Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-20014 A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, remote attacker with valid VPN user credentials to cause a DoS co... | 7.7 | HIGH | — | 0 |
| CVE-2026-20015 A vulnerability in the IKEv2 feature of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device ... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20039 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote... | 8.6 | HIGH | — | 0 |
| CVE-2026-20105 A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenti... | 7.7 | HIGH | — | 0 |
| CVE-2026-20106 A vulnerability in the Remote Access SSL VPN, HTTP management and MUS functionality, of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Softwa... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20021 A vulnerability in the OSPF protocol of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, adjacent ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3497 Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH up... | N/A | NONE | — | 0 |
| CVE-2026-22738 In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-5121 A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially cr... | 7.5 | HIGH | — | 0 |
| CVE-2026-29131 SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | 7.5 | HIGH | — | 0 |
| CVE-2026-29133 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | 9.1 | CRITICAL | — | 0 |
| CVE-2026-29134 SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | 7.5 | HIGH | — | 0 |
| CVE-2026-29135 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | 7.5 | HIGH | — | 0 |
| CVE-2026-29136 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29137 SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29138 SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | 7.5 | HIGH | — | 0 |
| CVE-2026-29139 SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-40087 LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some promp... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-40088 PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM... | 9.6 | CRITICAL | — | 0 |
| CVE-2026-5187 Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4111 A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed... | 7.5 | HIGH | — | 0 |
| CVE-2026-34782 Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/ai_assistance/text_tools/:id was not checking if a user is privileged to us... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-35205 Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed... | 7.8 | HIGH | — | 0 |
| CVE-2019-25711 SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. A... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25712 BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trig... | 6.2 | MEDIUM | — | 0 |
| CVE-2019-25713 MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attacke... | 7.1 | HIGH | — | 0 |
| CVE-2019-25703 ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacker... | 7.1 | HIGH | — | 0 |
| CVE-2026-30997 An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | HIGH | — | 0 |
| CVE-2026-31283 In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-36941 Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php. | 2.7 | LOW | — | 0 |
| CVE-2026-36944 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php. | 2.7 | LOW | — | 0 |
| CVE-2026-36945 Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php | 2.7 | LOW | — | 0 |
| CVE-2025-31991 Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability i... | 6.8 | MEDIUM | — | 0 |
| CVE-2025-69627 Nitro PDF Pro for Windows 14.41.1.4 contains a heap use-after-free vulnerability in the implementation of the JavaScript method this.mailDoc(). During execution, an internal XID object is allocated an... | 8.4 | HIGH | — | 0 |
| CVE-2026-30804 Unrestricted Upload of File with Dangerous Type vulnerability allows Remote Code Execution via file upload. This issue affects Pandora FMS: from 777 through 800 | N/A | NONE | — | 0 |
| CVE-2026-30806 Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800 | N/A | NONE | — | 0 |
| CVE-2026-22563 A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0.... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22564 An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-33947 jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by ... | 6.2 | MEDIUM | — | 0 |
| CVE-2026-34238 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a he... | 5.1 | MEDIUM | — | 0 |
| CVE-2026-4786 Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the u... | N/A | NONE | — | 0 |
| CVE-2026-5086 Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in timi... | 7.5 | HIGH | — | 0 |
| CVE-2026-0512 Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed b... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-24318 Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unautho... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-27672 The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a low... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27673 Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-27674 Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and caus... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-27675 SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due to... | 2.0 | LOW | — | 0 |
| CVE-2026-27676 Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27677 Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. T... | 6.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.