Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-32928 V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected pro... | 7.8 | HIGH | β | 0 |
| CVE-2026-32929 V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product. | 7.8 | HIGH | β | 0 |
| CVE-2026-3882 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-4759 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2026-5314 A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation result... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-32173 Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-33105 Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | β | 0 |
| CVE-2026-35507 Shynet before 0.14.0 allows Host header injection in the password reset flow. | 6.4 | MEDIUM | β | 0 |
| CVE-2026-35508 Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28815 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime p... | 7.5 | HIGH | β | 0 |
| CVE-2026-35535 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. | 7.4 | HIGH | β | 0 |
| CVE-2026-35536 In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. | 7.2 | HIGH | β | 0 |
| CVE-2024-40489 There is an injection vulnerability in jeecg boot versions 3.0.0 to 3.5.3 due to lax character filtering, which allows attackers to execute arbitrary code on components through specially crafted HTTP ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20042 A vulnerability in the configuration backup feature of Cisco Nexus Dashboard could allow an attacker who has the encryption password and access to Full or Config-only backup files to access sensitive ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-20085 A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerabil... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20087 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the int... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-20088 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the int... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-20089 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the int... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-4551 A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a man... | 8.8 | HIGH | β | 0 |
| CVE-2026-4552 A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the... | 8.8 | HIGH | β | 0 |
| CVE-2026-4553 A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page lead... | 8.8 | HIGH | β | 0 |
| CVE-2026-33416 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_se... | 7.5 | HIGH | β | 0 |
| CVE-2026-20155 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive informa... | 8.0 | HIGH | β | 0 |
| CVE-2026-20160 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SS... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20174 A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-30273 pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | 7.3 | HIGH | β | 0 |
| CVE-2026-30643 An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33949 Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the ... | 8.1 | HIGH | β | 0 |
| CVE-2026-5346 A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulati... | 7.3 | HIGH | β | 0 |
| CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a leg... | 7.5 | HIGH | β | 0 |
| CVE-2026-5350 A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack... | 8.8 | HIGH | β | 0 |
| CVE-2026-34576 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get() with no SSR... | 7.7 | HIGH | β | 0 |
| CVE-2026-34523 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version ... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-34584 listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to acces... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-23317 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup func... | 7.8 | HIGH | β | 0 |
| CVE-2026-23336 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interfaces... | 7.8 | HIGH | β | 0 |
| CVE-2026-23340 In the Linux kernel, the following vulnerability has been resolved: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs When shrinking the number of real tx queues, netif_s... | 7.8 | HIGH | β | 0 |
| CVE-2026-23350 In the Linux kernel, the following vulnerability has been resolved: drm/xe/queue: Call fini on exec queue creation fail Every call to queue init should have a corresponding fini call. Skipping this ... | 7.8 | HIGH | β | 0 |
| CVE-2026-23351 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Und... | 7.8 | HIGH | β | 0 |
| CVE-2026-33536 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incre... | 5.1 | MEDIUM | β | 0 |
| CVE-2026-5213 A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 8.8 | HIGH | β | 0 |
| CVE-2026-5214 A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, D... | 8.8 | HIGH | β | 0 |
| CVE-2026-5215 A vulnerability was identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-0932 Blind server-side request forgery (SSRF) vulnerability in legacy connection methods of document co-authoring features in M-Files Server before 26.3 allow an unauthenticated attacker to cause the serve... | 7.3 | HIGH | β | 0 |
| CVE-2026-28797 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions 0.24.0 and prior, a Server-Side Template Injection (SSTI) vulnerability exists in RAGFlow's Agent workflow Text Proce... | 8.8 | HIGH | β | 0 |
| CVE-2026-27885 Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerabi... | 7.2 | HIGH | β | 0 |
| CVE-2026-33709 JupyterHub is software that allows one to create a multi-user server for Jupyter notebooks. Prior to version 5.4.4, an open redirect vulnerability in JupyterHub allows attackers to construct links whi... | N/A | NONE | β | 0 |
| CVE-2026-35549 An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user ac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-34376 PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to ... | 7.5 | HIGH | β | 0 |
| CVE-2026-34397 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From versions 2.0.0-alpha to before 2.3.9 and 3.0.0-alpha to before 3.1.1, there is a conditional local privilege escal... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.