Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-20417 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20418 In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20419 In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional execution pri... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20420 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20421 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20422 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-1751 A vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain con... | 3.1 | LOW | — | 0 |
| CVE-2024-2356 A Local File Inclusion (LFI) vulnerability exists in the '/reinstall_extension' endpoint of the parisneo/lollms-webui application, specifically within the `name` parameter of the `@router.post("/reins... | N/A | NONE | — | 0 |
| CVE-2024-4147 In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability... | 6.5 | MEDIUM | — | 0 |
| CVE-2024-5386 In lunary-ai/lunary version 1.2.2, an account hijacking vulnerability exists due to a password reset token leak. A user with a 'viewer' role can exploit this vulnerability to hijack another user's acc... | 8.8 | HIGH | — | 0 |
| CVE-2024-5986 A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the `/3/Parse` endpoint to inject attacker-con... | N/A | NONE | — | 0 |
| CVE-2025-6208 The `SimpleDirectoryReader` component in `llama_index.core` version 0.12.23 suffers from uncontrolled memory consumption due to a resource management flaw. The vulnerability arises because the user-sp... | N/A | NONE | — | 0 |
| CVE-2026-0599 A vulnerability in huggingface/text-generation-inference version 3.3.6 allows unauthenticated remote attackers to exploit unbounded external image fetching during input validation in VLM mode. The iss... | N/A | NONE | — | 0 |
| CVE-2026-1186 EAP Legislator is vulnerable to Path Traversal in file extraction functionality. Attacker can prepare zipx archive (default file type used by the Legislator application) and choose arbitrary path outs... | N/A | NONE | — | 0 |
| CVE-2026-24071 It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploite... | 7.8 | HIGH | — | 0 |
| CVE-2022-50975 An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet is enabled. | 8.8 | HIGH | — | 0 |
| CVE-2022-50976 A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB. | 7.7 | HIGH | — | 0 |
| CVE-2022-50977 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | 7.5 | HIGH | — | 0 |
| CVE-2022-50978 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | 7.5 | HIGH | — | 0 |
| CVE-2022-50979 An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | 6.5 | MEDIUM | — | 0 |
| CVE-2025-14914 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading ... | 7.6 | HIGH | — | 0 |
| CVE-2025-15395 IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-47358 Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently. | 7.8 | HIGH | — | 0 |
| CVE-2025-47359 Memory Corruption when multiple threads simultaneously access a memory free API. | 7.8 | HIGH | — | 0 |
| CVE-2025-47363 Memory corruption when calculating oversized partition sizes without proper checks. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47364 Memory corruption while calculating offset from partition start point. | 6.8 | MEDIUM | — | 0 |
| CVE-2025-47366 Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. | 7.1 | HIGH | — | 0 |
| CVE-2025-47397 Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. | 7.8 | HIGH | — | 0 |
| CVE-2025-47402 Transient DOS when processing a received frame with an excessively large authentication information element. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0921 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | — | 0 |
| CVE-2026-1232 A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may b... | N/A | NONE | — | 0 |
| CVE-2026-1770 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting mal... | N/A | NONE | — | 0 |
| CVE-2026-0631 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows an adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker... | 8.0 | HIGH | — | 0 |
| CVE-2025-70960 A stored cross-site scripting (XSS) vulnerability in the Forums module of Tendenci CMS v15.3.7 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-22221 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to ... | 8.0 | HIGH | — | 0 |
| CVE-2026-22222 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(web modules) allows adjacent authenticated attacker to execute arbitrary code. Successful exploitation could allow an attacker to... | 8.0 | HIGH | — | 0 |
| CVE-2026-22223 An OS Command Injection vulnerability in TP-Link Archer BE230 v1.2(vpn modules) allows adjacent authenticated attacker execute arbitrary code. Successful exploitation could allow an attacker to ... | 8.0 | HIGH | — | 0 |
| CVE-2026-22224 A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attack... | 7.2 | HIGH | — | 0 |
| CVE-2026-22226 A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an atta... | 7.2 | HIGH | — | 0 |
| CVE-2026-22227 A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could al... | 7.2 | HIGH | — | 0 |
| CVE-2025-12772 Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch ... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-1777 The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permiss... | 7.2 | HIGH | — | 0 |
| CVE-2025-13096 IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 i... | 7.1 | HIGH | — | 0 |
| CVE-2025-36253 IBM Concert 1.0.0 through 2.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.9 | MEDIUM | — | 0 |
| CVE-2025-6590 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextFie... | N/A | NONE | — | 0 |
| CVE-2025-6592 Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646... | N/A | NONE | — | 0 |
| CVE-2025-6593 Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1... | N/A | NONE | — | 0 |
| CVE-2025-6594 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resourc... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-6595 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-6596 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.