Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-28728 Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | — | 0 |
| CVE-2026-33271 Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | N/A | NONE | — | 0 |
| CVE-2026-31404 In the Linux kernel, the following vulnerability has been resolved: NFSD: Defer sub-object cleanup in export put callbacks svc_export_put() calls path_put() and auth_domain_put() immediately when th... | N/A | NONE | — | 0 |
| CVE-2026-34202 ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.0 and zebra-chain version 6.0.1, a vulnerability in Zebra's transaction processing logic allows a remote, unauthenticated at... | N/A | NONE | — | 0 |
| CVE-2026-31403 In the Linux kernel, the following vulnerability has been resolved: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd The /proc/fs/nfs/exports proc entry is created at module init... | N/A | NONE | — | 0 |
| CVE-2026-31402 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_R... | N/A | NONE | — | 0 |
| CVE-2026-31401 In the Linux kernel, the following vulnerability has been resolved: HID: bpf: prevent buffer overflow in hid_hw_request right now the returned value is considered to be always valid. However, when p... | N/A | NONE | — | 0 |
| CVE-2026-31400 In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_r... | N/A | NONE | — | 0 |
| CVE-2026-34455 Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort_by query param... | N/A | NONE | — | 0 |
| CVE-2026-5199 A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or ... | N/A | NONE | — | 0 |
| CVE-2026-31399 In the Linux kernel, the following vulnerability has been resolved: nvdimm/bus: Fix potential use after free in asynchronous initialization Dingisoul with KASAN reports a use after free if device_ad... | N/A | NONE | — | 0 |
| CVE-2026-31398 In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If ... | N/A | NONE | — | 0 |
| CVE-2026-27489 Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outsid... | N/A | NONE | — | 0 |
| CVE-2026-31397 In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd() move_pages_huge_pmd() handles UFFDIO_MOVE for both normal THPs and ... | N/A | NONE | — | 0 |
| CVE-2026-31396 In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use-after-free access to PTP clock PTP clock is registered on every opening of the interface and destroyed on every... | N/A | NONE | — | 0 |
| CVE-2026-31395 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler The ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER handler in bnxt_asy... | N/A | NONE | — | 0 |
| CVE-2026-31394 In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesses... | N/A | NONE | — | 0 |
| CVE-2026-31393 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access l2cap_information_rsp() checks that cmd_len covers the fixe... | N/A | NONE | — | 0 |
| CVE-2026-31392 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix krb5 mount with username option Customer reported that some of their krb5 mounts were failing against a single se... | N/A | NONE | — | 0 |
| CVE-2026-34743 XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resultin... | N/A | NONE | — | 0 |
| CVE-2026-31391 In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads. | N/A | NONE | — | 0 |
| CVE-2026-31390 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup l... | N/A | NONE | — | 0 |
| CVE-2026-31389 In the Linux kernel, the following vulnerability has been resolved: spi: fix use-after-free on controller registration failure Make sure to deregister from driver core also in the unlikely event tha... | N/A | NONE | — | 0 |
| CVE-2026-27124 FastMCP is the standard framework for building MCP applications. Prior to version 3.2.0, while testing the GitHubProvider OAuth integration, which allows authentication to a FastMCP MCP server via a F... | N/A | NONE | — | 0 |
| CVE-2026-5271 pymanager included the current working directory in sys.path meaning modules could be shadowed by modules in the current working directory. As a result, if a user executes a pymanager-generated comman... | N/A | NONE | — | 0 |
| CVE-2026-25118 immich is a high performance self-hosted photo and video management solution. Prior to version 2.6.0, the Immich application is vulnerable to credential disclosure when a user authenticates to a share... | N/A | NONE | — | 0 |
| CVE-2026-28810 Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, pro... | N/A | NONE | — | 0 |
| CVE-2026-33227 Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating a Stomp consumer and... | N/A | NONE | — | 0 |
| CVE-2026-34197 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ. Apache ActiveMQ Classic exposes the Jolokia JMX-HTTP bri... | N/A | NONE | — | 0 |
| CVE-2026-25044 Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is ... | N/A | NONE | — | 0 |
| CVE-2026-23475 In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered w... | N/A | NONE | — | 0 |
| CVE-2026-23474 In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIG_FORTIFY_SOURCE=y and a recent compiler, commit 439a1bcac648 (... | N/A | NONE | — | 0 |
| CVE-2026-34200 Nhost is an open source Firebase alternative with GraphQL. Prior to version 1.41.0, The Nhost CLI MCP server, when explicitly configured to listen on a network port, applies no inbound authentication ... | N/A | NONE | — | 0 |
| CVE-2026-0522 A local file inclusion vulnerability in the upload/download flow of the VertiGIS FM application allows authenticated attackers to read arbitrary files from the server by manipulating a file's path dur... | N/A | NONE | — | 0 |
| CVE-2026-24096 Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform un... | N/A | NONE | — | 0 |
| CVE-2026-23899 An improper access check allows unauthorized access to webservice endpoints. | N/A | NONE | — | 0 |
| CVE-2026-23898 Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | N/A | NONE | — | 0 |
| CVE-2026-21632 Lack of output escaping for article titles leads to XSS vectors in various locations. | N/A | NONE | — | 0 |
| CVE-2026-21631 Lack of output escaping leads to a XSS vector in the multilingual associations component. | N/A | NONE | — | 0 |
| CVE-2026-21630 Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | N/A | NONE | — | 0 |
| CVE-2026-23473 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: fix multishot recv missing EOF on wakeup race When a socket send and shutdown() happen back-to-back, both fire wake... | N/A | NONE | — | 0 |
| CVE-2026-34759 OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, multiple notification API endpoints are registered without authentication middleware, while sibling endpoin... | N/A | NONE | — | 0 |
| CVE-2026-23472 In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmit... | N/A | NONE | — | 0 |
| CVE-2026-23471 In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug When trying to do a rather aggressive test ... | N/A | NONE | — | 0 |
| CVE-2026-21629 The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | N/A | NONE | — | 0 |
| CVE-2026-23470 In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, ... | N/A | NONE | — | 0 |
| CVE-2026-34172 Giskard is an open-source Python library for testing and evaluating agentic systems. Prior to versions 0.3.4 and 1.0.2b1, ChatWorkflow.chat(message) passes its string argument directly as a Jinja2 tem... | N/A | NONE | — | 0 |
| CVE-2026-23409 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this... | N/A | NONE | — | 0 |
| CVE-2026-31405 In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tab... | N/A | NONE | — | 0 |
| CVE-2026-31406 In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.