Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-40896 The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication between the Arc ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-3103 A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions <2.4.0p23, <2.3.0p43, and 2.2.0 (EOL) allows a low-privileged user to cause data loss. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-70341 Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. | 7.8 | HIGH | β | 0 |
| CVE-2025-70342 erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entere... | 6.6 | MEDIUM | β | 0 |
| CVE-2025-71238 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fa... | 7.8 | HIGH | β | 0 |
| CVE-2026-23817 A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23232 In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23233 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla [1] [1] https://bugzill... | 7.8 | HIGH | β | 0 |
| CVE-2026-23234 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free issue in f2fs_write_end_io(). It is caused by ... | 7.8 | HIGH | β | 0 |
| CVE-2026-23235 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access an... | 7.1 | HIGH | β | 0 |
| CVE-2025-59787 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-30901 Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | 7.0 | HIGH | β | 0 |
| CVE-2026-23237 In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the acc... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23238 In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-59783 API endpoint for user synchronization in 2N Access Commander version 3.4.1 did not have a sufficient input validation allowing for OS command injection. This vulnerability can only be exploited after... | 7.2 | HIGH | β | 0 |
| CVE-2025-59784 2N Access Commander version 3.4.1 and prior is vulnerable to log pollution. Certain parameters sent over API may be included in the logs without prior validation or sanitisation. This vulnerability ca... | 7.2 | HIGH | β | 0 |
| CVE-2025-59785 Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after... | 7.2 | HIGH | β | 0 |
| CVE-2025-59786 2N Access Commander version 3.4.2 and prior improperly invalidates session tokens, allowing multiple session cookies to remain active after logout in web application. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-62879 A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-22285 Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnera... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-26478 A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code a... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-26514 An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbit... | 7.5 | HIGH | β | 0 |
| CVE-2026-26673 An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem | 7.5 | HIGH | β | 0 |
| CVE-2025-15558 Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place mali... | 8.0 | HIGH | β | 0 |
| CVE-2025-66678 An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-66944 SQL Injection vulnerability in vran-dev databaseir v.1.0.7 and before allows a remote attacker to execute arbitrary code via the query parameter in the search API endpoint | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69969 A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer t... | 9.6 | CRITICAL | β | 0 |
| CVE-2026-20005 Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-22760 Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Improper Check for Unusual or Exceptional Conditions vulnerability. A low privileged attacker with local access could potential... | 3.3 | LOW | β | 0 |
| CVE-2026-23601 A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23808 A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Succe... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23809 A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual port... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23810 A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-address... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23811 A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-23812 A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-28695 Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create() Twig function combined with a Symfony Process ... | 7.2 | HIGH | β | 0 |
| CVE-2026-28696 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused b... | 7.5 | HIGH | β | 0 |
| CVE-2026-28697 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injectio... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-28781 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permi... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-28782 Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the spec... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-28783 Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Clos... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-28784 Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in t... | 7.2 | HIGH | β | 0 |
| CVE-2026-30902 Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 | HIGH | β | 0 |
| CVE-2026-29069 Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission c... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-3520 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed request... | 7.5 | HIGH | β | 0 |
| CVE-2019-25498 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers c... | 8.2 | HIGH | β | 0 |
| CVE-2019-25499 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send PO... | 8.2 | HIGH | β | 0 |
| CVE-2019-25500 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can sen... | 8.2 | HIGH | β | 0 |
| CVE-2019-25501 Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST req... | 8.2 | HIGH | β | 0 |
| CVE-2019-25502 Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Att... | 6.1 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.