Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-2537 A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET§ion=ntp_timezone of the component HTTP POST Request Handler. S... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-6561 A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filena... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-6983 A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url l... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-6984 A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function create_template of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manip... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2082 A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injec... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3662 A vulnerability has been found in Wavlink WL-NU516U1 240425. This vulnerability affects the function usb_p910 of the file /cgi-bin/adm.cgi. Such manipulation of the argument Pr_mode leads to command i... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-27599 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3752 A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-34847 hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to co... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-32290 The GL-iNet Comet (GL-RM1) KVM before version 1.8.2 does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-40977 When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7282 A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function delete_expired of the file /ajax.php?action=delete_expired. The manipulation of the ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5417 A vulnerability was determined in Dataease SQLbot up to 1.6.0. This issue affects the function get_es_data_by_http of the file backend/apps/db/es_engine.py of the component Elasticsearch Handler. This... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5838 A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername cau... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-31572 In the Linux kernel, the following vulnerability has been resolved: i2c: designware: amdisp: Fix resume-probe race condition issue Identified resume-probe race condition in kernel v7.0 with the comm... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3040 A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. Th... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-67807 The login mechanism of Sage DPW 2025_06_004 displays distinct responses for valid and invalid usernames, allowing enumeration of existing accounts in versions before 2021_06_000. On-premise administra... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5839 A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescript... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2969 A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Templat... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-34857 UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5331 A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversa... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3956 A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wx_weima... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3957 A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/mo... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-1742 A vulnerability was identified in EFM ipTIME A8004T 14.18.2. Affected by this vulnerability is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi of the component VPN Service. Such ma... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-39424 MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administra... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2081 A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5721 The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.5.0.4. This is d... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-33682 Streamlit is a data oriented application development framework for python. Streamlit Open Source versions prior to 1.54.0 running on Windows hosts have an unauthenticated Server-Side Request Forgery (... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3751 A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2163 A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3704 A vulnerability has been found in Wavlink NU516U1 251208. This vulnerability affects the function sub_405B2C of the file /cgi-bin/firewall.cgi of the component Incomplete Fix CVE-2025-10959. The manip... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3487 A vulnerability was found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/class-result.php. Performing a manipulation of the argument cours... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2666 A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7028 A security flaw has been discovered in CodeAstro Online Job Portal 1.0. The affected element is an unknown function of the file /admin/jobs-admins/delete-jobs.php of the component All Jobs Page. Perfo... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5848 A vulnerability was found in jeecgboot JimuReport up to 2.3.0. The affected element is the function DriverManager.getConnection of the file /drag/onlDragDataSource/testConnection of the component Data... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7134 A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unres... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7133 A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrest... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2179 A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injec... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-34561 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to proper... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3486 A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll_no lead... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-25392 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs – Quick and Easy way to search old links and replace them with new links in WordPress update-urls allows P... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-3750 A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3Clien... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-36597 Dell Avamar, versions prior to 19.12 with patch 338905, contains an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Security. A high privileged atta... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-23126 In the Linux kernel, the following vulnerability has been resolved: netdevsim: fix a race issue related to the operation on bpf_bound_progs list The netdevsim driver lacks a protection mechanism for... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-24674 The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting (XSS) vulnerability allows remote attackers to ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-27492 Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset between sends when a s... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-28106 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing Premium allows Phishing.This issue affects B2BKing Premium: from n/a before 5.4.20. | 4.7 | MEDIUM | — | 0 |
| CVE-2025-0976 Information Exposure Vulnerability in Hitachi Ops Center API Configuration Manager, Hitachi Configuration Manager.This issue affects Hitachi Ops Center API Configuration Manager: from 10.0.0-00 before... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4238 A vulnerability has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/courses.php. The manipulation of the argument course_code le... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5404 K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | 4.7 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.