Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-15341 Tanium addressed an incorrect default permissions vulnerability in Benchmark. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-15342 Tanium addressed an improper access controls vulnerability in Reputation. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-15343 Tanium addressed an incorrect default permissions vulnerability in Enforce. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1301 In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and corrupting memory. | N/A | NONE | β | 0 |
| CVE-2026-25630 Rejected reason: Reason: This candidate was issued in error. | N/A | NONE | β | 0 |
| CVE-2025-12131 A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-1962 A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation leads ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-1964 A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access controls. Rem... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24095 Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p21, 2.3.0 before 2.3.0p43, and 2.2.0 (EOL) allows users with the "Use WATO" permission to access the "Analyze configuration" page... | N/A | NONE | β | 0 |
| CVE-2026-25815 Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key ... | 3.2 | LOW | β | 0 |
| CVE-2025-32393 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68157 Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpackβs HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but... | 3.7 | LOW | β | 0 |
| CVE-2025-68458 Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpackβs HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outs... | 3.7 | LOW | β | 0 |
| CVE-2026-0391 User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21532 Azure Function Information Disclosure Vulnerability | 8.2 | HIGH | β | 0 |
| CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability | 9.8 | CRITICAL | β | 0 |
| CVE-2026-23623 Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.2... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1973 A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer dereference. Th... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1974 A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1228 The Timeline Block β Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and includ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1975 A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The attack ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1976 A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is possible ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25692 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25693 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25694 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25695 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25696 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25697 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-25698 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-0598 A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the a... | 4.2 | MEDIUM | β | 0 |
| CVE-2025-10753 The OAuth Single Sign On β SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and auth... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-0521 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited by a victi... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-24914 Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | β | 0 |
| CVE-2026-1401 The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient input sanitization and output... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1808 The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up to... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1888 The Docus β YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due to insufficient i... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1909 The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization ... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-7432 DPA countermeasures in Silicon Labs' Series 2 devices are not reseeded under certain conditions.Β This may allow an attacker to eventually extract secret keys through a DPA attack. | N/A | NONE | β | 0 |
| CVE-2026-1279 The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and includin... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-21626 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure | 7.5 | HIGH | β | 0 |
| CVE-2026-24915 Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1252 The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitiza... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1785 The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download an... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-24916 Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-24917 UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24918 Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-24919 Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.0 | MEDIUM | β | 0 |
| CVE-2026-24921 Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | 4.8 | MEDIUM | β | 0 |
| CVE-2026-24922 Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.9 | MEDIUM | β | 0 |
| CVE-2026-24923 Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.