Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-25478 Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to 2.20.0, CORSConfig.allowed_origins_regex is constructed using a regex built from configured allowlist values and used wi... | 7.4 | HIGH | β | 0 |
| CVE-2026-25231 FileRise is a self-hosted web file manager / WebDAV server. Versions prior to 3.3.0, the application contains an unauthenticated file read vulnerability due to the lack of access control on the /uploa... | 7.5 | HIGH | β | 0 |
| CVE-2026-25230 FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain ... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-25057 MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, instructors are able to upload a zip file to create an assignment from an exported configuration (cou... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24900 MarkUs is a web application for the submission and grading of student assignments. Prior to 2.9.1, the courses/<:course_id>/assignments/<:assignment_id>/submissions/html_content accepted a select_file... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1529 A flaw was found in Keycloak. An attacker can exploit this vulnerability by modifying the organization ID and target email within a legitimate invitation token's JSON Web Token (JWT) payload. This lac... | 8.1 | HIGH | β | 0 |
| CVE-2026-1486 A flaw was found in Keycloak. A vulnerability exists in the jwt-authorization-grant flow where the server fails to verify if an Identity Provider (IdP) is enabled before issuing tokens. The issuer loo... | 8.8 | HIGH | β | 0 |
| CVE-2025-14778 A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-24777 OpenProject is an open-source, web-based project management software. Prior to 17.0.2, users with the Manage Users permission can lock and unlock users. This functionality should only be possible for ... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-24684 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, lead... | 7.5 | HIGH | β | 0 |
| CVE-2026-24683 FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel clo... | 7.5 | HIGH | β | 0 |
| CVE-2026-24682 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading to out-of-bound... | 7.5 | HIGH | β | 0 |
| CVE-2026-24681 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading to a use ... | 7.5 | HIGH | β | 0 |
| CVE-2026-24680 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UA... | 7.5 | HIGH | β | 0 |
| CVE-2026-24679 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bou... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24678 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use ... | 7.5 | HIGH | β | 0 |
| CVE-2026-24677 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading t... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-24676 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format, leadin... | 7.5 | HIGH | β | 0 |
| CVE-2026-24675 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it, leading to a use a... | 7.5 | HIGH | β | 0 |
| CVE-2026-24491 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback and trig... | 7.5 | HIGH | β | 0 |
| CVE-2026-23948 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP p... | 7.5 | HIGH | β | 0 |
| CVE-2026-2242 A vulnerability was determined in janet-lang janet up to 1.40.1. This impacts the function janetc_if of the file src/core/specials.c. Executing a manipulation can lead to out-of-bounds read. The attac... | 3.3 | LOW | β | 0 |
| CVE-2026-2241 A vulnerability was found in janet-lang janet up to 1.40.1. This affects the function os_strftime of the file src/core/os.c. Performing a manipulation results in out-of-bounds read. The attack must be... | 3.3 | LOW | β | 0 |
| CVE-2026-21419 Dell Display and Peripheral Manager (Windows) versions prior to 2.2 contain an Improper Link Resolution Before File Access ('Link Following') vulnerability in the Installer and Service. A low privileg... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-7432 DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions.Β This may allow an attacker to eventually extract secret keys through a DPA attack. | N/A | NONE | β | 0 |
| CVE-2025-66630 Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obt... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-2240 A vulnerability has been found in janet-lang janet up to 1.40.1. The impacted element is the function janetc_pop_funcdef of the file src/core/compile.c. Such manipulation leads to out-of-bounds read. ... | 3.3 | LOW | β | 0 |
| CVE-2026-24095 Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page... | N/A | NONE | β | 0 |
| CVE-2026-24027 Crafted zones can lead to increased incoming network traffic. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0398 Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | 5.3 | MEDIUM | β | 0 |
| CVE-2025-63354 Hitron HI3120 v7.2.4.5.2b1 allows stored XSS via the Parental Control option when creating a new filter. The device fails to properly handle inputs, allowing an attacker to inject and execute JavaScri... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-59024 Crafted delegations or IP fragments can poison cached delegations in Recursor. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59023 Crafted delegations or IP fragments can poison cached delegations in Recursor. | 8.2 | HIGH | β | 0 |
| CVE-2025-14831 A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containin... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-10465 Unrestricted Upload of File with Dangerous Type vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Sensaway allows Upload a Web Shell to a Web Server.This issue affects Sens... | 8.8 | HIGH | β | 0 |
| CVE-2025-10464 Insecure Storage of Sensitive Information vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Retrieve Embedded Sensitive Data.This issue affects Senseway: th... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via theΒ 'Facebook' parameter in '/loggrodemo/jbrain/ConsultaTerceros' endpoint. | N/A | NONE | β | 0 |
| CVE-2026-1959 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes, via the 'descripciΓ³n' parameter in the '/loggrodemo/jbrain/MaestraCuentasBancarias' endpoint. | N/A | NONE | β | 0 |
| CVE-2026-0632 The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.12 via the 'saveDataSource' function. This makes it possibl... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-7708 Insertion of Sensitive Information Into Sent Data vulnerability in Atlas Educational Software Industry Ltd. Co. K12net allows Communication Channel Manipulation.This issue affects k12net: through 0902... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-6830 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpoda TΓΌrkiye Information Technology Inc. Password Module allows SQL Injection.This issue affects ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10463 Improper Authentication vulnerability in Birtech Information Technologies Industry and Trade Ltd. Co. Senseway allows Authentication Abuse.This issue affects Senseway: through 09022026.Β NOTE: Becaus... | 7.3 | HIGH | β | 0 |
| CVE-2026-25848 In JetBrains Hub before 2025.3.119807 authentication bypass allowing administrative actions was possible | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25847 In JetBrains PyCharm before 2025.3.2 a DOM-based XSS on Jupyter viewer page was possible | 8.2 | HIGH | β | 0 |
| CVE-2026-25846 In JetBrains YouTrack before 2025.3.119033 access tokens could be exposed in Mailbox logs | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24098 Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22922 Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2227 A vulnerability was found in D-Link DCS-931L up to 1.13.0. Impacted is the function doSystem of the file /setSystemAdmin. Performing a manipulation of the argument AdminID results in command injection... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-2226 A vulnerability has been found in DouPHP up to 1.9. This issue affects some unknown processing of the file /admin/file.php of the component ZIP File Handler. Such manipulation of the argument sql_file... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-23903 Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to version 2.0.7, which fixes the issue. The i... | 5.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.