Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-14058 A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locke... | 3.2 | LOW | β | 0 |
| CVE-2026-0421 A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as βOnβ in t... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-0600 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access u... | N/A | NONE | β | 0 |
| CVE-2026-23574 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23575 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23576 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23577 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23578 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23579 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23580 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23581 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23582 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-0976 A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configuratio... | 3.7 | LOW | β | 0 |
| CVE-2025-12895 The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-47774 Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding 25... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13859 The AffiliateX β Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in ver... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-0989 A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested <include> dir... | 3.7 | LOW | β | 0 |
| CVE-2026-0990 A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that ref... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-0992 A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated <nextCatalog> elements pointing to the same down... | 2.9 | LOW | β | 0 |
| CVE-2021-47759 MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a ... | 6.2 | MEDIUM | β | 0 |
| CVE-2021-47761 MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.ex... | 7.8 | HIGH | β | 0 |
| CVE-2021-47762 HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquot... | 7.8 | HIGH | β | 0 |
| CVE-2021-47763 Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter to re... | 8.2 | HIGH | β | 0 |
| CVE-2021-47766 Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vul... | 7.1 | HIGH | β | 0 |
| CVE-2021-47781 Cmder Console Emulator 1.3.18 contains a buffer overflow vulnerability that allows attackers to trigger a denial of service condition through a maliciously crafted .cmd file. Attackers can create a sp... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47784 Cyberfox Web Browser 52.9.1 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the search bar with excessive data. Attackers can generate a 9,000,... | 7.5 | HIGH | β | 0 |
| CVE-2021-47799 Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo sett... | 6.2 | MEDIUM | β | 0 |
| CVE-2021-47819 ProjeQtOr Project Management 9.1.4 contains a file upload vulnerability that allows guest users to upload malicious PHP files with arbitrary code execution capabilities. Attackers can upload a PHP scr... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-61973 A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation process, whic... | 8.8 | HIGH | β | 0 |
| CVE-2025-62193 Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a remote, unau... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-13845 CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody. | N/A | NONE | β | 0 |
| CVE-2026-23746 Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the S... | N/A | NONE | β | 0 |
| CVE-2026-1012 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2021-47756 Laravel Valet versions 1.1.4 to 2.0.3 contain a local privilege escalation vulnerability that allows users to modify the valet command with root privileges. Attackers can edit the symlinked valet comm... | 8.4 | HIGH | β | 0 |
| CVE-2021-47782 Odine Solutions GateKeeper 1.0 contains a SQL injection vulnerability in the trafficCycle API endpoint that allows remote attackers to inject malicious database queries. Attackers can exploit the vuln... | 8.2 | HIGH | β | 0 |
| CVE-2021-47795 GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploi... | 6.2 | MEDIUM | β | 0 |
| CVE-2021-47796 Denver SHC-150 Smart Wifi Camera contains a hardcoded telnet credential vulnerability that allows unauthenticated attackers to access a Linux shell. Attackers can connect to port 23 using the default ... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47797 Leawo Prof. Media 11.0.0.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized payload in the activation keycode field. Attackers can ge... | 7.5 | HIGH | β | 0 |
| CVE-2021-47798 NoteBurner 2.35 contains a buffer overflow vulnerability in the license code input field that allows attackers to crash the application. Attackers can generate a 6000-byte payload and paste it into th... | 9.8 | CRITICAL | β | 0 |
| CVE-2021-47800 b2evolution 7.2.2 contains a cross-site request forgery vulnerability that allows attackers to modify admin account details without authentication. Attackers can craft a malicious HTML form to submit ... | 5.3 | MEDIUM | β | 0 |
| CVE-2021-47801 Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious P... | 8.2 | HIGH | β | 0 |
| CVE-2021-47803 iFunbox 4.2 contains an unquoted service path vulnerability in the Apple Mobile Device Service that allows local attackers to execute code with elevated privileges. Attackers can insert a malicious ex... | 7.8 | HIGH | β | 0 |
| CVE-2021-47804 Wise Care 365 5.6.7.568 contains an unquoted service path vulnerability in the WiseBootAssistant service running with LocalSystem privileges. Attackers can exploit this by inserting a malicious execut... | 7.8 | HIGH | β | 0 |
| CVE-2021-47813 Backup Key Recovery 2.2.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the registration code input field. Attackers can paste a large buffer... | 7.5 | HIGH | β | 0 |
| CVE-2026-23709 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23710 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23711 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23712 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-23713 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.