Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28552 Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.5 | MEDIUM | — | 0 |
| CVE-2026-2893 The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' parameter in the content_clone() function in all versions up to, and including, 6.3. This is due to insuf... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28717 Local privilege escalation due to improper directory permissions. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186. | N/A | NONE | — | 0 |
| CVE-2026-28542 Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability. | 7.3 | HIGH | — | 0 |
| CVE-2026-28546 Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 5.9 | MEDIUM | — | 0 |
| CVE-2026-28547 Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-28548 Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 7.1 | HIGH | — | 0 |
| CVE-2026-28549 Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability. | 6.6 | MEDIUM | — | 0 |
| CVE-2026-28551 Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.7 | MEDIUM | — | 0 |
| CVE-2025-69534 Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Ma... | 7.5 | HIGH | — | 0 |
| CVE-2025-11143 The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security ... | 3.7 | LOW | — | 0 |
| CVE-2026-1605 In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding r... | 7.5 | HIGH | — | 0 |
| CVE-2026-21628 A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3236 In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2599 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-1720 The WowOptin: Next-Gen Popup Maker – Create Stunning Popups and Optins for Lead Generation plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability ... | 8.8 | HIGH | — | 0 |
| CVE-2026-1068 An improper certificate validation vulnerability was reported in the Lenovo Filez application that could allow a user capable of intercepting network traffic to obtain sensitive user data from the app... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-27748 Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under C:\... | 7.8 | HIGH | — | 0 |
| CVE-2026-27749 Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privil... | 7.8 | HIGH | — | 0 |
| CVE-2026-27750 Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan ... | 7.8 | HIGH | — | 0 |
| CVE-2026-30791 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, ... | 7.5 | HIGH | — | 0 |
| CVE-2026-3598 Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Config string generation, web console export mod... | N/A | NONE | — | 0 |
| CVE-2026-20997 Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. | N/A | NONE | — | 0 |
| CVE-2025-64166 Mercurius is a GraphQL adapter for Fastify. Prior to version 16.4.0, a cross-site request forgery (CSRF) vulnerability was identified. The issue arises from incorrect parsing of the Content-Type heade... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-25048 xgrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.32, the multi-level nested syntax caused a segmentation fault (core dumped). This i... | 7.5 | HIGH | — | 0 |
| CVE-2026-26377 Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-30783 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Client signaling, API sync loop, config management modules) allows Privilege Abuse... | N/A | NONE | — | 0 |
| CVE-2026-30784 Missing Authorization, Missing Authentication for Critical Function vulnerability in rustdesk-server RustDesk Server rustdesk-server, rustdesk-server-pro on hbbs/hbbr on all server platforms (Rendezvo... | N/A | NONE | — | 0 |
| CVE-2026-30785 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client ... | N/A | NONE | — | 0 |
| CVE-2026-30789 Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, And... | N/A | NONE | — | 0 |
| CVE-2026-30790 Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on W... | N/A | NONE | — | 0 |
| CVE-2026-30792 A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Strategy sync, HTTP API client, config options engine modules) allows Application ... | N/A | NONE | — | 0 |
| CVE-2026-30793 Cross-Site Request Forgery (CSRF) vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, FFI bridge modules) allows Privil... | N/A | NONE | — | 0 |
| CVE-2026-30794 Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the... | N/A | NONE | — | 0 |
| CVE-2026-30795 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30796 Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux (Address book sync API modules) allows Sniffing At... | N/A | NONE | — | 0 |
| CVE-2026-30797 Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API... | N/A | NONE | — | 0 |
| CVE-2025-70948 A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header. | 9.3 | CRITICAL | — | 0 |
| CVE-2026-30798 Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Hea... | 7.5 | HIGH | — | 0 |
| CVE-2025-13476 Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (D... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-45691 An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs ... | 7.5 | HIGH | — | 0 |
| CVE-2025-70229 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70230 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70231 D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70949 An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. | 7.5 | HIGH | — | 0 |
| CVE-2025-70232 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70233 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70616 A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds ... | 7.8 | HIGH | — | 0 |
| CVE-2025-7375 A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This result... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22457 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.