Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2024-55019 Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files. | 7.5 | HIGH | β | 0 |
| CVE-2025-36364 IBM DevOps Plan 3.0.0 through 3.0.5 allows web page cache to be stored locally which can be read by another user on the system. | 6.2 | MEDIUM | β | 0 |
| CVE-2024-55020 A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55021 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded password in the FTP protocol. | 7.5 | HIGH | β | 0 |
| CVE-2024-55022 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain an authenticated command injection vulnerability via the HMI Name parameter. | 8.8 | HIGH | β | 0 |
| CVE-2024-55023 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to contain a hardcoded encryption key which could allow attackers to access sensitive information. | 5.3 | MEDIUM | β | 0 |
| CVE-2024-55024 An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55025 Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-66945 A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended direc... | 9.1 | CRITICAL | β | 0 |
| CVE-2024-55026 An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request. | 9.8 | CRITICAL | β | 0 |
| CVE-2024-55027 Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db. | 7.5 | HIGH | β | 0 |
| CVE-2025-13490 IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.... | 5.9 | MEDIUM | β | 0 |
| CVE-2025-13616 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 returns sensitive information in an HTTP response that could be used in further attacks against the system. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13734 IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-14604 IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-14923 IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administe... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-36363 IBM DevOps Plan 3.0.0 through 3.0.5 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 5.9 | MEDIUM | β | 0 |
| CVE-2025-70236 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDomainFilter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70237 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetPortTr. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70241 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWANType_Wizard5. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-0869 Authentication bypass in Brocade ASCG 3.4.0 Could allow an unauthorized user to perform ASCG operations related to Brocade Support Link(BSL) and streaming configuration. and could even disable the ASC... | 8.8 | HIGH | β | 0 |
| CVE-2026-1265 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to writing of sensitive Information in a log file. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-26887 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. | 2.7 | LOW | β | 0 |
| CVE-2026-26888 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | 2.7 | LOW | β | 0 |
| CVE-2026-26889 Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. | 2.7 | LOW | β | 0 |
| CVE-2026-26891 Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | 2.7 | LOW | β | 0 |
| CVE-2026-2606 IBM webMethods API Gateway (on-prem) 10.11 through 10.11_Fix3210.15 to 10.15_Fix2711.1 to 11.1_Fix7 IBM webMethods API Management (on-prem) fails to properly validate user-supplied input passed to the... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2915 HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | 7.1 | HIGH | β | 0 |
| CVE-2026-3484 A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function child_process.exec of the file src/index.ts of the... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-3494 In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated databa... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-13686 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13687 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13688 IBM DataStage on Cloud Pak for Data 5.1.2 through 5.3.0 could allow an authenticated user to execute arbitrary commands with normal user privileges on the system due to improper validation of user sup... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-14456 IBM MQ Appliance 9.4 CD through 9.4.4.0 to 9.4.4.1 | 5.9 | MEDIUM | β | 0 |
| CVE-2025-14480 IBM Aspera faspio Gateway 1.3.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | 5.1 | MEDIUM | β | 0 |
| CVE-2025-70234 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetQoS. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70239 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard55. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70240 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard51. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-1567 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity (XXE) vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from... | 7.1 | HIGH | β | 0 |
| CVE-2026-24415 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modifica... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1713 IBM MQ 9.1.0.0 through 9.1.0.33 LTS, 9.2.0.0 through 9.2.0.40 LTS, 9.3.0.0 through 9.3.0.36 LTS, 9.30.0 through 9.3.5.1 CD, 9.4.0.0 through 9.4.0.17 LTS, and 9.4.0.0 through 9.4.4.1 CD | 5.0 | MEDIUM | β | 0 |
| CVE-2026-24502 Dell Command | Intel vPro Out of Band, versions prior to 4.7.0, contain an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vu... | 8.8 | HIGH | β | 0 |
| CVE-2026-25906 Dell Optimizer, versions prior to 6.3.1, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit ... | 7.3 | HIGH | β | 0 |
| CVE-2026-3485 A flaw has been found in D-Link DIR-868L 110b03. This affects the function sub_1BF84 of the component SSDP Service. This manipulation of the argument ST causes os command injection. It is possible to ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-3486 A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lead... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-1775 The Labkotec LID-3300IP has an existing vulnerability in the ice detector software that enables an unauthenticated attacker to alter device parameters and run operational commands when specially craft... | N/A | NONE | β | 0 |
| CVE-2026-21866 Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Difyβs default Mermaid ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-24848 OpenEMR is a free and open source electronic health records and medical practice management application. In 7.0.4 and earlier, the disposeDocument() method in EtherFaxActions.php allows authenticated ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24898 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0, an unauthenticated token disclosure vulnerability in the MedEx callback endpoin... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25146 OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret val... | 9.6 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.