Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-0598 A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the a... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-10753 The OAuth Single Sign On β SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and auth... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0521 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victi... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-24914 Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-24925 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | β | 0 |
| CVE-2026-24926 Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | 8.4 | HIGH | β | 0 |
| CVE-2026-24929 Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-24930 UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | 8.4 | HIGH | β | 0 |
| CVE-2026-24931 Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-2011 A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument I... | 7.3 | HIGH | β | 0 |
| CVE-2026-2012 A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argum... | 7.3 | HIGH | β | 0 |
| CVE-2026-24920 Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-2055 A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation c... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13818 Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent | 6.7 | MEDIUM | β | 0 |
| CVE-2026-2056 A security vulnerability has been detected in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The impacted element is an unknown function of the file /wan_connection_status.asp of the component DHCP Con... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-2057 A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sq... | 7.3 | HIGH | β | 0 |
| CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attacker... | 7.8 | HIGH | β | 0 |
| CVE-2019-25292 Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the ... | 7.8 | HIGH | β | 0 |
| CVE-2026-24419 OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima N... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25722 Claude Code is an agentic coding tool. Prior to version 2.0.57, Claude Code failed to properly validate directory changes when combined with write operations to protected folders. By using the cd comm... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25723 Claude Code is an agentic coding tool. Prior to version 2.0.55, Claude Code failed to properly validate commands using piped sed operations with the echo command, allowing attackers to bypass file wri... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25725 Claude Code is an agentic coding tool. Prior to version 2.1.2, Claude Code's bubblewrap sandboxing mechanism failed to properly protect the .claude/settings.json configuration file when it did not exi... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-2060 A vulnerability was found in code-projects Simple Blood Donor Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /simpleblooddonor/editcampaignform.php. Perf... | 7.3 | HIGH | β | 0 |
| CVE-2020-37122 SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file wit... | 7.5 | HIGH | β | 0 |
| CVE-2026-25586 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, a sandbox escape is possible by shadowing hasOwnProperty on a sandbox object, which disables prototype whitelist enforcement in the prope... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25587 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, as Map is in SAFE_PROTOYPES, it's prototype can be obtained via Map.prototype. By overwriting Map.prototype.has the sandbox can be escape... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25641 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, there is a sandbox escape vulnerability due to a mismatch between the key on which the validation is performed and the key used for acces... | 10.0 | CRITICAL | β | 0 |
| CVE-2026-25643 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Friga... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-2064 A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/meusdadod.php of the component User Data Page. Such m... | 3.5 | LOW | β | 0 |
| CVE-2026-25593 OpenClaw is a personal AI assistant. Prior to 2026.1.20, an unauthenticated local client could use the Gateway WebSocket API to write config via config.apply and set unsafe cliPath values that were la... | 8.4 | HIGH | β | 0 |
| CVE-2026-2071 A vulnerability was found in UTT θΏε 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in b... | 8.8 | HIGH | β | 0 |
| CVE-2025-31990 Rate limiting for certain API calls is not being enforced, making HCL Velocity vulnerable to Denial of Service (DoS) attacks. An attacker could flood the system with a large number of requests, overw... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-25837 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25838 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25839 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25840 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25841 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25842 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25843 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25844 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25845 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-2073 A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead... | 7.3 | HIGH | β | 0 |
| CVE-2026-2074 A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation lea... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-12159 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_raw_content shortcode in all versions up to, and including, 5.4.8 due to insufficient inp... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1570 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1 due to insufficient ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1573 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input sanitiz... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1608 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitizat... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1611 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to insufficient inpu... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1613 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitiza... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1634 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient inpu... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.