Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28102 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Classic uberSlider_classic allows Reflected XSS.This issue affects UberSli... | 7.1 | HIGH | — | 0 |
| CVE-2026-28103 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LBG Zoominoutslider lbg_zoominoutslider allows Reflected XSS.This issue affects LBG Z... | 7.1 | HIGH | — | 0 |
| CVE-2026-28104 Missing Authorization vulnerability in Aryan Shirani Bid Abadi Site Suggest site-suggest allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Site Suggest: from n/a throu... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28105 Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28107 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Muzicon muzicon allows PHP Local File Inclusion.This issue affects Muz... | 8.1 | HIGH | — | 0 |
| CVE-2026-28108 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows R... | 7.1 | HIGH | — | 0 |
| CVE-2026-28109 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Reflected XS... | 7.1 | HIGH | — | 0 |
| CVE-2026-28110 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows R... | 7.1 | HIGH | — | 0 |
| CVE-2026-28112 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue af... | 7.1 | HIGH | — | 0 |
| CVE-2026-28113 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimat... | 7.1 | HIGH | — | 0 |
| CVE-2026-28114 Unrestricted Upload of File with Dangerous Type vulnerability in firassaidi WooCommerce License Manager fs-license-manager allows Upload a Web Shell to a Web Server.This issue affects WooCommerce Lice... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-28115 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSyste... | 9.3 | CRITICAL | — | 0 |
| CVE-2026-28117 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | — | 0 |
| CVE-2026-28118 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | — | 0 |
| CVE-2026-28119 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Nirvana allows PHP Local File Inclusion.This issue affects Nirvana:... | 8.1 | HIGH | — | 0 |
| CVE-2026-28120 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue a... | 8.1 | HIGH | — | 0 |
| CVE-2026-28121 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2026-28122 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows Reflected XSS.This issue affects ListingPro: from... | 7.1 | HIGH | — | 0 |
| CVE-2026-28123 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil:... | 8.1 | HIGH | — | 0 |
| CVE-2026-20996 Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. | N/A | NONE | — | 0 |
| CVE-2026-28127 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in e-plugins Lawyer Directory lawyer-directory allows Reflected XSS.This issue affects Lawyer Directo... | 7.1 | HIGH | — | 0 |
| CVE-2026-28128 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: ... | 8.1 | HIGH | — | 0 |
| CVE-2026-28129 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This ... | 8.1 | HIGH | — | 0 |
| CVE-2026-28130 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AndonDesign UDesign u-design allows Reflected XSS.This issue affects UDesign: from n/a through <= ... | 7.1 | HIGH | — | 0 |
| CVE-2026-28133 Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.12. | 8.1 | HIGH | — | 0 |
| CVE-2026-28134 Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetEngine jet-engine allows Remote Code Inclusion.This issue affects JetEngine: from n/a through <= 3.7.2. | 8.5 | HIGH | — | 0 |
| CVE-2026-28135 Inclusion of Functionality from Untrusted Control Sphere vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Accessing Functionality Not Properly Constrained by ACLs.This is... | 8.2 | HIGH | — | 0 |
| CVE-2026-28137 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Reflected XSS.This issue affects... | 7.1 | HIGH | — | 0 |
| CVE-2026-29052 The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and efficiently track all scheduled activities. Prior to version 1.8.11, a Stored Cros... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29053 Ghost is a Node.js content management system. From version 0.7.2 to 6.19.0, specifically crafted malicious themes can execute arbitrary code on the server running Ghost. This issue has been patched in... | 7.6 | HIGH | — | 0 |
| CVE-2026-29128 IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components (e.g., zebra, bgpd, ospfd, and ripd) that are owned by root but world-readable. The config... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-2418 The Login with Salesforce WordPress plugin through 1.0.2 does not validate that users are allowed to login through Salesforce, allowing unauthenticated users to be authenticated as any user (such as a... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-30777 EC-CUBE provided by EC-CUBE CO.,LTD. contains a multi-factor authentication (MFA) bypass vulnerability. An attacker who has obtained a valid administrator ID and password may be able to bypass two-fac... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3072 The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_fields_action() function in all versions ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1678 dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past th... | 9.4 | CRITICAL | — | 0 |
| CVE-2026-25702 A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SU... | 7.3 | HIGH | — | 0 |
| CVE-2026-28536 Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 9.6 | CRITICAL | — | 0 |
| CVE-2026-2743 Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-66319 Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity. | 3.3 | LOW | — | 0 |
| CVE-2026-1321 The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` fun... | 8.1 | HIGH | — | 0 |
| CVE-2026-21786 HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs. | 3.3 | LOW | — | 0 |
| CVE-2026-28537 Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.1 | MEDIUM | — | 0 |
| CVE-2026-28538 Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-28539 Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28540 Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28541 Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-28543 Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-28544 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.2 | MEDIUM | — | 0 |
| CVE-2026-28545 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-22457 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.