Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-71113 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with so... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71114 In the Linux kernel, the following vulnerability has been resolved: via_wdt: fix critical boot hang due to unnamed resource allocation The VIA watchdog driver uses allocate_resource() to reserve a M... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71115 In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71116 In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encode... | 7.1 | HIGH | β | 0 |
| CVE-2025-71117 In the Linux kernel, the following vulnerability has been resolved: block: Remove queue freezing from several sysfs store callbacks Freezing the request queue from inside sysfs store callbacks may c... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-5606 A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-71125 In the Linux kernel, the following vulnerability has been resolved: tracing: Do not register unsupported perf events Synthetic events currently do not have a function to register perf events. This l... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71126 In the Linux kernel, the following vulnerability has been resolved: mptcp: avoid deadlock on fallback while reinjecting Jakub reported an MPTCP deadlock at fallback time: WARNING: possible recursi... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71127 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Discard Beacon frames to non-broadcast address Beacon frames are required to be sent to the broadcast address, see... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71128 In the Linux kernel, the following vulnerability has been resolved: erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named options tha... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71129 In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign extend kfunc call arguments The kfunc calls are native calls so they should follow LoongArch calling conventi... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71132 In the Linux kernel, the following vulnerability has been resolved: smc91x: fix broken irq-context in PREEMPT_RT When smc91x.c is built with PREEMPT_RT, the following splat occurs in FVP_RevC: [ ... | 5.5 | MEDIUM | β | 0 |
| CVE-2016-5141 Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address bar via vectors involving a provisional URL for an initially empty document, related to FrameLoader.c... | N/A | NONE | β | 0 |
| CVE-2026-23002 In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap... | 5.5 | MEDIUM | β | 0 |
| CVE-2016-5142 The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of... | N/A | NONE | β | 0 |
| CVE-2016-5143 The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which ... | N/A | NONE | β | 0 |
| CVE-2026-23005 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when upda... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23006 In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23007 In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized b... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23008 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface bac... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23009 In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes th... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23011 In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, s... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23012 In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, t... | 7.8 | HIGH | β | 0 |
| CVE-2026-23010 In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited c... | 7.8 | HIGH | β | 0 |
| CVE-2026-5607 A security vulnerability has been detected in imprvhub mcp-browser-agent up to 0.8.0. This impacts the function CallToolRequestSchema of the file src/handlers.ts of the component URL Parameter Handler... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-71180 In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROV... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71183 In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71184 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing f... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71185 In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-67438 A Stored Cross-Site Scripting (XSS) vulnerability in Sync-in Server before 1.9.3 allows an authenticated attacker to execute arbitrary JavaScript in a victim's browser. By uploading a crafted SVG file... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-26103 A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivi... | 7.1 | HIGH | β | 0 |
| CVE-2026-26104 A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method res... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-9909 A flaw was found in the Red Hat Ansible Automation Platform Gateway route creation component. This vulnerability allows credential theft via the creation of misleading routes using a double-slash (//)... | 6.7 | MEDIUM | β | 0 |
| CVE-2026-5616 A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/mod... | 7.3 | HIGH | β | 0 |
| CVE-2026-32310 Cryptomator encrypts data being stored on cloud infrastructure. From version 1.6.0 to before version 1.19.1, vault configuration is parsed before its integrity is verified, and the masterkeyfile loade... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-5619 A flaw has been found in Braffolk mcp-summarization-functions up to 0.1.5. This impacts an unknown function of the file src/server/mcp-server.ts of the component summarize_command. Executing a manipul... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-28868 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-28881 A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-25001 Improper Control of Generation of Code ('Code Injection') vulnerability in Saad Iqbal Post Snippets post-snippets allows Remote Code Inclusion.This issue affects Post Snippets: from n/a through <= 4.0... | 8.5 | HIGH | β | 0 |
| CVE-2026-5625 A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interfac... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1917 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Login Disable allows Functionality Bypass.This issue affects Login Disable: from 0.0.0 before 2.1.3. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-5638 A vulnerability was detected in HerikLyma CPPWebFramework up to 3.1. This issue affects some unknown processing. Performing a manipulation results in path traversal. Remote exploitation of the attack ... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-12708 IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user. | 6.2 | MEDIUM | β | 0 |
| CVE-2025-59788 Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0... | 6.4 | MEDIUM | β | 0 |
| CVE-2025-66676 An issue in IObit Unlocker v1.3.0.11 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. | 2.9 | LOW | β | 0 |
| CVE-2026-5639 A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulatio... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-28425 Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to ac... | 8.0 | HIGH | β | 0 |
| CVE-2026-22901 A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have al... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60949 Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8... | 9.1 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.