Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-41457 OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious value... | N/A | NONE | — | 0 |
| CVE-2026-6834 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6022 In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to ... | 7.5 | HIGH | — | 0 |
| CVE-2026-4118 The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5018 A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2026-4138 The DX Unanswered Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing nonce validation on the plugin's settings ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6843 A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20122 A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the atta... | 5.4 | MEDIUM | KEV | 0 |
| CVE-2026-4234 A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tabl... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4235 A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4236 A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument t... | 7.3 | HIGH | — | 0 |
| CVE-2026-4237 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argumen... | 7.3 | HIGH | — | 0 |
| CVE-2026-4238 A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code le... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4239 A vulnerability was found in Lagom WHMCS Template up to 2.3.7. Impacted is an unknown function of the component Datatables. The manipulation results in improperly controlled modification of object pro... | 3.5 | LOW | — | 0 |
| CVE-2026-4242 A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of ... | 2.5 | LOW | — | 0 |
| CVE-2026-4473 A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointment_action.php. The manipulation of the argumen... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7469 A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comma... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5401 AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5402 TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution | 8.8 | HIGH | — | 0 |
| CVE-2026-5406 FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 5.5 | MEDIUM | — | 0 |
| CVE-2026-3861 LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22769 Dell RecoverPoint for Virtual Machines, versions prior to 6.0.3.1 HF1, contain a hardcoded credential vulnerability. This is considered critical as an unauthenticated remote attacker with knowledge of... | 10.0 | CRITICAL | KEV | 0 |
| CVE-2026-4568 A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulatio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4569 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4570 A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipu... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4573 A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Pa... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4574 A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firs... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4575 A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site ... | 2.4 | LOW | — | 0 |
| CVE-2026-4576 A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argument sname leads to cross site ... | 2.4 | LOW | — | 0 |
| CVE-2026-35587 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation o... | 8.8 | HIGH | — | 0 |
| CVE-2000-5001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2005-20001 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2008-20002 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2008-20003 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2009-20012 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20110 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20116 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20117 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2010-20118 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2026-31456 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concur... | N/A | NONE | — | 0 |
| CVE-2026-31475 In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm_kzalloc() memory A previous change added NULL checks and cleanup for allocation failures in... | 7.8 | HIGH | — | 0 |
| CVE-2026-41651 PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.... | 8.8 | HIGH | — | 0 |
| CVE-2026-6588 A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API E... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-40250 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.4.0 through 3.4.9, 3.3.0 through 3.3.9, a... | 7.1 | HIGH | — | 0 |
| CVE-2026-6674 The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-6675 The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficie... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6703 The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-6712 The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2714 The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2717 The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields befo... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.