Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-27530 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27531 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27532 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-27467 BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless of mute state. ... | 2.0 | LOW | — | 0 |
| CVE-2026-27469 Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecti... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27470 ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the w... | 8.8 | HIGH | — | 0 |
| CVE-2019-25443 Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicio... | 8.2 | HIGH | — | 0 |
| CVE-2026-2870 A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in st... | 8.8 | HIGH | — | 0 |
| CVE-2026-2871 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2026-2872 A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration E... | 8.8 | HIGH | — | 0 |
| CVE-2026-2873 A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime... | 8.8 | HIGH | — | 0 |
| CVE-2026-2874 A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to sta... | 8.8 | HIGH | — | 0 |
| CVE-2026-2876 A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-base... | 8.8 | HIGH | — | 0 |
| CVE-2026-2926 A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the arg... | 8.8 | HIGH | — | 0 |
| CVE-2026-2927 A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_462590 of the file /boafrm/formOpMode of the component Operation Mode Configuration Endpoint. The... | 8.8 | HIGH | — | 0 |
| CVE-2026-2928 A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_452CCC of the file /boafrm/formWlEncrypt of the component WLAN Encryption Configuration Endpoint. The manipula... | 8.8 | HIGH | — | 0 |
| CVE-2026-1369 The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before redirecting the user to its value, leading to an Open Redirect issue | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2929 A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_453140 of the file /boafrm/formWlAc of the component Wireless Access Control Endpoint. This manipulation of the ... | 8.8 | HIGH | — | 0 |
| CVE-2019-25391 Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST... | 8.2 | HIGH | — | 0 |
| CVE-2026-2997 Tronclass developed by WisdomGarden has a Insecure Direct Object Reference vulnerability. After obtaining a course ID, authenticated remote attackers to modify a specific parameter to obtain a course ... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2998 ERP developed by eAI Technologies has a DLL Hijacking vulnerability, allowing authenticated local attackers to place a crafted DLL file in the same directory as the program, thereby executing arbitrar... | 7.8 | HIGH | — | 0 |
| CVE-2025-70058 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in t... | 7.4 | HIGH | — | 0 |
| CVE-2025-69700 Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler. | 7.5 | HIGH | — | 0 |
| CVE-2026-21420 Dell Repository Manager (DRM), versions prior to 3.4.8, contains an Uncontrolled Search Path Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi... | 7.3 | HIGH | — | 0 |
| CVE-2025-70043 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-70044 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in fofolee uTools-quickcommand 5.0.3. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-61147 strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table(). | 6.2 | MEDIUM | — | 0 |
| CVE-2025-70327 TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar a... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70328 TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_4... | 8.8 | HIGH | — | 0 |
| CVE-2025-71056 Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user. | 8.1 | HIGH | — | 0 |
| CVE-2026-23521 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set a device `uniqueId` to an absolu... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23693 ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor (elementskit-lite) WordPress plugin versions prior to 3.7.9 expose the REST endpoint /wp-json/elementskit/v1/widget/mai... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-23694 Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handler... | N/A | NONE | — | 0 |
| CVE-2026-25648 Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users' browsers by u... | 8.7 | HIGH | — | 0 |
| CVE-2026-21864 Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a sp... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-24481 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagi... | 7.5 | HIGH | — | 0 |
| CVE-2026-24484 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions to... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24485 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid Sync marker, the Decod... | 7.5 | HIGH | — | 0 |
| CVE-2026-25501 free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer ... | 7.5 | HIGH | — | 0 |
| CVE-2025-11846 A null pointer dereference vulnerability in the account settings CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.6)C0 and the Zyxel WX3100-T0 firmware versions through 5.50... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-25897 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, an Integer Overflow vulnerability exists in the sun decoder. On... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25898 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder do not validate the pixel index v... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25965 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filen... | 8.6 | HIGH | — | 0 |
| CVE-2026-25966 ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard st... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-2678 Reflected Cross-Site Scripting (XSS) on the A3factura web platform, in parameter 'name', parameter 'name', in 'a3factura-app.wolterskluwer.es/#/incomes/customers' endpoint, which could allow an attack... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26284 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick lacks proper boundary checking when processing Huff... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26331 yt-dlp is a command-line audio/video downloader. Starting in version 2023.06.21 and prior to version 2026.02.21, when yt-dlp's `--netrc-cmd` command-line option (or `netrc_cmd` Python API parameter) i... | 8.8 | HIGH | — | 0 |
| CVE-2026-26981 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26983 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` e... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27126 Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting (XSS) vulnerability exists in the `editableTable.twig` com... | 4.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.