Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-7077 A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql... | 7.3 | HIGH | β | 0 |
| CVE-2026-7078 A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument pag... | 8.8 | HIGH | β | 0 |
| CVE-2026-7079 A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buf... | 8.8 | HIGH | β | 0 |
| CVE-2026-7080 A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the arg... | 8.8 | HIGH | β | 0 |
| CVE-2026-7106 The Highland Software Custom Role Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 1.0.0. This is due to insufficient authorization checks in the hscr... | 8.8 | HIGH | β | 0 |
| CVE-2026-3867 An improper ownership management vulnerability has been identified in Moxaβs Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration fil... | N/A | NONE | β | 0 |
| CVE-2026-3868 An improper handling of the length parameter inconsistency vulnerability has been identified in Moxaβs Secure Router.Β Because of improper validation of length parameters in the HTTPS management interf... | N/A | NONE | β | 0 |
| CVE-2026-7081 A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips ... | 8.8 | HIGH | β | 0 |
| CVE-2026-7082 A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argu... | 8.8 | HIGH | β | 0 |
| CVE-2026-7083 A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-7084 A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. Th... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7085 A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endp... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-7086 A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-7087 A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save_sales. Performing a manipulation of the... | 7.3 | HIGH | β | 0 |
| CVE-2026-7088 A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=save_receiving. Executing a manipulat... | 7.3 | HIGH | β | 0 |
| CVE-2026-7089 A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The mani... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-7090 A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument ms... | 2.4 | LOW | β | 0 |
| CVE-2026-7091 A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper aut... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7093 A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7094 A vulnerability was determined in ShadowCloneLabs GlutamateMCPServers up to e2de73280b01e5d943593dd1aa2c01c5b9112f78. Affected by this issue is some unknown functionality of the file src/puppeteer/ind... | 7.3 | HIGH | β | 0 |
| CVE-2026-22077 OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information d... | N/A | NONE | β | 0 |
| CVE-2026-7095 A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site sc... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-7096 A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_lo... | 8.8 | HIGH | β | 0 |
| CVE-2026-7097 A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the... | 8.8 | HIGH | β | 0 |
| CVE-2026-40048 The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter... | 7.8 | HIGH | β | 0 |
| CVE-2026-40453 The fix for CVE-2025-27636 added setLowerCase(true) to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecu... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-40473 The camel-mina component's MinaConverter.toObjectInput(IoBuffer) type converter wraps an IoBuffer in a java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. W... | 8.8 | HIGH | β | 0 |
| CVE-2026-40860 JmsBinding.extractBodyFromJms() in camel-jms, and the equivalent JmsBinding class in camel-sjms, deserialized the payload of incoming JMS ObjectMessage values via javax.jms.ObjectMessage.getObject() w... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-7098 A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2026-7099 A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument... | 8.8 | HIGH | β | 0 |
| CVE-2026-7100 A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overfl... | 8.8 | HIGH | β | 0 |
| CVE-2026-7101 A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Rem... | 8.8 | HIGH | β | 0 |
| CVE-2026-7103 A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Passwo... | 3.7 | LOW | β | 0 |
| CVE-2026-7107 A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestric... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33454 The Camel-Mail component is vulnerable to Camel message header injection. The custom header filter strategy used by the component (MailHeaderFilterStrategy) only filters the 'out' direction via setOut... | 9.4 | CRITICAL | β | 0 |
| CVE-2026-40022 When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via ca... | 8.2 | HIGH | β | 0 |
| CVE-2026-40858 The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputF... | 8.8 | HIGH | β | 0 |
| CVE-2026-7112 A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-27172 The ConsulRegistry in the camel-consul component (class org.apache.camel.component.consul.ConsulRegistry and its inner ConsulRegistryUtils.deserialize method) read Java-serialized values from the Cons... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-33453 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Apache Camel Camel-Coap component. Apache Camel's camel-coap component is vulnerable to Camel message h... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-7113 A vulnerability was found in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/webhook.py of the component Webhooks Endpoint. The mani... | 5.6 | MEDIUM | β | 0 |
| CVE-2026-7114 A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection.... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-7115 A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-42410 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem T... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-5937 Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5938 Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5939 A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5940 Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | 7.8 | HIGH | β | 0 |
| CVE-2026-5941 Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inter... | 7.8 | HIGH | β | 0 |
| CVE-2026-5942 Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.