Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-23773 Dell Disk Library for Mainframe, version(s) DLm 8700/2700 contain(s) a Server-Side Request Forgery (SSRF) vulnerability. A low privileged attacker with remote access could potentially exploit this vul... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32386 Missing Authorization vulnerability in EnvoThemes Envo Extra envo-extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Envo Extra: from n/a through <= 1.9.1... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32394 Missing Authorization vulnerability in PublishPress PublishPress Capabilities capability-manager-enhanced allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pub... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32408 Missing Authorization vulnerability in themefusecom Brizy brizy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brizy: from n/a through <= 2.7.23. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32461 Missing Authorization vulnerability in Really Simple Plugins Really Simple SSL really-simple-ssl allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Really Simpl... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39469 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Softaculous PageLayer pagelayer allows Retrieve Embedded Sensitive Data.This issue affects PageLayer: from n... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39592 Missing Authorization vulnerability in Andy Ha DEPART depart-deposit-and-part-payment-for-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DEPART: from n/... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39627 Missing Authorization vulnerability in wproyal Ashe ashe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe: from n/a through <= 2.266. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-40728 Missing Authorization vulnerability in BlockArt Magazine Blocks magazine-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Magazine Blocks: from n/a thr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-20797 A stack based buffer overflow exists in an API route of XWEB Pro version 1.12.1 and prior, enabling unauthenticated attackers to cause stack corruption and a termination of the program. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5911 Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 4.3 | MEDIUM | — | 0 |
| CVE-2026-34082 Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0971 An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5448 X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. Thi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-42519 A missing permission check in Jenkins Script Security Plugin 1399.ve6a_66547f6e1 and earlier allows attackers with Overall/Read permission to enumerate pending and approved Script Security classpaths. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-59031 Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4002 The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function whi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-42420 OpenClaw before 2026.4.8 contains improper input validation in base64 decode paths that allocate memory before enforcing decoded-size limits. Attackers can exploit multiple code paths to cause memory ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-27857 Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer ti... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-7340 Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Me... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5314 A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation result... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4992 A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulatio... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-36758 A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5316 A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is po... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39985 LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, the redirect ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4118 The Call To Action Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.3. This is due to missing nonce validation in the cbox_options_page... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4563 A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-8288 A vulnerability was determined in Open5GS up to 2.7.7. This affects the function gsm_handle_pdu_session_modification_qos_flow_descriptions of the file src/smf/gsm-handler.c of the component SMF. Execu... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-8195 A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/Co... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2400 CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc req... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-8289 A vulnerability was identified in Open5GS up to 2.7.7. This vulnerability affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipul... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-8290 A security flaw has been discovered in Open5GS up to 2.7.7. This issue affects the function smf_nsmf_handle_update_data_in_vsmf of the file /src/smf/nsmf-handler.c of the component SMF. The manipulati... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-8291 A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-43882 WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and joi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-41126 BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handling... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-58922 Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada allows Cross Site Request Forgery.This issue affects Avada: from n/a before 7.13.2. | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3056 The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all ve... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3072 The Media Library Assistant plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mla_update_compat_fields_action() function in all versions ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1644 The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'update_action' fun... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1981 The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston_disconnect() ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1073 The Purchase Button For Affiliate Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing nonce validation on the sett... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1085 The True Ranker plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.9. This is due to missing nonce validation on the seolocalrank-signout action... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1086 The Font Pairing Preview For Landing Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing nonce validation on the se... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1087 The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functi... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3906 WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-3993 A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1378 The WP Posts Re-order plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `cpt_plugin_options()` ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1390 The Redirect countdown plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the `countdown_settings_co... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1392 The SR WP Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing nonce validation on the sr_minify_html_theme() ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1393 The Add Google Social Profiles to Knowledge Graph Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validatio... | 4.3 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.