Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-2642 A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointe... | 3.3 | LOW | — | 0 |
| CVE-2026-28841 A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Tahoe 26.4. A buffer overflow may result in memory corruption and unexpected app termination. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28845 An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access protected user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28894 A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker ... | 7.5 | HIGH | — | 0 |
| CVE-2026-4783 A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter H... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-28852 A stack overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionO... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28856 The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to v... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-28859 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. A malicious website may b... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-20668 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20686 This issue was addressed with improved input validation. This issue is fixed in iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28863 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.4 and iPadOS 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to fingerprint the user. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-26306 The installer for OM Workspace (Windows Edition) Ver 2.4 and earlier insecurely loads Dynamic Link Libraries (DLLs), which could allow an attacker to execute arbitrary code with the privileges of the ... | N/A | NONE | — | 0 |
| CVE-2026-2343 The PeproDev Ultimate Invoice WordPress plugin through 2.2.5 has a bulk download invoices action that generates ZIP archives containing exported invoice PDFs. The ZIP files are named predictably makin... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33253 SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary ... | N/A | NONE | — | 0 |
| CVE-2026-32326 SHARP routers do not perform authentication for some web APIs. The device information may be retrieved without authentication. If the administrative password of the device is left as the initial one, ... | N/A | NONE | — | 0 |
| CVE-2026-23280 In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possib... | 7.8 | HIGH | — | 0 |
| CVE-2026-20687 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, ... | 7.1 | HIGH | — | 0 |
| CVE-2026-28816 A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to delete files for which it does n... | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28818 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access sensitive user data. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28821 A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8... | 8.4 | HIGH | — | 0 |
| CVE-2026-7062 A security vulnerability has been detected in Intina47 context-sync up to 2.0.0. This affects an unknown part of the file src/git-integration.ts of the component Git Integration. Such manipulation lea... | 7.3 | HIGH | — | 0 |
| CVE-2026-7063 A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing... | 7.3 | HIGH | — | 0 |
| CVE-2026-7074 A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sq... | 7.3 | HIGH | — | 0 |
| CVE-2026-27491 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a type coercion issue in a post actions API endpoint allowed non-staff users to issue warn... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27740 Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 have a cross-site scripting vulnerability that arises because the system trusts the raw out... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-30368 A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorizatio... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-42371 uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. | 5.1 | MEDIUM | — | 0 |
| CVE-2026-1731 BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted req... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2026-33017 Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint allows building public flows withou... | 9.8 | CRITICAL | KEV | 0 |
| CVE-2025-33242 NVIDIA B300 MCU contains a vulnerability in the CX8 MCU that could allow a malicious actor to modify unsupported registries, causing a bad state. A successful exploit of this vulnerability might lead ... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-21790 HCL Traveler is susceptible to a weak default HTTP header validation vulnerability, which could allow an attacker to bypass additional authentication checks. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-32146 Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and ... | N/A | NONE | — | 0 |
| CVE-2026-23900 Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3912 Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessib... | N/A | NONE | — | 0 |
| CVE-2026-23373 In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the exp... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32290 The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-32291 The GL-iNet Comet (GL-RM1) KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-32292 The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials. | 7.5 | HIGH | — | 0 |
| CVE-2026-31589 In the Linux kernel, the following vulnerability has been resolved: mm: call ->free_folio() directly in folio_unmap_invalidate() We can only call filemap_free_folio() if we have a reference to (or h... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31628 In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operation... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-7118 A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7119 A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command inject... | 8.8 | HIGH | — | 0 |
| CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on... | N/A | NONE | — | 0 |
| CVE-2026-3557 Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary cod... | N/A | NONE | — | 0 |
| CVE-2026-3559 Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations ... | N/A | NONE | — | 0 |
| CVE-2026-3560 Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on aff... | N/A | NONE | — | 0 |
| CVE-2026-3561 Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins... | N/A | NONE | — | 0 |
| CVE-2026-3562 Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o... | 8.8 | HIGH | — | 0 |
| CVE-2026-23457 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() sip_help_tcp() parses the SIP Content-Length head... | 8.6 | HIGH | — | 0 |
| CVE-2026-23458 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() ctnetlink_dump_exp_ct() stores a conntrack pointer in cb->data... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.