Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-28425 Statmatic is a Laravel and Git powered content management system (CMS). Prior to versions 5.73.16 and 6.7.2, an authenticated control panel user with access to Antlers-enabled inputs may be able to ac... | 8.0 | HIGH | β | 0 |
| CVE-2026-22901 A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands. We have al... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60949 Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8... | 9.1 | CRITICAL | β | 0 |
| CVE-2019-25632 phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. At... | 6.2 | MEDIUM | β | 0 |
| CVE-2019-25646 Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attacker... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30655 SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj param... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-30661 iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script ... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-32853 LibVNCServer versions 0.9.15 and prior (fixed inΒ commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause informatio... | 8.1 | HIGH | β | 0 |
| CVE-2025-33247 NVIDIA Megatron LM contains a vulnerability in quantization configuration loading, which could allow remote code execution. A successful exploit of this vulnerability might lead to code execution, esc... | 7.8 | HIGH | β | 0 |
| CVE-2026-32854 LibVNCServer versions 0.9.15 and prior (fixed inΒ commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote atta... | 7.5 | HIGH | β | 0 |
| CVE-2026-29772 Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse() allocates a... | 5.9 | MEDIUM | β | 0 |
| CVE-2026-33323 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.51 and 9.6.0-alpha.40, the Pages route and legacy PublicAPI route for rese... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33409 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.52 and 9.6.0-alpha.41, an authentication bypass vulnerability allows an at... | 9.1 | CRITICAL | β | 0 |
| CVE-2026-33421 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.53 and 9.6.0-alpha.42, Parse Server's LiveQuery WebSocket interface does n... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33429 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.54 and 9.6.0-alpha.43, an attacker can subscribe to LiveQuery with a watch... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-33498 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.55 and 9.6.0-alpha.44, an attacker can send an unauthenticated HTTP reques... | 7.5 | HIGH | β | 0 |
| CVE-2026-33508 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.56 and 9.6.0-alpha.45, Parse Server's LiveQuery component does not enforce... | 7.5 | HIGH | β | 0 |
| CVE-2026-33527 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.57 and 9.6.0-alpha.48, an authenticated user can overwrite server-generate... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33538 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.58 and 9.6.0-alpha.52, an unauthenticated attacker can cause denial of ser... | 7.5 | HIGH | β | 0 |
| CVE-2026-33539 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.59 and 9.6.0-alpha.53, an attacker with master key access can execute arbi... | 7.2 | HIGH | β | 0 |
| CVE-2026-33624 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.60 and 9.6.0-alpha.54, an attacker who obtains a user's password and a sin... | 2.7 | LOW | β | 0 |
| CVE-2026-33627 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.61 and 9.6.0-alpha.55, an authenticated user calling GET /users/me receive... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33353 Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authorization flaw in repo import allows any authenticated SSH user to clone a server-loc... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33412 Vim is an open source, command line text editor. Prior to version 9.2.0202, a command injection vulnerability exists in Vim's glob() function on Unix-like systems. By including a newline character (\n... | 5.6 | MEDIUM | β | 0 |
| CVE-2025-33248 NVIDIA Megatron-LM contains a vulnerability in the hybrid conversion script where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vul... | 7.8 | HIGH | β | 0 |
| CVE-2026-24150 NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability... | 7.8 | HIGH | β | 0 |
| CVE-2026-24151 NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may l... | 7.8 | HIGH | β | 0 |
| CVE-2026-24152 NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability... | 7.8 | HIGH | β | 0 |
| CVE-2026-20622 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to capture a user's screen. | 7.5 | HIGH | β | 0 |
| CVE-2026-20637 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-24391 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a thro... | 7.1 | HIGH | β | 0 |
| CVE-2026-20639 An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead t... | 7.5 | HIGH | β | 0 |
| CVE-2026-20664 The issue was addressed with improved memory handling. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4. Processing maliciously crafted web content may lea... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-20690 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, mac... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-20691 An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted ... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-28866 This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-28880 A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-33222 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could ... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-4822 A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a ... | 7.0 | HIGH | β | 0 |
| CVE-2026-4823 A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to info... | 2.5 | LOW | β | 0 |
| CVE-2026-4824 A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulati... | 7.0 | HIGH | β | 0 |
| CVE-2026-6107 A flaw has been found in 1Panel-dev MaxKB up to 2.6.1. This issue affects some unknown processing of the file apps/common/middleware/chat_headers_middleware.py of the component ChatHeadersMiddleware. ... | 3.5 | LOW | β | 0 |
| CVE-2026-6108 A vulnerability was found in 1Panel-dev MaxKB up to 2.6.1. The affected element is the function execute of the file apps/application/flow/step_node/mcp_node/impl/base_mcp_node.py of the component Mode... | 6.3 | MEDIUM | β | 0 |
| CVE-2026-6109 A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-21513 Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. | 8.8 | HIGH | KEV | 0 |
| CVE-2026-6122 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of the argument page lea... | 8.8 | HIGH | β | 0 |
| CVE-2026-6123 A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys result... | 8.8 | HIGH | β | 0 |
| CVE-2025-69986 A buffer overflow vulnerability exists in the ONVIF GetStreamUri function of LSC Indoor Camera V7.6.32. The application fails to validate the length of the Protocol parameter inside the Transport elem... | 7.2 | HIGH | β | 0 |
| CVE-2026-6124 A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of th... | 8.8 | HIGH | β | 0 |
| CVE-2026-6125 A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler.... | 6.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.