Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5451 The Extensions for Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'elevation-track' shortcode in all versions up to, and including, 4.14. This is due to insuffic... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-27250 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27251 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27252 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27253 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27254 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27255 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27256 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-27257 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-31890 Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. Prior to 0.50.1, in a situation where the ring-buffer of a... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-4181 A security flaw has been discovered in D-Link DIR-816 1.10CNB05. This affects an unknown function of the file /goform/form2RepeaterStep2.cgi of the component goahead. The manipulation of the argument ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | 7.5 | HIGH | β | 0 |
| CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | 7.7 | HIGH | β | 0 |
| CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). | 6.7 | MEDIUM | β | 0 |
| CVE-2026-33950 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.4, there is a privilege escalation vulnerability by Admin Role Injection via /enableSecurity.... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-33951 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0-beta.1, the SignalK Server exposes an unauthenticated HTTP endpoint that allows remote attackers t... | 7.5 | HIGH | β | 0 |
| CVE-2026-34083 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where th... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-35038 Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, there is an arbitrary prototype read vulnerability via `from` field bypass. This vulnerability al... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3524 Mattermost Plugin Legal Hold versions <=1.1.4 fail to halt request processing after a failed authorization check in ServeHTTP which allows an authenticated attacker to access, create, download, and de... | 8.8 | HIGH | β | 0 |
| CVE-2026-5803 A security flaw has been discovered in bigsk1 openai-realtime-ui up to 188ccde27fdf3d8fab8da81f3893468f53b2797c. The affected element is an unknown function of the file server.js of the component API ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5805 A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contact_us.php. Executing a manipulation of the argument Name c... | 7.3 | HIGH | β | 0 |
| CVE-2026-29872 A cross-session information disclosure vulnerability exists in the awesome-llm-apps project in commit e46690f99c3f08be80a9877fab52acacf7ab8251 (2026-01-19). The affected Streamlit-based GitHub MCP Age... | 8.2 | HIGH | β | 0 |
| CVE-2026-30307 Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regula... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-5177 A weakness has been identified in Totolink A3300R 17.0.0cu.557_b20221024. Affected by this vulnerability is the function setWiFiBasicCfg of the file /cgi-bin/cstecgi.cgi. Executing a manipulation of t... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-22569 An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances. | 5.4 | MEDIUM | β | 0 |
| CVE-2026-34566 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34567 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34568 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-34569 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-5711 The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 du... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-36375 IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is v... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-66483 IBM Aspera Shares 1.9.9 through 1.11.0 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-34812 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the mimetypes parameter to /cgi-bin/proxypolicy.cgi. An authenticated attacker can inject arbitrary JavaScript that... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34813 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is sto... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34814 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the group parameter to /cgi-bin/proxygroup.cgi. An authenticated attacker can inject arbitrary JavaScript that is s... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34815 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the DOMAIN parameter to /cgi-bin/smtpdomains.cgi. An authenticated attacker can inject arbitrary JavaScript that is... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34816 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the domain parameter to /manage/smtpscan/domainrouting/. An authenticated attacker can inject arbitrary JavaScript ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34817 Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript th... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34973 phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the searchCustomPages() method in phpmyfaq/src/phpMyFAQ/Search.php uses real_escape_string() (via escape()) to sanitize the sear... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34974 phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs with... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-5806 A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cros... | 3.5 | LOW | β | 0 |
| CVE-2026-5812 A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-5813 A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid c... | 7.3 | HIGH | β | 0 |
| CVE-2026-5814 A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the a... | 7.3 | HIGH | β | 0 |
| CVE-2026-5823 A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-5824 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to s... | 7.3 | HIGH | β | 0 |
| CVE-2026-5826 A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5827 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sq... | 7.3 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.