Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-34450 The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-24511 Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privilege... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-29051 melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `mel... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3353 The Comment SPAM Wiper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' setting in all versions up to, and including, 1.2.1. This is due to insufficient input saniti... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-33395 Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability t... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-31996 OpenClaw versions prior to 2026.2.19 tools.exec.safeBins contains an input validation bypass vulnerability that allows attackers to execute unintended filesystem operations through sort output flags o... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20991 Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-32220 Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22210 wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through unescaped attachment URLs in HTML output by exploiting the WpdiscuzHelperUpl... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0815 The Category Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag-image' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2837 The Ricerca – advanced search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.1.12 due to insufficient input sanitizatio... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3574 The Experto Dashboard for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's settings fields (including 'Navigation Font Size', 'Navigation Font Weight', 'H... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3354 The Wikilookup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Popup Width' setting in all versions up to, and including, 1.1.5. This is due to insufficient input sanitizati... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-4161 The Review Map by RevuKangaroo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.7 due to insufficient input sanitizatio... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-5169 The Inquiry Form to Posts or Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Form Header' field in versions up to and including 1.0. This is due to insufficient input ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-28420 Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combin... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-36105 IBM Planning Analytics Advanced Certified Containers 3.1.0 through 3.1.4 could allow a local privileged user to obtain sensitive information from environment variables. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-26281 InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A stored cross-site scripting (XSS) vulnerability in the Sumex invoice view allows an authenticated ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2002 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions up to, and includi... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-6712 The Website LLMs.txt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.2.6 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2499 The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escapin... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2498 The WP Social Meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output es... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-62856 A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpecte... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-62855 A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpecte... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2489 The TP2WP Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Watched domains' textarea on the attachment importer settings page in all versions up to, and including, 1... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20603 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-0735 The User Language Switch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tab_color_picker_language_switch' parameter in all versions up to, and including, 1.6.10 due to insu... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20424 In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure if a malicious actor has already obtained the System privilege. User i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22285 Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnera... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2281 The Private Comment plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Label text' setting in all versions up to, and including, 0.0.4. This is due to insufficient input saniti... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-33600 An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-1304 The Membership Plugin – Restrict Content for WordPress is vulnerable to Stored Cross-Site Scripting via multiple invoice settings fields in all versions up to, and including, 3.2.18 due to insufficien... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20037 A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions ... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-30413 Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber P... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-28543 Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-22780 Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained seg... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20439 In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not ne... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-6041 The Buzz Comments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Custom Buzz Avatar' (buzz_comments_avatar_image) setting in all versions up to, and including, 0.9.4. This ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20442 In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not n... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-13333 IBM WebSphere Application Server 9.0, and 8.5 could provide weaker than expected security during system administration of security settings. | 4.4 | MEDIUM | — | 0 |
| CVE-2026-27485 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlink... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-40894 A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-6439 The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videozen... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-36187 IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileg... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-20609 The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS ... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-12451 The Easy SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file uploads in all versions up to, and including, 4.0 due to insufficient input sanitization and output ... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-40025 The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bou... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-4968 A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4510 A weakness has been identified in PbootCMS up to 3.2.12. This impacts the function alert_location of the file apps/home/controller/MemberController.php of the component Parameter Handler. This manipul... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1262 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability. | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.