Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32247 Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction... | 8.1 | HIGH | — | 0 |
| CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH up... | N/A | NONE | — | 0 |
| CVE-2026-1525 Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-31922 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through <=... | 8.5 | HIGH | — | 0 |
| CVE-2026-32239 Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, a negative Content-Length value was converted to unsigned, treating it as an impossibly large length instead. ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32240 Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be trun... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32248 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.12 and 8.6.38, an unauthenticated attacker can take over any user account t... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-32249 Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a charac... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32259 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possible... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-32260 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix... | 8.1 | HIGH | — | 0 |
| CVE-2026-32269 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.13 and 8.6.39, the OAuth2 authentication adapter does not correctly validat... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-32274 Black is the uncompromising Python code formatter. Prior to 26.3.1, Black writes a cache file, the name of which is computed from various formatting options. The value of the --python-cell-magics opti... | 7.5 | HIGH | — | 0 |
| CVE-2025-60233 Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-2581 This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-3611 The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by d... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-12453 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of c... | N/A | NONE | — | 0 |
| CVE-2025-12454 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in OpenText™ Vertica allows Reflected XSS. The vulnerability could lead to Reflected XSS attack of c... | N/A | NONE | — | 0 |
| CVE-2025-12455 Observable response discrepancy vulnerability in OpenText™ Vertica allows Password Brute Forcing. The vulnerability could lead to Password Brute Forcing in Vertica management console application.Thi... | N/A | NONE | — | 0 |
| CVE-2025-13337 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2025-13702 IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary Ja... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-13718 IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that c... | 3.7 | LOW | — | 0 |
| CVE-2025-13723 IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive user information using an expired access token | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13726 IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow a remote attacker to obtain sensitive information when detailed technical error messages are ret... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13777 Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. | 8.3 | HIGH | — | 0 |
| CVE-2025-60012 Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Sp... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-66249 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be ex... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-8766 A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-0954 There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted DSB file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary co... | 7.8 | HIGH | — | 0 |
| CVE-2026-0955 There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code ex... | 7.8 | HIGH | — | 0 |
| CVE-2026-0956 There is a memory corruption vulnerability due to an out-of-bounds read when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code ex... | 7.8 | HIGH | — | 0 |
| CVE-2026-0957 There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted file in Digilent DASYLab. This vulnerability may result in information disclosure or arbitrary code e... | 7.8 | HIGH | — | 0 |
| CVE-2026-1668 The web interface on multiple Omada switches does not adequately validate certain external inputs, which may lead to out-of-bound memory access when processing crafted requests. Under specific condit... | N/A | NONE | — | 0 |
| CVE-2026-1704 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.6.9.29. Th... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22182 wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType() function. A... | 7.5 | HIGH | — | 0 |
| CVE-2026-22183 wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting commen... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-25818 HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have weak entropy for authentication cookies, allowing an atta... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-22192 wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by importing a crafted options file with unescaped custom... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-22193 wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious S... | 8.1 | HIGH | — | 0 |
| CVE-2026-22199 wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled head... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22201 wpDiscuz before 7.6.47 contains an IP spoofing vulnerability in the getIP() function that allows attackers to bypass IP-based rate limiting and ban enforcement by trusting untrusted HTTP headers. Atta... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22202 wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a vali... | 8.1 | HIGH | — | 0 |
| CVE-2026-22203 wpDiscuz before 7.6.47 contains an information disclosure vulnerability that allows administrators to inadvertently expose OAuth secrets by exporting plugin options as JSON. Attackers can obtain expor... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-25819 HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 allows unauthenticated attackers to cause a Denial of Service ... | 7.5 | HIGH | — | 0 |
| CVE-2026-22204 wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the comment_author_email cookie. Attackers ... | 3.7 | LOW | — | 0 |
| CVE-2026-22210 wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpl... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22215 wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage() function that allows attackers to trigger unauthorized actions without nonce validation. Attackers ca... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-22216 wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-25823 HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have a stack buffer overflow that leads to a Denial of Service... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23940 Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded pa... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23941 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in Erlang OTP (inets httpd module) allows HTTP Request Smuggling. This vulnerability is associated with program f... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.