Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-42997 An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-l... | 7.7 | HIGH | β | 0 |
| CVE-2026-23926 An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator w... | N/A | NONE | β | 0 |
| CVE-2026-23927 A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an attacker-controlled server and leaking Oracle databa... | N/A | NONE | β | 0 |
| CVE-2026-23928 The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actio... | N/A | NONE | β | 0 |
| CVE-2026-35253 Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker wi... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-35254 Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with netwo... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-6672 The Affiliate Program Suite β SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This is due to ... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-40010 Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for aΒ session fixation attack in Apache Wicket. This issue affects Apache Wicket: from 8.0... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-42509 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 th... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-43087 In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on... | N/A | NONE | β | 0 |
| CVE-2026-43101 In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value,... | N/A | NONE | β | 0 |
| CVE-2026-33120 Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-42372 D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the st... | 8.8 | HIGH | β | 0 |
| CVE-2026-42373 D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the st... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-42374 D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-43064 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release() The workqueue associated with an DSA/IAA device is not released when th... | N/A | NONE | β | 0 |
| CVE-2026-43065 In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following con... | N/A | NONE | β | 0 |
| CVE-2026-43066 In the Linux kernel, the following vulnerability has been resolved: ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths During code review, Joseph found that ext4_fc_replay_inode() calls ex... | N/A | NONE | β | 0 |
| CVE-2026-43067 In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 ("ext4: always allocate blocks on... | N/A | NONE | β | 0 |
| CVE-2026-43068 In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() There's issue as follows: ... EXT4-fs (mmcblk0p1): Delay... | N/A | NONE | β | 0 |
| CVE-2026-7332 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to, a... | 7.2 | HIGH | β | 0 |
| CVE-2026-7448 The LatePoint β Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to, and includin... | 7.2 | HIGH | β | 0 |
| CVE-2026-7457 The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profil... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-1719 The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of suf... | 7.5 | HIGH | β | 0 |
| CVE-2026-43074 In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep ... | N/A | NONE | β | 0 |
| CVE-2026-43079 In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boot... | N/A | NONE | β | 0 |
| CVE-2026-43080 In the Linux kernel, the following vulnerability has been resolved: l2tp: Drop large packets with UDP encap syzbot reported a WARN on my patch series [1]. The actual issue is an overflow of 16-bit U... | N/A | NONE | β | 0 |
| CVE-2026-43081 In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ Fix the field masks to match the hardware layout documented in downst... | N/A | NONE | β | 0 |
| CVE-2026-43082 In the Linux kernel, the following vulnerability has been resolved: net: txgbe: leave space for null terminators on property_entry Lists of struct property_entry are supposed to be terminated with a... | N/A | NONE | β | 0 |
| CVE-2026-43083 In the Linux kernel, the following vulnerability has been resolved: net: ioam6: fix OOB and missing lock When trace->type.bit6 is set: if (trace->type.bit6) { ... queue = skb_ge... | N/A | NONE | β | 0 |
| CVE-2026-43091 In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the polic... | N/A | NONE | β | 0 |
| CVE-2026-43092 In the Linux kernel, the following vulnerability has been resolved: xsk: validate MTU against usable frame size on bind AF_XDP bind currently accepts zero-copy pool configurations without verifying ... | N/A | NONE | β | 0 |
| CVE-2026-43093 In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() coul... | N/A | NONE | β | 0 |
| CVE-2026-43094 In the Linux kernel, the following vulnerability has been resolved: ixgbevf: add missing negotiate_features op to Hyper-V ops table Commit a7075f501bd3 ("ixgbevf: fix mailbox API compatibility by ne... | N/A | NONE | β | 0 |
| CVE-2026-43095 In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Fix errors in IRQ cleanup IRQs are enabled through sdca_irq_populate() from component probe using devm_request_threade... | N/A | NONE | β | 0 |
| CVE-2026-43108 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei for ... | N/A | NONE | β | 0 |
| CVE-2026-43109 In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock κΉμλ―Ό reports that shstk_pop_sigframe() doesn't check for errors from mmap_r... | N/A | NONE | β | 0 |
| CVE-2026-43110 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index ... | N/A | NONE | β | 0 |
| CVE-2026-43111 In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holdin... | N/A | NONE | β | 0 |
| CVE-2026-43112 In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a stri... | N/A | NONE | β | 0 |
| CVE-2026-43113 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to inde... | N/A | NONE | β | 0 |
| CVE-2026-43119 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: ... | N/A | NONE | β | 0 |
| CVE-2026-43120 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released a... | N/A | NONE | β | 0 |
| CVE-2026-6420 A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardc... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-62345 HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure βInput Textβ Vulnerability . A component contains a security weakness in its input handling implementation, increasing the r... | 2.7 | LOW | β | 0 |
| CVE-2025-71271 In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changin... | N/A | NONE | β | 0 |
| CVE-2025-71272 In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly rele... | N/A | NONE | β | 0 |
| CVE-2025-71273 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This al... | N/A | NONE | β | 0 |
| CVE-2025-71274 In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driver_override_show() and use core helper The driver_override_show function reads the driver_override st... | N/A | NONE | β | 0 |
| CVE-2025-71285 In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI st... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.