Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-0649 A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The manipul... | 4.7 | MEDIUM | β | 0 |
| CVE-2026-0650 OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted r... | N/A | NONE | β | 0 |
| CVE-2026-0656 The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is du... | 8.2 | HIGH | β | 0 |
| CVE-2026-20893 Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to the Windows syst... | N/A | NONE | β | 0 |
| CVE-2026-22156 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22157 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22158 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22159 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22160 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22161 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2026-22162 Rejected reason: Not used | N/A | NONE | β | 0 |
| CVE-2025-32303 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0. | 9.3 | CRITICAL | β | 0 |
| CVE-2025-46256 Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10. | 6.4 | MEDIUM | β | 0 |
| CVE-2025-46434 Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-46494 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through ... | 7.1 | HIGH | β | 0 |
| CVE-2026-20026 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak se... | 5.8 | MEDIUM | β | 0 |
| CVE-2026-20027 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensiti... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-20029 A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrat... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-22535 An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the b... | N/A | NONE | β | 0 |
| CVE-2026-22536 The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions | N/A | NONE | β | 0 |
| CVE-2026-22537 The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for an attacker. | N/A | NONE | β | 0 |
| CVE-2026-22543 The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could intercept the web request handl... | N/A | NONE | β | 0 |
| CVE-2026-22544 An attacker with a network connection could detect credentials in clear text. | N/A | NONE | β | 0 |
| CVE-2025-4677 Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card P... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21495 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22587 Ideagen DevonWay contains a stored cross site scripting vulnerability. A remote, authenticated attacker could craft a payload in the 'Reports' page that executes when another user views the report. Fi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21496 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21497 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21498 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21499 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21500 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack ove... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21501 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack ove... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21502 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21503 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-21504 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap buff... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-21505 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21506 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to Null poin... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21678 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buff... | 7.8 | HIGH | β | 0 |
| CVE-2026-21679 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buff... | 8.8 | HIGH | β | 0 |
| CVE-2026-21680 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-22539 As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | N/A | NONE | β | 0 |
| CVE-2025-64305 MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-68705 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.78, RustFS contains a path traversal vulnerability in the /rustfs/rpc/read_file_stream endpoint. ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-14279 MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to b... | N/A | NONE | β | 0 |
| CVE-2025-69220 LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker wi... | 7.1 | HIGH | β | 0 |
| CVE-2025-69221 LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of a... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-69255 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 to 1.0.0-alpha.77, a malformed gRPC GetMetrics request causes get_metrics to unwrap() failed deserialization of ... | 4.0 | MEDIUM | β | 0 |
| CVE-2026-21681 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21682 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.