Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-35682 Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | 8.8 | HIGH | — | 0 |
| CVE-2026-40066 Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | 8.8 | HIGH | — | 0 |
| CVE-2026-40283 WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the "... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Load... | 8.4 | HIGH | — | 0 |
| CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applianc... | 8.4 | HIGH | — | 0 |
| CVE-2026-6369 An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by send... | N/A | NONE | — | 0 |
| CVE-2026-23774 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10, LTS2024 release versions 7.13... | 7.2 | HIGH | — | 0 |
| CVE-2026-24467 OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's ... | 9.0 | CRITICAL | — | 0 |
| CVE-2026-24506 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulne... | 7.2 | HIGH | — | 0 |
| CVE-2026-25524 Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri... | 8.1 | HIGH | — | 0 |
| CVE-2026-25525 Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pri... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-26942 Dell PowerProtect Data Domain, versions 8.5 through 8.6 contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS command injection vulnerability. A high privileged attacker... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-26943 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an OS command injection vulne... | 7.2 | HIGH | — | 0 |
| CVE-2026-26951 Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain a stack-based buffer overflow... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-28684 python-dotenv reads key-value pairs from a .env file and can set them as environment variables. Prior to version 1.2.2, `set_key()` and `unset_key()` in python-dotenv follow symbolic links when rewrit... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-30266 Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file | 7.8 | HIGH | — | 0 |
| CVE-2026-30269 Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is ac... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-23757 GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization.... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23758 GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the e... | N/A | NONE | — | 0 |
| CVE-2026-39109 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 within the username parameter of the login page (index.php). This allows an unauthenticate... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-39110 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the contactno parameter of the forgot password page (forgot-password.php). This allows ... | 8.2 | HIGH | — | 0 |
| CVE-2026-39111 SQL Injection vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the email parameter of the forgot password page (forgot-password.php). This allows an u... | 7.5 | HIGH | — | 0 |
| CVE-2026-39112 Cross Site Scripting vulnerability in Apartment Visitors Management System Apartment Visitors Management System V1.1 in the visname parameter of visitors-form.php. An authenticated attacker can inject... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-41389 OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbitrary local and UNC file access. Attackers can craft malicious tool-result m... | 5.8 | MEDIUM | — | 0 |
| CVE-2025-11249 Rejected reason: This CVE id was assigned as a duplicate of CVE-2025-66414. | N/A | NONE | — | 0 |
| CVE-2026-6060 A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS:... | 4.5 | MEDIUM | — | 0 |
| CVE-2026-6248 The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update() method does not valida... | 8.1 | HIGH | — | 0 |
| CVE-2026-29648 In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs wi... | 8.8 | HIGH | — | 0 |
| CVE-2026-4046 The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remote... | 7.5 | HIGH | — | 0 |
| CVE-2026-0930 Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which wo... | N/A | NONE | — | 0 |
| CVE-2026-22051 StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacker... | N/A | NONE | — | 0 |
| CVE-2026-5721 The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is d... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-6560 A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param le... | 8.8 | HIGH | — | 0 |
| CVE-2026-6561 A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-6562 A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql ... | 7.3 | HIGH | — | 0 |
| CVE-2026-6563 A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to b... | 8.8 | HIGH | — | 0 |
| CVE-2026-6564 A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is p... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6568 A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Han... | 7.3 | HIGH | — | 0 |
| CVE-2026-6569 A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation of... | 7.3 | HIGH | — | 0 |
| CVE-2026-6573 A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of th... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-6570 A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argume... | 2.7 | LOW | — | 0 |
| CVE-2026-6571 A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-6577 A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-6578 A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of ... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-6579 A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing au... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6580 A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipul... | 7.3 | HIGH | — | 0 |
| CVE-2026-6584 A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoin... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-34537 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger Undefined Behavior (UB) in CIccOpDefEnvVar::Exe... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34549 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior (UB) condition in IccUtil.cpp triggered by a craft... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34551 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a null-pointer dereference (NPD) in CIccTagLut16::Write() can be triggered when p... | 6.2 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.