Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-4174 A vulnerability has been found in Radare2 5.9.9. This issue affects the function walk_exports_trie of the file libr/bin/format/mach0/mach0.c of the component Mach-O File Parser. Such manipulation lead... | 3.3 | LOW | — | 0 |
| CVE-2026-3384 A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscript... | 3.3 | LOW | — | 0 |
| CVE-2026-3463 A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document ... | 3.3 | LOW | — | 0 |
| CVE-2025-15571 A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference.... | 3.3 | LOW | — | 0 |
| CVE-2026-2657 A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads to... | 3.3 | LOW | — | 0 |
| CVE-2026-3664 A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp... | 3.3 | LOW | — | 0 |
| CVE-2026-2858 A vulnerability was identified in wren-lang wren up to 0.4.0. This affects the function peekChar of the file src/vm/wren_compiler.c of the component Source File Parser. Such manipulation leads to out-... | 3.3 | LOW | — | 0 |
| CVE-2026-5037 A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr ca... | 3.3 | LOW | — | 0 |
| CVE-2025-43236 A type confusion issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An attacker may be able to cause unexpected ap... | 3.3 | LOW | — | 0 |
| CVE-2025-15572 A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried out locally. The exploit has be... | 3.3 | LOW | — | 0 |
| CVE-2026-2259 A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsi... | 3.3 | LOW | — | 0 |
| CVE-2026-20663 The issue was resolved by sanitizing logging. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to enumerate a user's installed apps. | 3.3 | LOW | — | 0 |
| CVE-2026-33529 Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. Prior to version 3.3.2, an authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated u... | 3.3 | LOW | — | 0 |
| CVE-2026-3949 A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing ... | 3.3 | LOW | — | 0 |
| CVE-2026-5452 A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig.java of the component campusconnect.ucc. This mani... | 3.3 | LOW | — | 0 |
| CVE-2026-3284 A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer... | 3.3 | LOW | — | 0 |
| CVE-2026-3293 A weakness has been identified in snowflakedb snowflake-jdbc up to 4.0.1. Impacted is the function SdkProxyRoutePlanner of the file src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanne... | 3.3 | LOW | — | 0 |
| CVE-2026-3950 A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to ou... | 3.3 | LOW | — | 0 |
| CVE-2026-3382 A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Perfor... | 3.3 | LOW | — | 0 |
| CVE-2026-3383 A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation c... | 3.3 | LOW | — | 0 |
| CVE-2026-20656 A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history. | 3.3 | LOW | — | 0 |
| CVE-2026-3385 A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking loca... | 3.3 | LOW | — | 0 |
| CVE-2026-28893 A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Tahoe 26.4. A document may be written to a temporary file when using print preview. | 3.3 | LOW | — | 0 |
| CVE-2026-2903 A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can... | 3.3 | LOW | — | 0 |
| CVE-2026-2271 A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP... | 3.3 | LOW | — | 0 |
| CVE-2026-2662 A weakness has been identified in FascinatedBox lily up to 2.3. This vulnerability affects the function count_transforms of the file src/lily_emitter.c. This manipulation causes out-of-bounds read. Th... | 3.3 | LOW | — | 0 |
| CVE-2026-2661 A security flaw has been discovered in Squirrel up to 3.2. This affects the function SQObjectPtr::operator in the library squirrel/sqobject.h. The manipulation results in heap-based buffer overflow. T... | 3.3 | LOW | — | 0 |
| CVE-2026-2660 A vulnerability was identified in FascinatedBox lily up to 2.3. Affected by this issue is the function shorthash_for_name of the file src/lily_symtab.c. The manipulation leads to use after free. Local... | 3.3 | LOW | — | 0 |
| CVE-2025-52642 HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure de... | 3.3 | LOW | — | 0 |
| CVE-2026-2659 A vulnerability was determined in Squirrel up to 3.2. Affected by this vulnerability is the function SQFuncState::PopTarget of the file src/squirrel/squirrel/sqfuncstate.cpp. Executing a manipulation ... | 3.3 | LOW | — | 0 |
| CVE-2026-20684 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.4. An app may bypass Gatekeeper checks. | 3.3 | LOW | — | 0 |
| CVE-2026-28264 Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentia... | 3.3 | LOW | — | 0 |
| CVE-2026-3388 A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolled... | 3.3 | LOW | — | 0 |
| CVE-2026-7038 A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently... | 3.3 | LOW | — | 0 |
| CVE-2026-35094 A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection clea... | 3.3 | LOW | — | 0 |
| CVE-2026-2703 A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLS... | 3.3 | LOW | — | 0 |
| CVE-2026-4519 The webbrowser.open() API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended t... | 3.3 | LOW | — | 0 |
| CVE-2026-2642 A security vulnerability has been detected in ggreer the_silver_searcher up to 2.2.0. The impacted element is the function search_stream of the file src/search.c. The manipulation leads to null pointe... | 3.3 | LOW | — | 0 |
| CVE-2026-2641 A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Exec... | 3.3 | LOW | — | 0 |
| CVE-2026-20992 Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. | 3.3 | LOW | — | 0 |
| CVE-2025-15320 Tanium addressed a denial of service vulnerability in Tanium Client. | 3.3 | LOW | — | 0 |
| CVE-2026-20681 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | 3.3 | LOW | — | 0 |
| CVE-2026-21249 External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally. | 3.3 | LOW | — | 0 |
| CVE-2026-20601 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.3. An app may be able to monitor keystrokes without user permission. | 3.3 | LOW | — | 0 |
| CVE-2026-20646 A logging issue was addressed with improved data redaction. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to read sensitive location information. | 3.3 | LOW | — | 0 |
| CVE-2026-21996 An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab() | 3.3 | LOW | — | 0 |
| CVE-2025-25058 Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an info... | 3.3 | LOW | — | 0 |
| CVE-2025-33030 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated us... | 3.3 | LOW | — | 0 |
| CVE-2026-2889 A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only ... | 3.3 | LOW | — | 0 |
| CVE-2026-5462 A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/BuildConfig.java of the component com.WahooFitness.... | 3.3 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.