Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-7072 The firmware in KAON CG3000TC and CG3000T routers contains hard-coded credentials in clear text (shared across all routers of this model) that an unauthenticated remote attacker could use to execute c... | N/A | NONE | — | 0 |
| CVE-2026-22081 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the missing HTTPOnly flag for session cookies associated with the web-based administr... | N/A | NONE | — | 0 |
| CVE-2026-22082 This vulnerability exists in Tenda wireless routers (300Mbps Wireless Router F3 and N300 Easy Setup Router) due to the use of login credentials as the session ID through its web-based administrative i... | N/A | NONE | — | 0 |
| CVE-2020-36875 AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP cod... | N/A | NONE | — | 0 |
| CVE-2025-66744 In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within th... | 7.5 | HIGH | — | 0 |
| CVE-2025-69425 The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies on a har... | N/A | NONE | — | 0 |
| CVE-2025-69426 The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-a... | N/A | NONE | — | 0 |
| CVE-2026-22194 GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce ... | 8.8 | HIGH | — | 0 |
| CVE-2026-22195 GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization,... | 8.1 | HIGH | — | 0 |
| CVE-2026-22196 GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without ... | 8.1 | HIGH | — | 0 |
| CVE-2026-22197 GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated int... | 8.1 | HIGH | — | 0 |
| CVE-2026-22198 GestSup versions prior to 3.2.60 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a crafted X-API-KEY... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-67070 A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password re... | 8.2 | HIGH | — | 0 |
| CVE-2026-0830 Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously craft... | 7.8 | HIGH | — | 0 |
| CVE-2025-46286 A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required immediately after Face ID enroll... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-46297 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App Sandbox container. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-62487 On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression was traced back to a chan... | 3.5 | LOW | — | 0 |
| CVE-2026-21897 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.3 | HIGH | — | 0 |
| CVE-2026-21898 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 8.2 | HIGH | — | 0 |
| CVE-2026-21899 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-21900 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 5.9 | MEDIUM | — | 0 |
| CVE-2025-69270 Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earl... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22023 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-22024 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22025 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 3.7 | LOW | — | 0 |
| CVE-2026-22026 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-22027 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-41006 Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’. | N/A | NONE | — | 0 |
| CVE-2026-22697 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight Syst... | 7.5 | HIGH | — | 0 |
| CVE-2026-22600 OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export functionality of OpenProject prior to version 16.6.4. ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-22601 OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary ... | 7.2 | HIGH | — | 0 |
| CVE-2026-22602 OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, a low‑privileged logged-in user can view the full names of other users. Since user IDs are assigned seque... | 3.5 | LOW | — | 0 |
| CVE-2026-22603 OpenProject is an open-source, web-based project management software. Prior to version 16.6.2, OpenProject’s unauthenticated password-change endpoint (/account/change_password) was not protected by th... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22604 OpenProject is an open-source, web-based project management software. For OpenProject versions from 11.2.1 to before 16.6.2, when sending a POST request to the /account/change_password endpoint with a... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22605 OpenProject is an open-source, web-based project management software. OpenProject versions prior to version 16.6.3, allowed users with the View Meetings permission on any project, to access meeting de... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22606 Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python’s runpy module as unsafe. Because of this, a malicious pickle that uses ru... | 7.8 | HIGH | — | 0 |
| CVE-2026-22607 Fickling is a Python pickling decompiler and static analyzer. Fickling versions up to and including 0.1.6 do not treat Python's cProfile module as unsafe. Because of this, a malicious pickle that uses... | 7.8 | HIGH | — | 0 |
| CVE-2026-22608 Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, both ctypes and pydoc modules aren't explicitly blocked. Even other existing pickle scanning tools (like picklesca... | 7.8 | HIGH | — | 0 |
| CVE-2026-0854 Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device. | 8.8 | HIGH | — | 0 |
| CVE-2026-22609 Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the unsafe_imports() method in Fickling's static analyzer fails to flag several high-risk Python modules that can ... | 7.8 | HIGH | — | 0 |
| CVE-2026-22612 Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, Fickling is vulnerable to detection bypass due to "builtins" blindness. This issue has been patched in version 0.1... | 7.8 | HIGH | — | 0 |
| CVE-2026-22594 Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue ha... | 8.1 | HIGH | — | 0 |
| CVE-2026-22595 Ghost is a Node.js content management system. In versions 5.121.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's handling of Staff Token authentication allowed certain endpoints ... | 8.1 | HIGH | — | 0 |
| CVE-2026-22596 Ghost is a Node.js content management system. In versions 5.90.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's /ghost/api/admin/members/events endpoint allows users with authent... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-0855 Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device. | 8.8 | HIGH | — | 0 |
| CVE-2026-22597 Ghost is a Node.js content management system. In versions 5.38.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost’s media inliner mechanism allows staff users in possession of a vali... | 2.7 | LOW | — | 0 |
| CVE-2025-13457 The WooCommerce Square plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.1 via the get_token_by_id function due to missing validation on... | 7.5 | HIGH | — | 0 |
| CVE-2026-22611 AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications... | 3.7 | LOW | — | 0 |
| CVE-2025-14943 The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 8.7.2. This is due to a misconfigured aut... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.