Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-12074 The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which post... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12071 The Frontend User Notes plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.0 via the 'funp_ajax_modify_notes' AJAX endpoint due to missing... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-12037 The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.5 due to insufficient input sani... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | 2.9 | LOW | β | 0 |
| CVE-2026-27038 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27037 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27036 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27035 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27034 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27033 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27032 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-27031 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23599 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attac... | 7.8 | HIGH | β | 0 |
| CVE-2026-22048 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible ... | 7.1 | HIGH | β | 0 |
| CVE-2026-1344 Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2570 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2026-26119 Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-1670 The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62183 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access right... | N/A | NONE | β | 0 |
| CVE-2025-13689 IBM DataStage on Cloud Pak for Data could allow an authenticated user to execute arbitrary commands and gain access to sensitive information due to unrestricted file uploads. | 8.8 | HIGH | β | 0 |
| CVE-2025-13333 IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-2629 A weakness has been identified in jishi node-sonos-http-api up to 3776f0ee2261c924c7b7204de121a38100a08ca7. Affected is the function Promise of the file lib/tts-providers/mac-os.js of the component TT... | 7.3 | HIGH | β | 0 |
| CVE-2026-2627 A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Re... | 7.8 | HIGH | β | 0 |
| CVE-2026-2623 A flaw has been found in Blossom up to 1.17.1. This issue affects the function put of the file blossom-backend/common/common-iaas/src/main/java/com/blossom/common/iaas/blos/BLOSManager.java of the com... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36348 IBM Sterling B2B Integrator versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 through 6.2.1.1, and IBM Sterling File Gateway versions 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through ... | 4.9 | MEDIUM | β | 0 |
| CVE-2025-36183 IBM watsonx.data 2.2 through 2.2.1 IBM Lakehouse could allow a privileged user to upload malicious files that could be executed server to modify limited files or data. | 3.8 | LOW | β | 0 |
| CVE-2025-33135 IBM Financial Transaction Manager for ACH Services and Check Services for Multi-Platform 3.0.0.0 through 3.0.5.4 Interim Fix 027 IBM Financial Transaction Manager for Check Services v3 (Multiplatforms... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-33088 IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources. | 7.4 | HIGH | β | 0 |
| CVE-2023-38005 IBM Cloud Pak System 2.3.3.6, 2.3.3.7, 2.3.4.0, 2.3.4.1, and 2.3.5.0 could allow an authenticated user to perform unauthorized tasks due to improper access controls. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2622 A vulnerability was detected in Blossom up to 1.17.1. This vulnerability affects the function content of the file blossom-backend/backend/src/main/java/com/blossom/backend/server/article/draft/Article... | 3.5 | LOW | β | 0 |
| CVE-2026-2621 A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.a... | 7.3 | HIGH | β | 0 |
| CVE-2026-23598 Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could a... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23597 Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated remote attacker to obtain sensitive information. Successful exploitation could a... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23596 A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger service restarts. Successful exploitation could allow an attacker to disrupt ser... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23595 An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote attacker could exploit this vulnerability to create privileged user accounts. Succ... | 8.8 | HIGH | β | 0 |
| CVE-2025-36379 IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-36377 IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-36376 IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-14289 IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the ... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-13691 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used to impersonate other users in the system. | 8.1 | HIGH | β | 0 |
| CVE-2026-2620 A weakness has been identified in Huace Monitoring and Early Warning System 2.2. Affected by this issue is some unknown functionality of the file /Web/SysManage/ProjectRole.aspx. Executing a manipulat... | 7.3 | HIGH | β | 0 |
| CVE-2026-26357 Dell Unisphere for PowerMax, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-22769 Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-22762 Dell Avamar Server and Avamar Virtual Edition, versions prior to 19.10 SP1 with CHF338912, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in th... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22284 Dell SmartFabric OS10 Software, versions prior to 10.5.6.12, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker w... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-0102 Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of sto... | 3.1 | LOW | β | 0 |
| CVE-2025-70846 lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password. | 7.1 | HIGH | β | 0 |
| CVE-2025-67102 A SQL injection vulnerability in the alldayoffs feature in Jorani up to v1.0.4, allows an authenticated attacker to execute arbitrary SQL commands via the entity parameter. | 7.6 | HIGH | β | 0 |
| CVE-2025-36598 Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged atta... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-36597 Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged atta... | 4.7 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.