Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-22222 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to... | 8.0 | HIGH | — | 0 |
| CVE-2026-22223 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to ... | 8.0 | HIGH | — | 0 |
| CVE-2026-22224 A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attack... | 7.2 | HIGH | — | 0 |
| CVE-2026-24737 jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript action... | 8.1 | HIGH | — | 0 |
| CVE-2026-24763 OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due... | 8.8 | HIGH | — | 0 |
| CVE-2026-25134 Group-Office is an enterprise customer relationship management and groupware tool. Prior to 6.8.150, 25.0.82, and 26.0.5, the MaintenanceController exposes an action zipLanguage which takes a lang par... | 8.8 | HIGH | — | 0 |
| CVE-2026-25137 The NixOs Odoo package is an open source ERP and CRM system. From 21.11 to before 25.11 and 26.05, every NixOS based Odoo setup publicly exposes the database manager without any authentication. This a... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-25142 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.27, SanboxJS does not properly restrict __lookupGetter__ which can be used to obtain prototypes, which can be used for escaping the sandbox /... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-61635 Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php. This issue affects ConfirmEdit: *. | N/A | NONE | — | 0 |
| CVE-2026-0383 A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command. | 7.8 | HIGH | — | 0 |
| CVE-2026-0909 The WP ULike plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.8.3.1. This is due to the `wp_ulike_delete_history_api` AJAX action not veri... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1788 : Out-of-bounds Write vulnerability in Xquic Project Xquic Server xquic on Linux (QUIC protocol implementation, packet processing module modules) allows : Buffer Manipulation.This issue affects Xquic ... | N/A | NONE | — | 0 |
| CVE-2025-58380 A vulnerability in Brocade Fabric OS before 9.2.1 could allow an authenticated attacker with admin privileges using the shell command “grep” to modify the path variables and move upwards in the direct... | 2.3 | LOW | — | 0 |
| CVE-2025-14274 The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Border Hero widget's Button Link field in versions up to 2.0.1. This is due to insufficie... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-58381 A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path varia... | 2.3 | LOW | — | 0 |
| CVE-2025-9711 A vulnerability in Brocade Fabric OS before 9.2.1c3 could allow elevating the privileges of the local authenticated user to “root” using the export option of seccertmgmt and seccryptocfg commands. | 7.8 | HIGH | — | 0 |
| CVE-2026-1375 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object References (IDOR) in all versions up to, and including, 3.9.5. This is due to missing ... | 8.1 | HIGH | — | 0 |
| CVE-2026-1591 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1592 Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary Jav... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-1730 The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, ... | 8.8 | HIGH | — | 0 |
| CVE-2025-8456 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected ... | 7.6 | HIGH | — | 0 |
| CVE-2025-8461 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026. NOT... | 7.6 | HIGH | — | 0 |
| CVE-2025-41065 Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payloa... | N/A | NONE | — | 0 |
| CVE-2025-59902 HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters... | N/A | NONE | — | 0 |
| CVE-2026-1664 Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `Ref... | N/A | NONE | — | 0 |
| CVE-2025-6397 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS.This issue affects Webs... | 8.6 | HIGH | — | 0 |
| CVE-2025-7760 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ofisimo Web-Based Software Technologies Association Web Package Flora allows XSS Through HT... | 7.6 | HIGH | — | 0 |
| CVE-2020-37098 Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted... | 7.8 | HIGH | — | 0 |
| CVE-2020-37099 Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the ... | 7.8 | HIGH | — | 0 |
| CVE-2020-37101 VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in '... | 7.8 | HIGH | — | 0 |
| CVE-2020-37102 Adaware Web Companion 4.9.2159 contains an unquoted service path vulnerability in the WCAssistantService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | — | 0 |
| CVE-2025-13473 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows rem... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24991 Authorization Bypass Through User-Controlled Key vulnerability in HT Plugins Extensions For CF7 extensions-for-cf7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue af... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24992 Insertion of Sensitive Information Into Sent Data vulnerability in WPFactory Advanced WooCommerce Product Sales Reporting webd-woocommerce-advanced-reporting-statistics allows Retrieve Embedded Sensit... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24994 Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Pho... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24995 Missing Authorization vulnerability in Iulia Cazan Latest Post Shortcode latest-post-shortcode allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Latest Post Sh... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24996 Missing Authorization vulnerability in wpelemento WPElemento Importer wpelemento-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPElemento Importer... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-24997 Missing Authorization vulnerability in Wired Impact Wired Impact Volunteer Management wired-impact-volunteer-management allows Exploiting Incorrectly Configured Access Control Security Levels.This iss... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24998 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPMU DEV - Your All-in-One WordPress Platform Hustle wordpress-popup allows Retrieve Embedded Sensitive Data... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25010 Missing Authorization vulnerability in ILLID Share This Image share-this-image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Share This Image: from n/a thr... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25011 Missing Authorization vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-25012 Missing Authorization vulnerability in gfazioli WP Bannerize Pro wp-bannerize-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Bannerize Pro: from n/a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25014 Cross-Site Request Forgery (CSRF) vulnerability in themelooks Enter Addons enteraddons allows Cross Site Request Forgery.This issue affects Enter Addons: from n/a through <= 2.3.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2020-37116 GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the ... | 8.8 | HIGH | — | 0 |
| CVE-2025-46651 Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-52629 HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe script... | 3.7 | LOW | — | 0 |
| CVE-2025-57529 YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-58340 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allo... | 6.2 | MEDIUM | — | 0 |
| CVE-2025-58341 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930 and W1000. There is unbounded memory allo... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-24514 A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission co... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.