |
| CVE-2025-12576 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticat... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3946 A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. Performing a manipulation of the argument askcontent results in cross site ... | 3.5 | LOW | β | 0 |
| CVE-2026-3013 Coppermine Photo Gallery in versions 1.6.09 through 1.6.27Β is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit a vulnerable endpoint and construct payloads that allow t... | N/A | NONE | β | 0 |
| CVE-2026-32229 In JetBrains Hub before 2026.1 possible on sign-in account mismatch with non-SSO auth and 2FA disabled | 6.8 | MEDIUM | β | 0 |
| CVE-2026-30903 External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access. | 9.6 | CRITICAL | β | 0 |
| CVE-2026-30902 Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 | HIGH | β | 0 |
| CVE-2026-30901 Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | 7.0 | HIGH | β | 0 |
| CVE-2026-30900 Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 | HIGH | β | 0 |
| CVE-2025-70330 Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an a... | 3.3 | LOW | β | 0 |
| CVE-2025-70027 An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information | 7.5 | HIGH | β | 0 |
| CVE-2025-67298 An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | 8.1 | HIGH | β | 0 |
| CVE-2026-3904 Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on i... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-3496 The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user suppl... | 7.5 | HIGH | β | 0 |
| CVE-2026-32063 OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF char... | 7.1 | HIGH | β | 0 |
| CVE-2026-32062 OpenClaw versions2026.2.21-2 prior to 2026.2.22 and @openclaw/voice-call versions 2026.2.21 prior to 2026.2.22 accept media-stream WebSocket upgrades before stream validation, allowing unauthenticated... | 7.5 | HIGH | β | 0 |
| CVE-2026-32061 OpenClaw versions prior to 2026.2.17 contain a path traversal vulnerability in the $include directive resolution that allows reading arbitrary local files outside the config directory boundary. Attack... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-32060 OpenClaw versions prior to 2026.2.14 contain a path traversal vulnerability in apply_patch that allows attackers to write or delete files outside the configured workspace directory. When apply_patch i... | 8.8 | HIGH | β | 0 |
| CVE-2026-32059 OpenClaw version 2026.2.22-2 prior to 2026.2.23 tools.exec.safeBins validation for sort command fails to properly validate GNU long-option abbreviations, allowing attackers to bypass denied-flag check... | 8.8 | HIGH | β | 0 |
| CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql inj... | 7.3 | HIGH | β | 0 |
| CVE-2026-3943 A vulnerability was found in H3C ACG1000-AK230 up to 20260227. This affects an unknown part of the file /webui/?aaa_portal_auth_local_submit. The manipulation of the argument suffix results in command... | 7.3 | HIGH | β | 0 |
| CVE-2026-3178 The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input sani... | 7.2 | HIGH | β | 0 |
| CVE-2026-3805 When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. | 7.5 | HIGH | β | 0 |
| CVE-2026-3784 curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a s... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3783 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1965 libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent reques... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3906 WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3492 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving missing authorization on... | 6.4 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.