Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-32594 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.40 and 9.6.0-alpha.14, the GraphQL WebSocket endpoint for subscriptions does not pa... | 7.3 | HIGH | — | 0 |
| CVE-2026-4229 A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function remove_training_data of the file src/vanna/legacy/google/bigquery_vector.py. This manipulation of the argument ID causes ... | 7.3 | HIGH | — | 0 |
| CVE-2025-71257 BMC FootPrints ITSM versions 20.20.02 through 20.24.01.001 contain an authentication bypass vulnerability due to improper enforcement of security filters on restricted REST API endpoints and servlets.... | 7.3 | HIGH | — | 0 |
| CVE-2026-4504 A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. I... | 7.3 | HIGH | — | 0 |
| CVE-2026-4615 A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injectio... | 7.3 | HIGH | — | 0 |
| CVE-2026-4613 A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. Th... | 7.3 | HIGH | — | 0 |
| CVE-2026-3723 A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno r... | 7.3 | HIGH | — | 0 |
| CVE-2026-3730 A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performin... | 7.3 | HIGH | — | 0 |
| CVE-2026-4236 A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument t... | 7.3 | HIGH | — | 0 |
| CVE-2026-3734 A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of th... | 7.3 | HIGH | — | 0 |
| CVE-2026-3735 A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-3736 A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulatio... | 7.3 | HIGH | — | 0 |
| CVE-2026-4288 A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoi... | 7.3 | HIGH | — | 0 |
| CVE-2026-4237 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argumen... | 7.3 | HIGH | — | 0 |
| CVE-2026-27649 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predic... | 7.3 | HIGH | — | 0 |
| CVE-2026-4497 A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command inj... | 7.3 | HIGH | — | 0 |
| CVE-2026-4499 A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launc... | 7.3 | HIGH | — | 0 |
| CVE-2026-4287 A security flaw has been discovered in Tiandy Easy7 Integrated Management Platform 7.17.0. The affected element is an unknown function of the file /rest/devStatus/queryResources of the component Endpo... | 7.3 | HIGH | — | 0 |
| CVE-2026-4289 A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipu... | 7.3 | HIGH | — | 0 |
| CVE-2026-4235 A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4612 A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Ha... | 7.3 | HIGH | — | 0 |
| CVE-2026-33147 GMT is an open source collection of command-line tools for manipulating geographic and Cartesian data sets. In versions from 6.6.0 and prior, a stack-based buffer overflow vulnerability was identified... | 7.3 | HIGH | — | 0 |
| CVE-2026-4528 A vulnerability was determined in trueleaf ApiFlow 0.9.7. The impacted element is the function validateUrlSecurity of the file packages/server/src/service/proxy/http_proxy.service.ts of the component ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4201 A weakness has been identified in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This vulnerability affects the function Upload of the file business/business-system/src/main/java/com... | 7.3 | HIGH | — | 0 |
| CVE-2026-2364 If a legitimate user confirms a self-update prompt or initiate an installation of a CODESYS Development System, a low privileged local attacker can gain elevated rights due to a TOCTOU vulnerability i... | 7.3 | HIGH | — | 0 |
| CVE-2026-4200 A security flaw has been discovered in glowxq glowxq-oj up to 6f7c723090472057252040fd2bbbdaa1b5ed2393. This affects the function uploadTestcaseZipUrl of the file business/business-oj/src/main/java/co... | 7.3 | HIGH | — | 0 |
| CVE-2026-3757 A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm ... | 7.3 | HIGH | — | 0 |
| CVE-2026-4632 A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Execut... | 7.3 | HIGH | — | 0 |
| CVE-2026-3758 A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument In... | 7.3 | HIGH | — | 0 |
| CVE-2026-3759 A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads... | 7.3 | HIGH | — | 0 |
| CVE-2026-4536 A vulnerability was found in Acrel Environmental Monitoring Cloud Platform 1.1.0. This issue affects some unknown processing. Performing a manipulation results in unrestricted upload. The attack may b... | 7.3 | HIGH | — | 0 |
| CVE-2026-3760 A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme resu... | 7.3 | HIGH | — | 0 |
| CVE-2026-4540 A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation o... | 7.3 | HIGH | — | 0 |
| CVE-2026-3762 A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The ma... | 7.3 | HIGH | — | 0 |
| CVE-2026-4232 A vulnerability was determined in Tiandy Integrated Management Platform 7.17.0. Affected by this issue is some unknown functionality of the file /rest/user/getAuthorityByUserId. Executing a manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2026-4579 A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the arg... | 7.3 | HIGH | — | 0 |
| CVE-2026-3764 A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes im... | 7.3 | HIGH | — | 0 |
| CVE-2026-3765 A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql in... | 7.3 | HIGH | — | 0 |
| CVE-2026-4231 A vulnerability was found in vanna-ai vanna up to 2.0.2. Affected by this vulnerability is the function update_sql/run_sql of the file src/vanna/legacy/flask/__init__.py of the component Endpoint. Per... | 7.3 | HIGH | — | 0 |
| CVE-2026-4194 A vulnerability was detected in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4... | 7.3 | HIGH | — | 0 |
| CVE-2026-4594 A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.j... | 7.3 | HIGH | — | 0 |
| CVE-2026-1133 A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the ... | 7.3 | HIGH | — | 0 |
| CVE-2025-15503 A security flaw has been discovered in Sangfor Operation and Maintenance Management System up to 3.0.8. The impacted element is an unknown function of the file /fort/trust/version/common/common.jsp. P... | 7.3 | HIGH | — | 0 |
| CVE-2025-15502 A vulnerability was identified in Sangfor Operation and Maintenance Management System up to 3.0.8. The affected element is the function SessionController of the file /isomp-protocol/protocol/session. ... | 7.3 | HIGH | — | 0 |
| CVE-2025-55705 This vulnerability occurs when the system permits multiple simultaneous connections to the backend using the same charging station ID. This can result in unauthorized access, data inconsistency, or ... | 7.3 | HIGH | — | 0 |
| CVE-2024-11976 The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users to execute an action tha... | 7.3 | HIGH | — | 0 |
| CVE-2026-1159 A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This issue affects some unknown processing of the file /order_online.php. Executing a manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2026-1160 A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argume... | 7.3 | HIGH | — | 0 |
| CVE-2026-1176 A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results i... | 7.3 | HIGH | — | 0 |
| CVE-2026-1178 A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipul... | 7.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.