Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-22577 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22578 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22579 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22580 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2026-22581 Rejected reason: Not used | N/A | NONE | — | 0 |
| CVE-2025-40976 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description... | N/A | NONE | — | 0 |
| CVE-2026-0697 A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-0698 A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-13679 The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_order_by_id() function in all versio... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-0699 A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argum... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-0700 A vulnerability was determined in code-projects Intern Membership Management System 1.0. Affected is an unknown function of the file /intern/admin/check_admin.php. Executing a manipulation of the argu... | 7.3 | HIGH | — | 0 |
| CVE-2025-14984 The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component a... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0675 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-21871 NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push() or ui.navigate.hi... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21872 NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.sub_pages, combined with attacker-controlled link rendering on th... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-21873 NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment ident... | 7.2 | HIGH | — | 0 |
| CVE-2026-21874 NiceGUI is a Python-based UI framework. From versions v2.10.0 to 3.4.1, an unauthenticated attacker can exhaust Redis connections by repeatedly opening and closing browser tabs on any NiceGUI applicat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22242 CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extrac... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-66001 NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by defa... | 8.8 | HIGH | — | 0 |
| CVE-2025-62877 Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster o... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69258 A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supp... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-69259 A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authent... | 7.5 | HIGH | — | 0 |
| CVE-2025-69260 A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations. Please note: authentication i... | 7.5 | HIGH | — | 0 |
| CVE-2025-14025 A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows ... | 8.5 | HIGH | — | 0 |
| CVE-2025-8306 Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other acco... | N/A | NONE | — | 0 |
| CVE-2026-21885 Miniflux 2 is an open source feed reader. Prior to version 2.2.16, Miniflux's media proxy endpoint (`GET /proxy/{encodedDigest}/{encodedURL}`) can be abused to perform Server-Side Request Forgery (SSR... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-21891 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions up to and including 1.5.0, the application checks the validity of the username but appears to... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-4596 Asseco ADMX system is used for processing medical records. It allows logged in users to access medical files belonging to other users through manipulation of GET arguments containing document IDs. Thi... | N/A | NONE | — | 0 |
| CVE-2025-66002 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper | N/A | NONE | — | 0 |
| CVE-2025-66003 An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThi... | N/A | NONE | — | 0 |
| CVE-2025-67603 A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31. | N/A | NONE | — | 0 |
| CVE-2026-22028 Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 cau... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22041 Logging Redactor is a Python library designed to redact sensitive data in logs based on regex patterns and / or dictionary keys. Prior to version 0.0.6, non-string types are converted into string type... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22042 RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he `ImportIam` admin API validates permissions using `ExportIAMAction` instead of `ImportIAMAction`, allow... | 8.8 | HIGH | — | 0 |
| CVE-2025-63611 Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the a... | 8.7 | HIGH | — | 0 |
| CVE-2025-67089 A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the `plugins.install_package` RPC method, which fails to properly sanitize us... | 8.1 | HIGH | — | 0 |
| CVE-2025-67090 The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechan... | 5.1 | MEDIUM | — | 0 |
| CVE-2025-67091 An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-67858 A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration... | N/A | NONE | — | 0 |
| CVE-2026-22244 OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must ... | 7.2 | HIGH | — | 0 |
| CVE-2026-22245 Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mec... | 7.5 | HIGH | — | 0 |
| CVE-2026-22255 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 ... | 8.8 | HIGH | — | 0 |
| CVE-2025-50334 An issue in Technitium DNS Server v.13.5 allows a remote attacker to cause a denial of service via the rate-limiting component | 7.5 | HIGH | — | 0 |
| CVE-2025-55125 This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as root by creating a malicious backup configuration file. | 7.8 | HIGH | — | 0 |
| CVE-2025-56424 An issue in Insiders Technologies GmbH e-invoice pro before release 1 Service Pack 2 allows a remote attacker to cause a denial of service via a crafted script | 7.5 | HIGH | — | 0 |
| CVE-2025-59468 This vulnerability allows a Backup Administrator to perform remote code execution (RCE) as the postgres user by sending a malicious password parameter. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-59469 This vulnerability allows a Backup or Tape Operator to write files as root. | 9.0 | CRITICAL | — | 0 |
| CVE-2025-59470 This vulnerability allows a Backup Operator to perform remote code execution (RCE) as the postgres user by sending a malicious interval or order parameter. | 9.0 | CRITICAL | — | 0 |
| CVE-2026-0671 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - UploadWizard extension allows Cross-Site Scripting (XSS).T... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-20963 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.