Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-4546 A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The att... | 7.0 | HIGH | β | 0 |
| CVE-2026-4547 A security vulnerability has been detected in mickasmt next-saas-stripe-starter 1.0.0. Affected is the function generateUserStripe of the file actions/generate-user-stripe.ts of the component Checkout... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4548 A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4549 A flaw has been found in mickasmt next-saas-stripe-starter 1.0.0. Affected by this issue is the function openCustomerPortal of the file actions/open-customer-portal.ts of the component Stripe API. Thi... | 3.1 | LOW | β | 0 |
| CVE-2026-33295 WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains a stored cross-site scripting vulnerability in the CDN plugin's download buttons component. The `clean_title` ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-33296 WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected dire... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33319 WWBN AVideo is an open source video platform. Prior to version 26.0, the `uploadVideoToLinkedIn()` method in the SocialMediaPublisher plugin constructs a shell command by directly interpolating an upl... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-4554 A security flaw has been discovered in Tenda F453 1.0.0.3. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac results in command... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4555 A weakness has been identified in D-Link DIR-513 1.10. The impacted element is the function formEasySetTimezone of the file /goform/formEasySetTimezone of the component boa. This manipulation of the a... | 8.8 | HIGH | β | 0 |
| CVE-2026-4557 A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cr... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-2580 The WP Maps β Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the βorderbyβ parameter in all versions up t... | 7.5 | HIGH | β | 0 |
| CVE-2026-4562 A security flaw has been discovered in MacCMS 2025.1000.4052. This affects an unknown part of the file application/api/controller/Timming.php of the component Timming API Endpoint. The manipulation re... | 7.3 | HIGH | β | 0 |
| CVE-2026-4563 A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4564 A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulati... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-4572 A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request H... | 6.3 | MEDIUM | β | 0 |
| CVE-2019-25596 SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. ... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-4545 A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The at... | 7.0 | HIGH | β | 0 |
| CVE-2026-4580 A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulatio... | 7.3 | HIGH | β | 0 |
| CVE-2026-4628 A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloakβs User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteRe... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-4581 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the arg... | 7.3 | HIGH | β | 0 |
| CVE-2026-4582 A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation lea... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-28809 XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentiall... | N/A | NONE | β | 0 |
| CVE-2026-4583 A vulnerability was detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this issue is some unknown functionality of the component Bluetooth Handler. Performing a manipulation results... | 5.0 | MEDIUM | β | 0 |
| CVE-2026-4633 A flaw was found in Keycloak. A remote attacker can exploit differential error messages during the identity-first login flow when Organizations are enabled. This vulnerability allows an attacker to de... | 3.7 | LOW | β | 0 |
| CVE-2026-32968 Due to the improper neutralisation of special elements used in an OS command, an unauthenticated remote attacker can exploit an RCE vulnerability in the com_mb24sysapi module, resulting in full system... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32969 An unauthenticated remote attacker can exploit a Pre-Auth blind SQL Injection vulnerability in the userinfo endpointβs authentication method due to improper neutralization of special elements in a SQL... | 7.5 | HIGH | β | 0 |
| CVE-2026-4584 A flaw has been found in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. This affects an unknown part of the component Cardholder Data Handler. Executing a manipulation can lead to cleartext transmissio... | 3.1 | LOW | β | 0 |
| CVE-2026-4585 A vulnerability has been found in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This vulnerability affects unknown code of the file /Easy7/apps/WebService/ImportSystemConfiguration.jsp of ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-41007 SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint. | N/A | NONE | β | 0 |
| CVE-2026-1958 Use of hard-coded credentials in Klinika XP and KlinikaXP Insertino allowed an unauthorized attacker access to several internal services. Critically, this included access to the FTP server that hosted... | N/A | NONE | β | 0 |
| CVE-2026-31849 Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a r... | N/A | NONE | β | 0 |
| CVE-2026-31850 Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration... | N/A | NONE | β | 0 |
| CVE-2026-31851 Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authenti... | N/A | NONE | β | 0 |
| CVE-2026-4586 A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects the function Upload of the file chat2db-server/chat2db-server-web/chat2db-server-web-api/src/main/java/ai/chat2db/server/web/... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4587 A vulnerability was found in HybridAuth up to 3.12.2. This issue affects some unknown processing of the file src/HttpClient/Curl.php of the component SSL Handler. The manipulation of the argument curl... | 3.7 | LOW | β | 0 |
| CVE-2026-4588 A vulnerability was determined in kalcaddle kodbox 1.64. Impacted is the function shareSafeGroup of the file /workspace/source-code/app/controller/explorer/shareOut.class.php of the component Site-lev... | 3.7 | LOW | β | 0 |
| CVE-2026-4565 A vulnerability was detected in Tenda AC21 16.03.08.16. Impacted is the function formSetQosBand of the file /goform/SetNetControlList. Performing a manipulation of the argument list results in buffer ... | 8.8 | HIGH | β | 0 |
| CVE-2026-4606 GV Edge Recording Manager (ERM) v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system.Β During installation,... | N/A | NONE | β | 0 |
| CVE-2025-41008 SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.p... | N/A | NONE | β | 0 |
| CVE-2026-33297 WWBN AVideo is an open source video platform. Prior to version 26.0, the `setPassword.json.php` endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due t... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-33351 WWBN AVideo is an open source video platform. Prior to version 26.0, a Server-Side Request Forgery (SSRF) vulnerability exists in `plugin/Live/standAloneFiles/saveDVR.json.php`. When the AVideo Live p... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-4568 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-4569 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-10736 The ReviewX β WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authoriz... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-4570 A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-60947 Census CSWeb 8.0.1 allows arbitrary file upload. A remote, authenticated attacker could upload a malicious file, possibly leading to remote code execution. Fixed in 8.1.0 alpha. | 8.8 | HIGH | β | 0 |
| CVE-2026-22173 Rejected reason: This CVE ID has been rejected. | N/A | NONE | β | 0 |
| CVE-2026-29111 systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32276 Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to exe... | 8.8 | HIGH | β | 0 |
| CVE-2019-25597 NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers c... | 6.2 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.