Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-43870 Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting'), ... | N/A | NONE | β | 0 |
| CVE-2026-43528 OpenClaw before 2026.4.14 contains a redaction bypass vulnerability that allows authenticated gateway clients to receive unredacted secrets through sourceConfig and runtimeConfig alias fields. Attacke... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-43529 OpenClaw before 2026.4.10 contains a time-of-check-time-of-use vulnerability in the validateScriptFileForShellBleed function that allows local attackers to bypass workspace boundary checks. An attacke... | 2.5 | LOW | β | 0 |
| CVE-2026-43530 OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually ... | 8.8 | HIGH | β | 0 |
| CVE-2026-43531 OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting upd... | 7.3 | HIGH | β | 0 |
| CVE-2026-43532 OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media refe... | 7.7 | HIGH | β | 0 |
| CVE-2026-43533 OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference host-local paths outside the intended media storage boundary. Attackers c... | 8.6 | HIGH | β | 0 |
| CVE-2026-43534 OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted system events. Attackers can supply malicious hook names to escalate u... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-43535 OpenClaw before 2026.4.14 contains an authorization context reuse vulnerability in collect-mode queue batches that allows messages from different senders to inherit the final sender's authorization co... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-32689 Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transp... | N/A | NONE | β | 0 |
| CVE-2026-34000 A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an att... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34002 A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit t... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34956 A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-35192 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker c... | N/A | NONE | β | 0 |
| CVE-2026-5766 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially l... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-6907 An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). Th... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25243 Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to exec... | N/A | NONE | β | 0 |
| CVE-2026-25588 RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comman... | N/A | NONE | β | 0 |
| CVE-2026-25589 RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTORE... | N/A | NONE | β | 0 |
| CVE-2026-7847 A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_route... | 2.6 | LOW | β | 0 |
| CVE-2026-7851 A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The attac... | 7.2 | HIGH | β | 0 |
| CVE-2026-7853 A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-27960 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploit... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-32603 Sandboxie is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, a local denial of service vulnerability exists in the Sandboxie kernel driver. An unprivileged... | N/A | NONE | β | 0 |
| CVE-2026-32699 FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controll... | N/A | NONE | β | 0 |
| CVE-2026-32934 CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC (DoQ) server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUI... | N/A | NONE | β | 0 |
| CVE-2026-32936 CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decodin... | N/A | NONE | β | 0 |
| CVE-2026-33190 CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports (DoT, DoH, DoH3, DoQ, and gRPC) because it trusts the transport wr... | N/A | NONE | β | 0 |
| CVE-2026-33324 SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided ques... | N/A | NONE | β | 0 |
| CVE-2026-33420 Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing t... | N/A | NONE | β | 0 |
| CVE-2026-26157 A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may wri... | 7.0 | HIGH | β | 0 |
| CVE-2026-26158 A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or s... | 7.0 | HIGH | β | 0 |
| CVE-2026-3118 A security flaw was identified in the Orchestrator Plugin of Red Hat Developer Hub (Backstage). The issue occurs due to insufficient input validation in GraphQL query handling. An authenticated user c... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-31456 In the Linux kernel, the following vulnerability has been resolved: mm/pagewalk: fix race between concurrent split and refault The splitting of a PUD entry in walk_pud_range() can race with a concur... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-31457 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_s... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-28780 Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_... | N/A | NONE | β | 0 |
| CVE-2026-40075 OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnerab... | N/A | NONE | β | 0 |
| CVE-2026-40110 Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat... | N/A | NONE | β | 0 |
| CVE-2026-40934 Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the secret used to sign authentication cookies is persisted to a static file at ~/.local/share/jupyter/runti... | N/A | NONE | β | 0 |
| CVE-2026-44405 In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. | 3.4 | LOW | β | 0 |
| CVE-2026-3910 Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi... | 8.8 | HIGH | KEV | 0 |
| CVE-2026-2441 Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | KEV | 0 |
| CVE-2025-71251 In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2025-71252 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2025-71253 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2025-71254 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2025-71255 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2025-71256 In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | 7.5 | HIGH | β | 0 |
| CVE-2026-7572 An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial ... | 4.4 | MEDIUM | β | 0 |
| CVE-2026-7573 An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (... | 5.0 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.