Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-22705 RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in t... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14976 The User Registration & Membership β Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-52435 J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection ... | 7.5 | HIGH | β | 0 |
| CVE-2025-53470 Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8.Β This iss... | 3.1 | LOW | β | 0 |
| CVE-2025-53477 NULL Pointer Dereference vulnerability in Apache Nimble. Missing validation of HCI connection complete or HCI command TX buffer could lead to NULL pointer dereference. This issue requires disabled as... | 7.5 | HIGH | β | 0 |
| CVE-2025-62235 Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bondΒ and re-bond with impostor. This issue affects Apa... | 8.1 | HIGH | β | 0 |
| CVE-2026-0831 The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` funct... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-14506 The ConvertForce Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Gutenberg block's `entrance_animation` attribute in all versions up to, and including, 0.0.7. T... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-14555 The Countdown Timer β Widget Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdevart_countdown' shortcode in all versions up to, and including, 2.7.7 due... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-12379 The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a combination of the 'tag' and βtitle_tagβ parameters in all versions up to, and... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-13393 The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.3.1. This is due to insufficient validation of user-supplie... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15505 A vulnerability was found in Luxul XWR-600 up to 4.0.1. The affected element is an unknown function of the component Web Administration Interface. The manipulation of the argument Guest Network/Wirele... | 2.4 | LOW | β | 0 |
| CVE-2026-0836 A vulnerability was determined in UTT θΏε 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formConfigFastDirectionW. This manipulation of the argument ssid causes buff... | 8.8 | HIGH | β | 0 |
| CVE-2026-0837 A vulnerability was identified in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formFireWall. Such manipulation of the argument GroupName leads to buffer overflow. The... | 8.8 | HIGH | β | 0 |
| CVE-2026-0838 A security flaw has been discovered in UTT θΏε 520W 1.7.7-180627. This impacts the function strcpy of the file /goform/ConfigWirelessBase. Performing a manipulation of the argument ssid results in buff... | 8.8 | HIGH | β | 0 |
| CVE-2026-0839 A weakness has been identified in UTT θΏε 520W 1.7.7-180627. Affected is the function strcpy of the file /goform/APSecurity. Executing a manipulation of the argument wepkey1 can lead to buffer overflow... | 8.8 | HIGH | β | 0 |
| CVE-2026-0840 A security vulnerability has been detected in UTT θΏε 520W 1.7.7-180627. Affected by this vulnerability is the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2026-0841 A vulnerability was detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl results in... | 8.8 | HIGH | β | 0 |
| CVE-2026-0842 A flaw has been found in Flycatcher Toys smART Sketcher up to 2.0. This affects an unknown part of the component Bluetooth Low Energy Interface. This manipulation causes missing authentication. The at... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0843 A vulnerability has been found in jiujiujia/victor123/wxw850227 jjjfood and jjjshop_food up to 20260103. This vulnerability affects unknown code of the file /index.php/api/product.category/index. Such... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-0850 A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argumen... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-0851 A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/AdminAddUser.php. The manipulation of the argument txt... | 7.3 | HIGH | β | 0 |
| CVE-2026-0852 A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminUpdateUser.php. The manipulation of the argu... | 7.3 | HIGH | β | 0 |
| CVE-2026-0853 Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status infor... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-69267 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Path Traversal.This issue affects DX NetOps Spectrum:... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-69268 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Reflected XSS.This issue affects DX Ne... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69269 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69271 Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69272 Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69273 Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | 7.5 | HIGH | β | 0 |
| CVE-2025-69274 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. | 8.8 | HIGH | β | 0 |
| CVE-2025-69275 Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-69276 Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier. | 8.8 | HIGH | β | 0 |
| CVE-2025-14579 The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks e... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-68276 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon (with wide-area ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-68468 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements co... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68471 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14470 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2026-22252 LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute sh... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-22776 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.1, a Denial of Service (DoS) vulnerability exists in cpp-httplib due to the unsafe handling of c... | 7.5 | HIGH | β | 0 |
| CVE-2026-22781 TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query param... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22783 Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability w... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-22784 Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthoriz... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-51567 A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access vi... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-67147 Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in (1) submit_contact.php, the 'username' and 'pass_key'... | 9.8 | CRITICAL | β | 0 |
| CVE-2024-14021 LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The... | 7.8 | HIGH | β | 0 |
| CVE-2026-22212 TinyOS versions up to and including 2.1.2 contain a stack-based buffer overflow vulnerability in the mcp2200gpio utility. The vulnerability is caused by unsafe use of strcpy() and strcat() functions w... | N/A | NONE | β | 0 |
| CVE-2026-22804 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix ... | 8.0 | HIGH | β | 0 |
| CVE-2026-0491 SAP Landscape Transformation allows an attacker with admin privileges to exploit a vulnerability in the function module exposed via RFC. This flaw enables the injection of arbitrary ABAP code/OS comma... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.