Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-23049 In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pane... | N/A | NONE | β | 0 |
| CVE-2026-23051 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather th... | N/A | NONE | β | 0 |
| CVE-2026-23052 In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mul... | N/A | NONE | β | 0 |
| CVE-2024-51451 IBM Concert 1.0.0 through 2.1.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23054 In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection tab... | N/A | NONE | β | 0 |
| CVE-2026-23055 In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend suppor... | N/A | NONE | β | 0 |
| CVE-2026-23056 In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_ops does not support the mremap operation of vm_oper... | N/A | NONE | β | 0 |
| CVE-2026-23057 In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare ta... | N/A | NONE | β | 0 |
| CVE-2026-23058 In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: g... | N/A | NONE | β | 0 |
| CVE-2026-25547 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded bra... | N/A | NONE | β | 0 |
| CVE-2026-23059 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xx_copy_fpin_pkt() and qla27xx_copy_multiple_pkt(), the fr... | N/A | NONE | β | 0 |
| CVE-2026-25049 n8n is an open source workflow automation platform. Prior to versions 1.123.17 and 2.5.2, an authenticated user with permission to create or modify workflows could abuse crafted expressions in workflo... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25051 n8n is an open source workflow automation platform. Prior to version 1.123.2, a Cross-Site Scripting (XSS) vulnerability has been identified in the handling of webhook responses and related HTTP endpo... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25052 n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify wor... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25053 n8n is an open source workflow automation platform. Prior to versions 1.123.10 and 2.5.0, vulnerabilities in the Git node allowed authenticated users with permission to create or modify workflows to e... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-25054 n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting (XSS) vulnerability existed in a markdown rendering component used in n8n's interface, i... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-25055 n8n is an open source workflow automation platform. Prior to versions 1.123.12 and 2.4.0, when workflows process uploaded files and transfer them to remote servers via the SSH node without validating ... | 8.1 | HIGH | β | 0 |
| CVE-2026-25056 n8n is an open source workflow automation platform. Prior to versions 1.118.0 and 2.4.0, a vulnerability in the Merge node's SQL Query mode allowed authenticated users with permission to create or mod... | 8.8 | HIGH | β | 0 |
| CVE-2026-25115 n8n is an open source workflow automation platform. Prior to version 2.4.8, a vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execut... | 9.9 | CRITICAL | β | 0 |
| CVE-2025-69213 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajax_complete.php endpoint when han... | 8.8 | HIGH | β | 0 |
| CVE-2025-69215 OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publica... | 8.8 | HIGH | β | 0 |
| CVE-2026-22044 GLPI is a free asset and IT management software package. From version 0.85 to before 10.0.23, an authenticated user can perform a SQL injection. This issue has been patched in version 10.0.23. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22247 GLPI is a free asset and IT management software package. From version 11.0.0 to before 11.0.5, a GLPI administrator can perform SSRF request through the Webhook feature. This issue has been patched in... | 4.1 | MEDIUM | β | 0 |
| CVE-2019-25276 Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. ... | 7.8 | HIGH | β | 0 |
| CVE-2026-23624 GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can stea... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0536 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code... | 7.8 | HIGH | β | 0 |
| CVE-2026-24843 melange allows users to build apk packages using declarative pipelines. In version 0.11.3 to before 0.40.3, an attacker who can influence the tar stream from a QEMU guest VM could write files outside ... | 8.2 | HIGH | β | 0 |
| CVE-2026-24844 melange allows users to build apk packages using declarative pipelines. From version 0.3.0 to before 0.40.3, an attacker who can provide build input values, but not modify pipeline definitions, could ... | 7.9 | HIGH | β | 0 |
| CVE-2026-25143 melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell c... | 7.8 | HIGH | β | 0 |
| CVE-2026-25145 melange allows users to build apk packages using declarative pipelines. From version 0.14.0 to before 0.40.3, an attacker who can influence a melange configuration file (e.g., through pull request-dri... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-25157 OpenClaw is a personal AI assistant. Prior to version 2026.1.29, there is an OS command injection vulnerability via the Project Root Path in sshNodeCommand. The sshNodeCommand function constructed a s... | 7.7 | HIGH | β | 0 |
| CVE-2026-25160 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application disables TLS certificate verification by default for all outgoing sto... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-25161 Alist is a file list program that supports multiple storages, powered by Gin and Solidjs. Prior to version 3.57.0, the application contains path traversal vulnerability in multiple file operation hand... | 8.8 | HIGH | β | 0 |
| CVE-2026-25475 OpenClaw is a personal AI assistant. Prior to version 2026.1.30, the isValidMedia() function in src/media/parse.ts allows arbitrary file paths including absolute paths, home directory paths, and direc... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-13375 IBM Common Cryptographic Architecture (CCA)Β 7.5.52 andΒ 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-1823 IBM Jazz Reporting Service could allow an authenticated user on the host network to cause a denial of service using specially crafted SQL query that consumes excess memory resources. | 3.5 | LOW | β | 0 |
| CVE-2026-0944 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Group invite allows Forceful Browsing.This issue affects Group invite: from 0.0.0 before 2.3.9, from 3.0.0 before 3.0.4, fr... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0946 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet SmartTag allows Cross-Site Scripting (XSS).This issue affects AT Internet Smart... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0947 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal AT Internet Piano Analytics allows Cross-Site Scripting (XSS).This issue affects AT Interne... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-0948 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Microsoft Entra ID SSO Login allows Privilege Escalation.This issue affects Microsoft Entra ID SSO Login: from 0.0.0 be... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1553 Incorrect Authorization vulnerability in Drupal Drupal Canvas allows Forceful Browsing.This issue affects Drupal Canvas: from 0.0.0 before 1.0.4. | 4.8 | MEDIUM | β | 0 |
| CVE-2019-25281 NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquot... | 7.8 | HIGH | β | 0 |
| CVE-2026-25499 Terraform / OpenTofu Provider adds support for Proxmox Virtual Environment. Prior to version 0.93.1, in the SSH configuration documentation, the sudoer line suggested is insecure and can result in esc... | 7.5 | HIGH | β | 0 |
| CVE-2026-25511 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigg... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25512 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office.... | 8.8 | HIGH | β | 0 |
| CVE-2026-25519 OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local logins wit... | 8.1 | HIGH | β | 0 |
| CVE-2024-40685 IBM Operations Analytics β Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics β Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could allo... | 4.3 | MEDIUM | β | 0 |
| CVE-2024-43181 IBM Concert 1.0.0 through 2.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1892 A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.ca... | 5.0 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.