Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-1979 A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after fre... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6608 A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6607 A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consum... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-7536 A vulnerability was determined in Open5GS up to 2.7.7. This vulnerability affects the function bsf_sess_add_by_ip_address of the file /nbsf-management/v1/pcfBindings of the component BSF. Executing a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-23865 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tab... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-43506 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-43507 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthent... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-37504 Sensitive server_token exposed via GET parameter in V2Board thru 1.7.4. In app/Http/Controllers/Server/UniProxyController.php, the server authentication token is accepted via GET parameter transmissio... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25019 Missing Authorization vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Atarim: from n/a through... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25527 changedetection.io is a free open source web page change detection tool. In versions prior to 0.53.2, the `/static/<group>/<filename>` route accepts `group=".."`, which causes `send_from_directory("st... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33257 An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-40448 Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4016 A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39365 Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls r... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-69325 Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6498 The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-42427 OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS. A... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5797 The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-5234 The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::create... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20417 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User in... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0718 The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCou... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-0950 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugi... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3595 The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp-... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-13473 An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The `django.contrib.auth.handlers.modwsgi.check_password()` function for authentication via `mod_wsgi` allows rem... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24967 Missing Authorization vulnerability in ameliabooking Amelia ameliabooking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Amelia: from n/a through <= 1.2.38. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-24982 Missing Authorization vulnerability in Brainstorm Force Spectra ultimate-addons-for-gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6765 Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-26399 A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-40730 Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGril... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1782 The MetForm Pro plugin for WordPress is vulnerable to Improper Input Validation in all versions up to, and including, 3.9.7 This is due to the payment integrations (Stripe/PayPal) trusting a user-sub... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4812 The Advanced Custom Fields (ACF) plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Post/Page Disclosure in versions up to and including 6.7.0. This is due to AJAX field query en... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15482 The Chapa Payment Gateway Plugin for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.3 via 'chapa_proceed' WooCommerce API en... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-15508 The Magic Import Document Extractor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.4 via the get_frontend_settings() function. This make... | 5.3 | MEDIUM | — | 0 |
| CVE-2024-39724 IBM Db2 Big SQL on Cloud Pak for Data versions 7.6 (on CP4D 4.8), 7.7 (on CP4D 5.0), and 7.8 (on CP4D 5.1) do not properly limit the allocation of system resources. An authenticated user with internal... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32962 SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32957 SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without a... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-14079 The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability check... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-1271 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.7.2 via the 'pm_upload_image' a... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-10753 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due to missing capability checks and auth... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2054 A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in informa... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-31981 HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can s... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6783 Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6779 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6777 Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-6775 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25123 Homarr is an open-source dashboard. Prior to 1.52.0, a public (unauthenticated) tRPC endpoint widget.app.ping accepts an arbitrary url and performs a server-side request to that URL. This allows an un... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-34947 Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29644 XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal CS... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2207 A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39407 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path handling inconsistency in serveStatic allows protected static files to be accessed by usi... | 5.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.