Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-41709 An unauthenticated remote attacker can perform a command injection via Modbus-TCP or Modbus-RTU to gain read and write access on the affected device. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-41712 An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for th... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-48418 A hidden functionality vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.0 through 7.2.10, FortiAnalyzer 7.0.0 through 7.0.14, FortiAnal... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-48840 An authentication bypass by spoofing vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.8, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow a remote unaut... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-49784 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.... | 6.0 | MEDIUM | β | 0 |
| CVE-2025-53608 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-53706 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. No... | N/A | NONE | β | 0 |
| CVE-2025-54659 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] vulnerability in Fortinet FortiSOAR Agent Communication Bridge 1.1.0, FortiSOAR Agent Communica... | 5.8 | MEDIUM | β | 0 |
| CVE-2025-54820 A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiManager 7.4.0 through 7.4.2, FortiManager 7.2.0 through 7.2.10, FortiManager 6.4 all versions may allow a remote un... | 8.1 | HIGH | β | 0 |
| CVE-2025-55717 A cleartext storage of sensitive information vulnerability [CWE-312] vulnerability in Fortinet FortiMail 7.6.0 through 7.6.2, FortiMail 7.4.0 through 7.4.4, FortiMail 7.2.0 through 7.2.7, FortiMail 7.... | 4.0 | MEDIUM | β | 0 |
| CVE-2025-66178 A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 throug... | 7.2 | HIGH | β | 0 |
| CVE-2025-68482 A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiA... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-26134 Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-68648 A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versi... | 7.2 | HIGH | β | 0 |
| CVE-2025-69614 Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Accoun... | 9.4 | CRITICAL | β | 0 |
| CVE-2025-69615 Incorrect Access Control via missing 2FA rate-limiting allowing unlimited brute-force retries and full MFA bypass with no user interaction required. Affected Product: Deutsche Telekom AG Telekom Accou... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-70025 An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in benkeen generatedata 4.0.14. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-1261 The MetForm Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Quiz feature in all versions up to, and including, 3.9.6 due to insufficient input sanitization and output esc... | 7.2 | HIGH | β | 0 |
| CVE-2026-1286 CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when an admin authenticated use... | N/A | NONE | β | 0 |
| CVE-2026-20967 Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-1715 An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to modify arbitrary registry keys ... | 7.1 | HIGH | β | 0 |
| CVE-2026-21262 Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-21791 HCL Sametime for Android is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URL | 3.3 | LOW | β | 0 |
| CVE-2026-22572 An authentication bypass using an alternate path or channel vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.3, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2.2 through 7.2.11, FortiMan... | 7.2 | HIGH | β | 0 |
| CVE-2026-22614 The encryption mechanism used in Eaton's EasySoft project file wasΒ insecure and susceptible to brute force attacks, an attacker with access to this file and the local host machine could potentially re... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-22627 A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent... | 8.8 | HIGH | β | 0 |
| CVE-2026-22628 An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. | 5.3 | MEDIUM | β | 0 |
| CVE-2026-22629 An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer ... | 3.7 | LOW | β | 0 |
| CVE-2026-30405 An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute | 7.5 | HIGH | β | 0 |
| CVE-2026-23239 In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is calle... | N/A | NONE | β | 0 |
| CVE-2026-23240 In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync(... | N/A | NONE | β | 0 |
| CVE-2026-23654 Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-23656 Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-23660 Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23661 Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23662 Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23664 Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-22316 A remote attacker with user privileges for the webUI can use the setting of the TFTP Filename with a POST Request to trigger a stack-based Buffer Overflow, resulting in a DoS attack. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-23667 Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23668 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23669 Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-23671 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2026-23673 Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23674 Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-24285 Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-1716 An input validation vulnerability was reported in the DeviceSettingsSystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to delete arbitrary registry keys ... | 7.1 | HIGH | β | 0 |
| CVE-2026-23907 This issue affects the ExtractEmbeddedFiles example inΒ Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-24017 An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0... | 8.1 | HIGH | β | 0 |
| CVE-2026-24018 A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.