Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28517 openDCIM version 23.04, through commit 4467e9c4, contains an OS command injection vulnerability in report_network_map.php. The application retrieves the 'dot' configuration parameter from the database... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-2647 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-1542 The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-2471 The WP Mail Logging plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.15.0 via deserialization of untrusted input from the email log message field. Thi... | 7.5 | HIGH | β | 0 |
| CVE-2025-13673 The Tutor LMS β eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient... | 7.5 | HIGH | β | 0 |
| CVE-2026-2844 Missing Authentication for Critical Function vulnerability in Microchip TimePictra allows Configuration/Environment Manipulation.This issue affects TimePictra: from 11.0 through 11.3 SP2. | 7.5 | HIGH | β | 0 |
| CVE-2026-3010 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: fro... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-28555 wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to close or reopen any forum topic via the wpforo_close_ajax handler. Attackers submit a valid ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-28556 wpForo Forum 2.4.14 contains a missing authorization vulnerability that allows authenticated subscribers to move, merge, or split any forum topic via the topic_move, topic_merge, and topic_split form ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28557 wpForo Forum 2.4.14 contains a missing capability check vulnerability that allows authenticated users to trigger bulk wpForo usergroup reassignment via the wpforo_synch_roles AJAX handler. Attackers a... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28558 wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-28559 wpForo Forum 2.4.14 contains an information disclosure vulnerability that allows unauthenticated users to retrieve private and unapproved forum topics via the global RSS feed endpoint. Attackers reque... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28560 wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows script injection via forum URL data output into an inline script block using json_encode without the JSON_HEX_TAG f... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-28401 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28561 wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across m... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-28562 wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers ... | 8.2 | HIGH | β | 0 |
| CVE-2026-3376 A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument ... | 8.8 | HIGH | β | 0 |
| CVE-2026-3377 A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results i... | 8.8 | HIGH | β | 0 |
| CVE-2026-3378 A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The atta... | 8.8 | HIGH | β | 0 |
| CVE-2026-3379 A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflo... | 8.8 | HIGH | β | 0 |
| CVE-2026-3380 A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may ... | 8.8 | HIGH | β | 0 |
| CVE-2026-3382 A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Perfor... | 3.3 | LOW | β | 0 |
| CVE-2026-3383 A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation c... | 3.3 | LOW | β | 0 |
| CVE-2026-3384 A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript... | 3.3 | LOW | β | 0 |
| CVE-2026-3385 A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking loca... | 3.3 | LOW | β | 0 |
| CVE-2026-3411 A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The mani... | 7.3 | HIGH | β | 0 |
| CVE-2026-3386 A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possib... | 3.3 | LOW | β | 0 |
| CVE-2026-3387 A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null pointe... | 3.3 | LOW | β | 0 |
| CVE-2026-3388 A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled... | 3.3 | LOW | β | 0 |
| CVE-2026-3389 A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer ... | 3.3 | LOW | β | 0 |
| CVE-2026-3390 A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation lea... | 3.3 | LOW | β | 0 |
| CVE-2026-3391 A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack ... | 3.3 | LOW | β | 0 |
| CVE-2026-3392 A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The at... | 3.3 | LOW | β | 0 |
| CVE-2026-3393 A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the compone... | 3.3 | LOW | β | 0 |
| CVE-2026-3394 A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Perfor... | 3.3 | LOW | β | 0 |
| CVE-2026-3395 A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX E... | 7.3 | HIGH | β | 0 |
| CVE-2026-3398 A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPO... | 8.8 | HIGH | β | 0 |
| CVE-2026-20428 In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-3399 A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the... | 8.8 | HIGH | β | 0 |
| CVE-2026-3400 A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wp... | 8.8 | HIGH | β | 0 |
| CVE-2026-3401 A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the... | 3.1 | LOW | β | 0 |
| CVE-2026-3402 A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argu... | 2.4 | LOW | β | 0 |
| CVE-2026-3403 A vulnerability was detected in PHPGurukul Student Record Management System 1.0. This issue affects some unknown processing of the file /edit-subject.php. Performing a manipulation of the argument Sub... | 2.4 | LOW | β | 0 |
| CVE-2026-3404 A flaw has been found in thinkgem JeeSite up to 5.15.1. Impacted is an unknown function of the file /com/jeesite/common/shiro/cas/CasOutHandler.java of the component Endpoint. Executing a manipulation... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-3405 A vulnerability has been found in thinkgem JeeSite up to 5.15.1. The affected element is an unknown function of the component Connection Handler. The manipulation leads to path traversal. It is possib... | 3.1 | LOW | β | 0 |
| CVE-2026-3406 A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manip... | 7.3 | HIGH | β | 0 |
| CVE-2026-3408 A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3410 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation o... | 7.3 | HIGH | β | 0 |
| CVE-2026-3412 A vulnerability was detected in itsourcecode University Management System 1.0. This affects an unknown part of the file /att_single_view.php. The manipulation of the argument dt results in cross site ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15597 A vulnerability has been found in Dataease SQLBot up to 1.4.0. This affects an unknown function of the file backend/apps/system/api/assistant.py of the component API Endpoint. Such manipulation leads ... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.