Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-20021 A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20022 A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpec... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20023 A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, adjacen... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20024 A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpecte... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-20025 A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpecte... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-69343 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress theatre allows Stored XSS.This issue affects Theater for WordP... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3125 A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloud... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-70219 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-28427 OpenDeck is Linux software for your Elgato Stream Deck. Prior to 2.8.1, the service listening on port 57118 serves static files for installed plugins but does not properly sanitize path components. By... | N/A | NONE | β | 0 |
| CVE-2026-28434 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom excepti... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28435 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request... | 7.5 | HIGH | β | 0 |
| CVE-2026-3536 Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cr... | 8.8 | HIGH | β | 0 |
| CVE-2026-3537 Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security sever... | 8.8 | HIGH | β | 0 |
| CVE-2026-3538 Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cri... | 8.8 | HIGH | β | 0 |
| CVE-2026-3539 Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a craft... | 8.8 | HIGH | β | 0 |
| CVE-2026-3540 Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... | 8.8 | HIGH | β | 0 |
| CVE-2026-3541 Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Hig... | 8.8 | HIGH | β | 0 |
| CVE-2025-69411 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Robert Seyfriedsberger ionCube tester plus ioncube-tester-plus allows Path Traversal.This issue affects ... | 7.5 | HIGH | β | 0 |
| CVE-2026-3542 Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severi... | 8.8 | HIGH | β | 0 |
| CVE-2026-3543 Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev... | 8.8 | HIGH | β | 0 |
| CVE-2026-3544 Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High... | 8.8 | HIGH | β | 0 |
| CVE-2026-3545 Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severi... | 9.6 | CRITICAL | β | 0 |
| CVE-2025-46108 D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22385 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in don-themes Wolmart wolmart allows PHP Local File Inclusion.This issue affects W... | 8.1 | HIGH | β | 0 |
| CVE-2025-70221 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-70225 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66024 The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The... | N/A | NONE | β | 0 |
| CVE-2025-68467 Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet f... | 3.4 | LOW | β | 0 |
| CVE-2025-70222 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22040 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the sam... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25750 Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studi... | 8.1 | HIGH | β | 0 |
| CVE-2026-27801 Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Vaultwarden versions 1.34.3 and prior are susceptible to a 2FA bypass when performing protecte... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-27802 Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission upd... | 8.3 | HIGH | β | 0 |
| CVE-2026-27803 Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can stil... | 8.3 | HIGH | β | 0 |
| CVE-2026-27898 Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another userβs cipher_id an... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-29000 pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authenticati... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-41257 Supremaβs BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account ac... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-26002 Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory.... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-29045 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/a... | 7.5 | HIGH | β | 0 |
| CVE-2026-29085 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not vali... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-29086 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newlin... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-2297 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.aud... | N/A | NONE | β | 0 |
| CVE-2026-22052 ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the conte... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2833 An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, c... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-22387 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Aviana aviana allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | β | 0 |
| CVE-2026-2835 An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-2836 A cache poisoning vulnerability has been found in the Pingora HTTP proxy frameworkβs default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache ... | 8.1 | HIGH | β | 0 |
| CVE-2026-29121 International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip`Β utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can... | 7.8 | HIGH | β | 0 |
| CVE-2025-40926 Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the ep... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22457 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.