Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-7351 Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium sec... | 3.1 | LOW | β | 0 |
| CVE-2024-43333 Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through 7... | 7.5 | HIGH | β | 0 |
| CVE-2026-7352 Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM... | 8.3 | HIGH | β | 0 |
| CVE-2026-7356 Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-7357 Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chrom... | 7.5 | HIGH | β | 0 |
| CVE-2026-7358 Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2026-7359 Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch... | 8.8 | HIGH | β | 0 |
| CVE-2026-7360 Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cr... | 3.1 | LOW | β | 0 |
| CVE-2026-31787 In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. Wh... | N/A | NONE | β | 0 |
| CVE-2026-7246 Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account. | 7.2 | HIGH | β | 0 |
| CVE-2026-36956 A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanisms... | 8.8 | HIGH | β | 0 |
| CVE-2026-36957 Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood of HTTP GET requests to non-existent U... | 7.5 | HIGH | β | 0 |
| CVE-2026-36958 A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web management int... | 7.5 | HIGH | β | 0 |
| CVE-2025-24781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WPJobBoard allows Reflected XSS. This issue affects WPJobBoard: from n/a through 5.10.1. | 7.1 | HIGH | β | 0 |
| CVE-2024-38404 Transient DOS when registration accept OTA is received with incorrect ciphering key data IE in modem. | 7.5 | HIGH | β | 0 |
| CVE-2024-38412 Memory corruption while invoking IOCTL calls from user-space to kernel-space to handle session errors. | 6.6 | MEDIUM | β | 0 |
| CVE-2024-45560 Memory corruption while taking a snapshot with hardware encoder due to unvalidated userspace buffer. | 7.8 | HIGH | β | 0 |
| CVE-2024-38413 Memory corruption while processing frame packets. | 6.6 | MEDIUM | β | 0 |
| CVE-2024-38414 Information disclosure while processing information on firmware image during core initialization. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-38416 Information disclosure during audio playback. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-38417 Information disclosure while processing IO control commands. | 6.1 | MEDIUM | β | 0 |
| CVE-2024-38418 Memory corruption while parsing the memory map info in IOCTL calls. | 7.8 | HIGH | β | 0 |
| CVE-2024-38420 Memory corruption while configuring a Hypervisor based input virtual device. | 8.8 | HIGH | β | 0 |
| CVE-2024-45561 Memory corruption while handling IOCTL call from user-space to set latency level. | 7.8 | HIGH | β | 0 |
| CVE-2024-45573 Memory corruption may occour while generating test pattern due to negative indexing of display ID. | 7.8 | HIGH | β | 0 |
| CVE-2024-45582 Memory corruption while validating number of devices in Camera kernel . | 7.8 | HIGH | β | 0 |
| CVE-2024-45584 Memory corruption can occur when a compat IOCTL call is followed by a normal IOCTL call from userspace. | 7.8 | HIGH | β | 0 |
| CVE-2024-49832 Memory corruption in Camera due to unusually high number of nodes passed to AXI port. | 7.8 | HIGH | β | 0 |
| CVE-2024-49833 Memory corruption can occur in the camera when an invalid CID is used. | 7.8 | HIGH | β | 0 |
| CVE-2024-49834 Memory corruption while power-up or power-down sequence of the camera sensor. | 7.8 | HIGH | β | 0 |
| CVE-2024-49837 Memory corruption while reading CPU state data during guest VM suspend. | 7.8 | HIGH | β | 0 |
| CVE-2024-49838 Information disclosure while parsing the OCI IE with invalid length. | 8.2 | HIGH | β | 0 |
| CVE-2024-49840 Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | 7.8 | HIGH | β | 0 |
| CVE-2024-49843 Memory corruption while processing IOCTL from user space to handle GPU AHB bus error. | 7.8 | HIGH | β | 0 |
| CVE-2024-36437 The com.enflick.android.TextNow (aka TextNow: Call + Text Unlimited) application 24.17.0.2 for Android enables any installed application (with no permissions) to place phone calls without user interac... | 6.5 | MEDIUM | β | 0 |
| CVE-2024-53943 An issue was discovered in NRadio N8-180 NROS-1.9.2.n3.c5 devices. The /cgi-bin/luci/nradio/basic/radio endpoint is vulnerable to XSS via the 2.4 GHz and 5 GHz name parameters, allowing an attacker to... | 6.1 | MEDIUM | β | 0 |
| CVE-2024-57362 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54840. Reason: This candidate is a reservation duplicate of CVE-2024-54840. Notes: All CVE users should reference CVE-2024-54840... | N/A | NONE | β | 0 |
| CVE-2024-57967 PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. | 4.2 | MEDIUM | β | 0 |
| CVE-2025-24898 rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions `ssl::select_next_proto` can return a slice pointing into the `server` argument's buffer but with a li... | N/A | NONE | β | 0 |
| CVE-2024-12510 If LDAP settings are accessed, authentication could be redirected to another server, potentially exposing credentials. This requires admin access and an active LDAP setup. | 6.7 | MEDIUM | β | 0 |
| CVE-2024-57238 Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting maliciou... | 7.3 | HIGH | β | 0 |
| CVE-2024-12859 The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it ... | 8.8 | HIGH | β | 0 |
| CVE-2023-52164 access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 5.1 | MEDIUM | β | 0 |
| CVE-2025-24370 Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises fr... | N/A | NONE | β | 0 |
| CVE-2025-24959 zx is a tool for writing better scripts. An attacker with control over environment variable values can inject unintended environment variables into `process.env`. This can lead to arbitrary command ex... | N/A | NONE | β | 0 |
| CVE-2025-24960 Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the route(s). This can lead to Path Traversal Vulnerabilities. Since t... | 8.7 | HIGH | β | 0 |
| CVE-2025-24961 org.gaul S3Proxy implements the S3 API and proxies requests. Users of the filesystem and filesystem-nio2 storage backends could unintentionally expose local files to users. This issue has been address... | N/A | NONE | β | 0 |
| CVE-2025-23210 phpoffice/phpspreadsheet is a pure PHP library for reading and writing spreadsheet files. Affected versions have been found to have a Bypass of the Cross-site Scripting (XSS) sanitizer using the javas... | N/A | NONE | β | 0 |
| CVE-2025-24371 CometBFT is a distributed, Byzantine fault-tolerant, deterministic state machine replication engine. In the `blocksync` protocol peers send their `base` and `latest` heights when they connect to a new... | N/A | NONE | β | 0 |
| CVE-2025-24901 WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_permissao.php` endpoint. This vulnerability could allow an authorize... | 8.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.