Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-5812 A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-5813 A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid c... | 7.3 | HIGH | — | 0 |
| CVE-2026-5814 A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the a... | 7.3 | HIGH | — | 0 |
| CVE-2026-5823 A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed_tool_report.php. This manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5824 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to s... | 7.3 | HIGH | — | 0 |
| CVE-2026-5826 A flaw has been found in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /edit-category.php. Executing a manipulation of the argument Category can ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5827 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sq... | 7.3 | HIGH | — | 0 |
| CVE-2026-5828 A vulnerability was found in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /functions/addcomment.php. The manipulation of the argument postid re... | 7.3 | HIGH | — | 0 |
| CVE-2026-5829 A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument post_id ca... | 7.3 | HIGH | — | 0 |
| CVE-2026-5832 A weakness has been identified in atototo api-lab-mcp up to 0.2.1. This affects the function analyze_api_spec/generate_test_scenarios/test_http_endpoint of the file src/mcp/http-server.ts of the compo... | 7.3 | HIGH | — | 0 |
| CVE-2026-5559 A vulnerability has been found in AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha. The affected element is the function _is_safe_ast of the file sandbox.py of the component AST Validation. Such manipul... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5560 A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5561 A vulnerability was determined in Campcodes Complete POS Management and Inventory System up to 4.0.6. This affects an unknown function of the file app/Http/Controllers/SettingsController.php of the co... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5563 A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipula... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5564 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. T... | 7.3 | HIGH | — | 0 |
| CVE-2026-5565 A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Ha... | 7.3 | HIGH | — | 0 |
| CVE-2026-5568 A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site script... | 3.5 | LOW | — | 0 |
| CVE-2026-5574 A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/pat... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-5575 A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulat... | 7.3 | HIGH | — | 0 |
| CVE-2026-5576 A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipu... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5579 A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parame... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5580 A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5583 A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulati... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5587 A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function _execute_sql of the file core/agents.py of the component Refiner Agent.... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5594 A weakness has been identified in premAI-io premsql up to 0.2.1. Affected is the function eval of the file premsql/agents/baseline/workers/followup.py. This manipulation of the argument result causes ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5595 A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function load_files_from_disk/list_files_from_disk/save_content_to_file/save_memory_art... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5602 A vulnerability was determined in Nor2-io heim-mcp up to 0.1.3. Impacted is the function registerTools of the file src/tools.ts of the component new_heim_application/deploy_heim_application/deploy_hei... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5603 A vulnerability was identified in elgentos magento2-dev-mcp up to 1.0.2. The affected element is the function executeMagerun2Command of the file src/index.ts. Such manipulation leads to os command inj... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0630 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) and Archer AXE75 v1.0 allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation coul... | 8.0 | HIGH | — | 0 |
| CVE-2026-29100 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM 7.15.0 contains a reflected HTML injection vulnerability in the login page that allow... | 7.1 | HIGH | — | 0 |
| CVE-2026-22225 A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow a... | 7.2 | HIGH | — | 0 |
| CVE-2026-33395 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability t... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3948 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-15554 Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords. | 7.8 | HIGH | — | 0 |
| CVE-2026-20993 Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21000 Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21001 Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21002 Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3227 A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router confi... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-3237 In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that h... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-70128 A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supp... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-70129 If the anti spam-captcha functionality in PluXml versions 5.8.22 and earlier is enabled, a captcha challenge is generated with a format that can be automatically recognized for articles, such that an ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-67298 An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | 8.1 | HIGH | — | 0 |
| CVE-2019-25536 Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[]... | 8.2 | HIGH | — | 0 |
| CVE-2025-13044 IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-31838 Istio is an open platform to connect, manage, and secure microservices. Prior to 1.29.1, 1.28.5, and 1.27.8, a vulnerability in Envoy RBAC header matching could allow authorization policy bypass when ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27352 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Starto starto allows Reflected XSS.This issue affects Starto: from n/a through < 2.2.5. | 7.1 | HIGH | — | 0 |
| CVE-2026-27358 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Architecturer architecturer allows Reflected XSS.This issue affects Architecturer: from... | 7.1 | HIGH | — | 0 |
| CVE-2026-27367 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGoods Musico musico allows Reflected XSS.This issue affects Musico: from n/a through < 3.4.5. | 7.1 | HIGH | — | 0 |
| CVE-2025-69303 Missing Authorization vulnerability in modeltheme ModelTheme Framework modeltheme-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ModelTheme Framew... | 7.5 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.