Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-22188 Panda3D versions up to and including 1.10.16 deploy-stub contains a denial of service vulnerability due to unbounded stack allocation. The deploy-stub executable allocates argv_copy and argv_copy2 usi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-22189 Panda3D versions up to and including 1.10.16 egg-mkfont contains a stack-based buffer overflow vulnerability due to use of an unbounded sprintf() call with attacker-controlled input. When constructing... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-22190 Panda3D versions up to and including 1.10.16 egg-mkfont contains an uncontrolled format string vulnerability. The -gp (glyph pattern) command-line option is used directly as the format string for spri... | 7.5 | HIGH | β | 0 |
| CVE-2025-69222 LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the defaul... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-69263 pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies (and git-hosted tarballs) in the lockfile without integrity hashes. This allows the remote server to serve differe... | 7.5 | HIGH | β | 0 |
| CVE-2026-22043 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-69264 pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scrip... | 8.8 | HIGH | β | 0 |
| CVE-2026-21683 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21684 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21685 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21686 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21687 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21688 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21689 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-21690 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-21691 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-21692 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-21693 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-22046 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2026-22047 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | β | 0 |
| CVE-2025-69262 pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. ... | 7.5 | HIGH | β | 0 |
| CVE-2017-20212 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains an information disclosure vulnerability that allows unauthenticated attackers to read arbitrary files through unverified input paramete... | 6.2 | MEDIUM | β | 0 |
| CVE-2017-20213 FLIR Thermal Camera F/FC/PT/D Stream firmware version 8.0.0.64 contains an unauthenticated vulnerability that allows remote attackers to access live camera streams without credentials. Attackers can e... | 7.5 | HIGH | β | 0 |
| CVE-2025-61246 indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in master/review_action.php via the proId parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2017-20214 FLIR Thermal Camera F/FC/PT/D firmware version 8.0.0.64 contains hard-coded SSH credentials that cannot be changed through normal camera operations. Attackers can leverage these persistent, unmodifiab... | 7.5 | HIGH | β | 0 |
| CVE-2017-20215 FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated a... | 8.8 | HIGH | β | 0 |
| CVE-2017-20216 FLIR Thermal Camera PT-Series firmware version 8.0.0.64 contains multiple unauthenticated remote command injection vulnerabilities in the controllerFlirSystem.php script. Attackers can execute arbitra... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25231 devolo dLAN Cockpit 4.3.1 contains an unquoted service path vulnerability in the 'DevoloNetworkService' that allows local non-privileged users to potentially execute arbitrary code. Attackers can expl... | 8.4 | HIGH | β | 0 |
| CVE-2019-25259 Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-25268 NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. Attackers can exploit i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-40975 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to β/hrmgo/ticket/changereplyβ, using the βdescript... | N/A | NONE | β | 0 |
| CVE-2019-25270 SOCA Access Control System 180612 contains a cross-site scripting vulnerability in the 'senddata' POST parameter of logged_page.php that allows attackers to inject malicious scripts. Attackers can exp... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25278 FaceSentry Access Control System 6.4.8 contains a cleartext transmission vulnerability that allows remote attackers to intercept authentication credentials. Attackers can perform man-in-the-middle att... | 5.9 | MEDIUM | β | 0 |
| CVE-2019-25279 FaceSentry Access Control System 6.4.8 contains a cleartext password storage vulnerability that allows attackers to access unencrypted credentials in the device's SQLite database. Attackers can direct... | 7.5 | HIGH | β | 0 |
| CVE-2019-25280 Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code i... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25282 V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redire... | 9.8 | CRITICAL | β | 0 |
| CVE-2019-25284 V-SOL GPON/EPON OLT Platform v2.03 contains multiple reflected cross-site scripting vulnerabilities due to improper input sanitization in various script parameters. Attackers can exploit these vulnera... | 6.1 | MEDIUM | β | 0 |
| CVE-2019-25289 SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit th... | 8.8 | HIGH | β | 0 |
| CVE-2019-25290 Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi en... | 5.3 | MEDIUM | β | 0 |
| CVE-2019-25291 INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these pe... | 7.5 | HIGH | β | 0 |
| CVE-2025-15346 A vulnerability in the handling of verify_mode = CERT_REQUIRED in the wolfssl Python package (wolfssl-py) causes client certificate requirements to not be fully enforced.Β Because the WOLFSSL_VERIFY_... | N/A | NONE | β | 0 |
| CVE-2026-21694 Titra is open source project time tracking software. Versions 0.99.49 and below have Improper Access Control, allowing users to view and edit other users' time entries in private projects they have no... | 6.8 | MEDIUM | β | 0 |
| CVE-2026-21695 Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time ent... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-22490 Missing Authorization vulnerability in niklaslindemann Bulk Landing Page Creator for WordPress LPagery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk L... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-21858 n8n is an open source workflow automation platform. Versions starting with 1.65.0 and below 1.121.0 enable an attacker to access files on the underlying server through execution of certain form-based ... | 10.0 | CRITICAL | β | 0 |
| CVE-2019-25295 The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a wh... | 6.5 | MEDIUM | β | 0 |
| CVE-2019-25296 The WP Cost Estimation plugin for WordPress is vulnerable to arbitrary file uploads and deletion due to missing file type validation in the lfb_upload_form and lfb_removeFile AJAX actions in versions ... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-12640 The Folders β Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Replacement in all versions up to, and i... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-14275 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.0.1 due to insufficient input sanitization in the countdown widget's red... | 6.4 | MEDIUM | β | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.