Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-0499 SAP NetWeaver Enterprise Portal allows an unauthenticated attacker to inject malicious scripts into a URL parameter. The scripts are reflected in the server response and executed in a user's browser w... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-0501 Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise (Financials General Ledger), an authenticated user could execute crafted SQL queries to read, modify, and delete backen... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-0503 Due to missing authorization check in the SAP ERP Central Component (SAP ECC) and SAP S/4HANA (SAP EHS Management), an attacker could extract hardcoded clear-text credentials and bypass the password a... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0504 Due to insufficient input handling, the SAP Identity Management REST interface allows an authenticated administrator to submit specially crafted malicious REST requests that are processed by JNDI oper... | 3.8 | LOW | β | 0 |
| CVE-2026-0507 Due to an OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK, an authenticated attacker with administrative access and adjacent network access could upload ... | 8.4 | HIGH | β | 0 |
| CVE-2026-0510 The User Management Engine (UME) in NetWeaver Application Server for Java (NW AS Java) utilizes an obsolete cryptographic algorithm for encrypting User Mapping data. This weakness could allow an attac... | 3.0 | LOW | β | 0 |
| CVE-2026-0511 SAP Fiori App Intercompany Balance Reconciliation does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has high impact on confidential... | 8.1 | HIGH | β | 0 |
| CVE-2026-0514 Due to a Cross-Site Scripting (XSS) vulnerability in SAP Business Connector, an unauthenticated attacker could craft a malicious link. When an unsuspecting user clicks this link, the user may be redir... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-66177 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the d... | 8.8 | HIGH | β | 0 |
| CVE-2026-22829 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22830 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22831 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22832 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22833 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22834 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22835 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22836 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22837 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-10915 The Dreamer Blog WordPress theme through 1.2 is vulnerable to arbitrary installations due to a missing capability check. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14829 The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to de... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-40805 Affected devices do not properly enforce user authentication on specific API endpoints. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitima... | 10.0 | CRITICAL | β | 0 |
| CVE-2025-69992 phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40944 A vulnerability has been identified in SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0) (All versions), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0) (All versions >= V4.2.0), SIMATIC ET 200SP... | 7.5 | HIGH | β | 0 |
| CVE-2025-14001 The WP Duplicate Page plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'duplicateBulkHandle' and 'duplicateBulkHandleHPOS' functions in a... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-59020 By exploiting the defVals parameter, attackers could bypass fieldβlevel access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited e... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59021 Backend users with access to the redirects module and write permission on the sys_redirect table were able to read, create, and modify any redirect record without restriction to the userβs own file-mo... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-59022 Backend users who had access to the recycler module could delete arbitrary data from any database table defined in the TCA - regardless of whether they had permission to that particular table. This al... | 8.1 | HIGH | β | 0 |
| CVE-2026-0859 TYPO3's mailβfile spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitr... | 7.8 | HIGH | β | 0 |
| CVE-2025-14507 The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes i... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-9427 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress a... | N/A | NONE | β | 0 |
| CVE-2026-0684 The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis_admin_init' function's permis... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-36640 A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. | 8.8 | HIGH | β | 0 |
| CVE-2025-12548 A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Develo... | 9.0 | CRITICAL | β | 0 |
| CVE-2025-68767 In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify inode mode when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the ... | N/A | NONE | β | 0 |
| CVE-2025-68768 In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdir_pre_exit() We have been seeing occasional deadlocks on pernet_ops_rwsem since September i... | N/A | NONE | β | 0 |
| CVE-2025-68769 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_recover_fsync_data() With below scripts, it will trigger panic in f2fs: mkfs.f2fs -f /dev/vdd moun... | N/A | NONE | β | 0 |
| CVE-2025-68770 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix XDP_TX path For XDP_TX action in bnxt_rx_xdp(), clearing of the event flags is not correct. __bnxt_poll_work() -> bn... | N/A | NONE | β | 0 |
| CVE-2025-68771 In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_fr... | N/A | NONE | β | 0 |
| CVE-2025-68772 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid updating compression context during writeback Bai, Shuangpeng <sjb7183@psu.edu> reported a bug as below: Oops:... | N/A | NONE | β | 0 |
| CVE-2025-68782 In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset t_task_cdb pointer in error case If allocation of cmd->t_task_cdb fails, it remains NULL but is later derefere... | N/A | NONE | β | 0 |
| CVE-2025-68773 In the Linux kernel, the following vulnerability has been resolved: spi: fsl-cpm: Check length parity before switching to 16 bit mode Commit fc96ec826bce ("spi: fsl-cpm: Use 16 bit mode for large tr... | N/A | NONE | β | 0 |
| CVE-2025-68774 In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create When sync() and link() are called concurrently, both threads may enter ... | N/A | NONE | β | 0 |
| CVE-2025-68775 In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshak... | N/A | NONE | β | 0 |
| CVE-2025-68776 In the Linux kernel, the following vulnerability has been resolved: net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() prp_get_untagged_frame() calls __pskb_copy() to create frame->sk... | N/A | NONE | β | 0 |
| CVE-2025-68795 In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET... | N/A | NONE | β | 0 |
| CVE-2025-68968 Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. | 7.8 | HIGH | β | 0 |
| CVE-2025-68777 In the Linux kernel, the following vulnerability has been resolved: Input: ti_am335x_tsc - fix off-by-one error in wire_order validation The current validation 'wire_order[i] > ARRAY_SIZE(config_pin... | N/A | NONE | β | 0 |
| CVE-2025-68778 In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a direc... | N/A | NONE | β | 0 |
| CVE-2025-68779 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice PSP is unregistered twice in: _mlx5e_remove -> mlx5e_psp_unregister mlx5e_nic_cleanup -> ... | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.