Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-34595 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.70 and 9.7.0-alpha.18, an authenticated user with find class-level permiss... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-34237 MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1, there is a hardcoded wildcard CORS vulnerability. This issue has been patched i... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-34231 Slippers is a UI component framework for Django. Prior to version 0.6.3, a Cross-Site Scripting (XSS) vulnerability exists in the {% attrs %} template tag of the slippers Django package. When a contex... | 6.1 | MEDIUM | β | 0 |
| CVE-2004-1389 Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup ... | N/A | NONE | β | 0 |
| CVE-2004-1390 Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript... | N/A | NONE | β | 0 |
| CVE-2026-5204 A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argume... | 8.8 | HIGH | β | 0 |
| CVE-2026-24153 NVIDIA Jetson Linux has a vulnerability in initrd, where the nvluks trusted application is not disabled. A successful exploit of this vulnerability might lead to information disclosure. | 5.2 | MEDIUM | β | 0 |
| CVE-2026-24154 NVIDIA Jetson Linux has vulnerability in initrd, where an unprivileged attacker with physical access coul inject incorrect command line arguments. A successful exploit of this vulnerability might lead... | 7.6 | HIGH | β | 0 |
| CVE-2026-24164 NVIDIA BioNeMo contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of service, inform... | 8.8 | HIGH | β | 0 |
| CVE-2006-1780 The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary... | N/A | NONE | β | 0 |
| CVE-2006-1781 PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It wa... | N/A | NONE | β | 0 |
| CVE-2006-1782 Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely"... | N/A | NONE | β | 0 |
| CVE-2006-1783 Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. | N/A | NONE | β | 0 |
| CVE-2006-1627 Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) page... | N/A | NONE | β | 0 |
| CVE-2006-1436 Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website... | N/A | NONE | β | 0 |
| CVE-2026-32951 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32726 SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The en... | 8.1 | HIGH | β | 0 |
| CVE-2004-1391 Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious m... | N/A | NONE | β | 0 |
| CVE-2026-34206 Captcha Protect is a Traefik middleware to add an anti-bot challenge to individual IPs in a subnet when traffic spikes are detected from that subnet. Prior to version 1.12.2, a reflected cross-site sc... | 6.1 | MEDIUM | β | 0 |
| CVE-2004-1392 PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function. | N/A | NONE | β | 0 |
| CVE-2026-5211 A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1... | 8.8 | HIGH | β | 0 |
| CVE-2004-1393 Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang). | N/A | NONE | β | 0 |
| CVE-2004-1394 The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles ... | N/A | NONE | β | 0 |
| CVE-2026-1579 The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34366 InvoiceShelf is an open-source web & mobile app that helps track expenses, payments and create professional invoices and estimates. Prior to version 2.2.0, a Server-Side Request Forgery (SSRF) vulnera... | 7.6 | HIGH | β | 0 |
| CVE-2026-34372 Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via... | 2.7 | LOW | β | 0 |
| CVE-2004-1395 The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and pos... | N/A | NONE | β | 0 |
| CVE-2004-1396 Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data ... | N/A | NONE | β | 0 |
| CVE-2026-34586 PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.1, check_shared_access_allowed() validates only session existence β... | 6.5 | MEDIUM | β | 0 |
| CVE-2004-1397 Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. | N/A | NONE | β | 0 |
| CVE-2004-1398 Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format ... | N/A | NONE | β | 0 |
| CVE-2010-4637 Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. | N/A | NONE | β | 0 |
| CVE-2026-34394 WWBN AVideo is an open source video platform. In versions 26.0 and prior, AVideo's admin plugin configuration endpoint (admin/save.json.php) lacks any CSRF token validation. There is no call to isGlob... | 8.1 | HIGH | β | 0 |
| CVE-2026-3468 A stored Cross-Site Scripting (XSS) vulnerability has been identified in the SonicWall Email Security appliance due to improper neutralization of user-supplied input during web page generation, allowi... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-3469 A denial-of-service (DoS) vulnerability exists due to improper input validation in the SonicWall Email Security appliance, allowing a remote authenticated attacker as admin user to cause the applicati... | 2.7 | LOW | β | 0 |
| CVE-2004-1399 Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | N/A | NONE | β | 0 |
| CVE-2010-4638 SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execu... | N/A | NONE | β | 0 |
| CVE-2026-34716 WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo YPTSocket plugin's caller feature renders incoming call notifications using the jQuery Toast Plugin, passing the ca... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-34404 Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the imageβgeneration component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Servi... | 7.5 | HIGH | β | 0 |
| CVE-2026-34400 Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API (q=) was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-sup... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-34405 Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the imageβgeneration component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a vulnerability t... | 6.1 | MEDIUM | β | 0 |
| CVE-2004-1400 The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | N/A | NONE | β | 0 |
| CVE-2004-1401 SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. | N/A | NONE | β | 0 |
| CVE-2004-1402 SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. | N/A | NONE | β | 0 |
| CVE-2024-47622 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ILLID Advanced Woo Labels advanced-woo-labels allows Stored XSS.This issue affects Advanced Woo La... | 6.5 | MEDIUM | β | 0 |
| CVE-2010-4639 SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. | N/A | NONE | β | 0 |
| CVE-2004-1403 PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote we... | N/A | NONE | β | 0 |
| CVE-2010-4640 Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/v... | N/A | NONE | β | 0 |
| CVE-2010-4641 SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | N/A | NONE | β | 0 |
| CVE-2010-4642 Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.