Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-33470 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access snapshots from ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33469 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate configuration throug... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33468 Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` β `''`) but does ... | 8.1 | HIGH | β | 0 |
| CVE-2026-33442 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` β `''`) but does not escap... | 8.1 | HIGH | β | 0 |
| CVE-2026-33438 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33430 Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI... | 7.3 | HIGH | β | 0 |
| CVE-2026-33416 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_se... | 7.5 | HIGH | β | 0 |
| CVE-2026-33402 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch is includ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33015 EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's BCB tog... | 5.2 | MEDIUM | β | 0 |
| CVE-2026-33014 EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction... | 5.2 | MEDIUM | β | 0 |
| CVE-2026-33009 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT `everest_external/nodered/{connecto... | 8.2 | HIGH | β | 0 |
| CVE-2026-32846 OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikely... | 7.5 | HIGH | β | 0 |
| CVE-2026-29905 Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to properly validate th... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29044 EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-27828 EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 ... | 7.5 | HIGH | β | 0 |
| CVE-2026-27816 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 wi... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27815 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 w... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-27814 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase β 3-phase switch request (`ac_switch_three_phases_while_charging`) during char... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-27813 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-26074 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map<std::queue>` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network... | 7.0 | HIGH | β | 0 |
| CVE-2026-26073 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and EV sess... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-4897 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbound... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33397 The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have... | N/A | NONE | β | 0 |
| CVE-2026-30162 Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-29976 Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function | 6.2 | MEDIUM | β | 0 |
| CVE-2026-29934 A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-29933 A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifyi... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-28298 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-28297 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-27664 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds... | 7.5 | HIGH | β | 0 |
| CVE-2026-27663 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85Β RTU Base (All versions < V26.10). The affected application contains denial-of-service (Do... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26072 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is E... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-26071 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID update... | 4.2 | MEDIUM | β | 0 |
| CVE-2026-26070 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map<std::optional>` concurrent access (container/optional corruption possible). The trigger is a... | 4.6 | MEDIUM | β | 0 |
| CVE-2026-26008 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS sends U... | 7.5 | HIGH | β | 0 |
| CVE-2026-23995 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routi... | 8.4 | HIGH | β | 0 |
| CVE-2026-22790 EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payload... | 8.8 | HIGH | β | 0 |
| CVE-2026-22593 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals `MA... | 8.4 | HIGH | β | 0 |
| CVE-2026-4877 A security flaw has been discovered in itsourcecode Payroll Management System up to 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument page results... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4876 A vulnerability was identified in itsourcecode Free Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/mod_amenities/index.php?view=editpic. Such manipulation... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33413 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call c... | 8.8 | HIGH | β | 0 |
| CVE-2026-33396 OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.35, a low-privileged authenticated user (ProjectMember) can achieve remote command execution on the Probe conta... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-33343 etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, an authenticated user with RBAC restricted permissions on key ranges can use ne... | 0.0 | NONE | β | 0 |
| CVE-2026-2511 The JS Help Desk β AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the `multiformid` parameter in the `storeTickets()` function in all versions up to, and... | 7.5 | HIGH | β | 0 |
| CVE-2026-2389 The Complianz β GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` fu... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-2231 The Fluent Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.01 due to insufficient input sanitization and out... | 7.2 | HIGH | β | 0 |
| CVE-2026-1032 The Conditional Menus plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.6. This is due to missing nonce validation on the 'save_options' functi... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-55264 HCL Aftermarket DPC is affected by Failure to Invalidate Session on Password Change will allow attacker to access to a session, then they can maintain control over the account despite the password cha... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-55263 HCL Aftermarket DPC is affected by Hardcoded Sensitive Data which allows attacker to gain access to the source code or if it is stored in insecure repositories, they can easily retrieve these hardcode... | 7.3 | HIGH | β | 0 |
| CVE-2025-55262 HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database. | 8.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.