Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-32730 ApostropheCMS is an open-source content management framework. Prior to version 4.28.0, the bearer token authentication middleware in `@apostrophecms/express/index.js` (lines 386-389) contains an incor... | 8.1 | HIGH | — | 0 |
| CVE-2026-28093 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Ozisti ozisti allows PHP Local File Inclusion.This issue affects Ozist... | 8.1 | HIGH | — | 0 |
| CVE-2025-55261 HCL Aftermarket DPC is affected by Missing Functional Level Access Control which will allow attacker to escalate his privileges and may compromise the application and may steal and manipulate the data... | 8.1 | HIGH | — | 0 |
| CVE-2026-28117 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes smart SEO smartSEO allows PHP Local File Inclusion.This issue affec... | 8.1 | HIGH | — | 0 |
| CVE-2026-28458 OpenClaw version 2026.1.20 prior to 2026.2.1 contains a vulnerability in the Browser Relay (extension must be installed and enabled) /cdp WebSocket endpoint in which it does not require authentication... | 8.1 | HIGH | — | 0 |
| CVE-2026-28118 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Welldone welldone allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | — | 0 |
| CVE-2026-29189 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Prior to versions 7.15.1 and 8.9.3, the SuiteCRM REST API V8 has missing ACL (Access Control L... | 8.1 | HIGH | — | 0 |
| CVE-2026-28120 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dr.Patterson dr-patterson allows PHP Local File Inclusion.This issue a... | 8.1 | HIGH | — | 0 |
| CVE-2026-25379 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in jwsthemes StreamVid streamvid allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | — | 0 |
| CVE-2026-28410 The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens... | 8.1 | HIGH | — | 0 |
| CVE-2026-25750 Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studi... | 8.1 | HIGH | — | 0 |
| CVE-2025-67298 An issue in ClasroomIO before v.0.2.6 allows a remote attacker to escalate privileges via the endpoints /api/verify and /rest/v1/profile | 8.1 | HIGH | — | 0 |
| CVE-2026-22478 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes FindAll findall allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | — | 0 |
| CVE-2026-3459 The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'dnd_upload_cf7_upload' function in... | 8.1 | HIGH | — | 0 |
| CVE-2026-28121 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Anderson andersonclinic allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2026-22503 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Nelson nelson allows PHP Local File Inclusion.This issue affects Nelso... | 8.1 | HIGH | — | 0 |
| CVE-2026-28123 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil:... | 8.1 | HIGH | — | 0 |
| CVE-2026-28128 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Verse verse allows PHP Local File Inclusion.This issue affects Verse: ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27326 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes AC Services | HVAC, Air Conditioning & Heating Company WordPress Th... | 8.1 | HIGH | — | 0 |
| CVE-2026-33055 tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE... | 8.1 | HIGH | — | 0 |
| CVE-2026-33037 WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files (docker-compose.yml, env.example) ship with the admin password set to "password", which i... | 8.1 | HIGH | — | 0 |
| CVE-2026-28129 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes Little Birdies little-birdies allows PHP Local File Inclusion.This ... | 8.1 | HIGH | — | 0 |
| CVE-2026-28133 Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | 8.1 | HIGH | — | 0 |
| CVE-2026-27048 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.This... | 8.1 | HIGH | — | 0 |
| CVE-2026-1321 The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` fun... | 8.1 | HIGH | — | 0 |
| CVE-2026-32034 OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allow... | 8.1 | HIGH | — | 0 |
| CVE-2026-29187 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search func... | 8.1 | HIGH | — | 0 |
| CVE-2026-3629 The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.29.7. This is due to the 'save_extra_user_profile_fields' f... | 8.1 | HIGH | — | 0 |
| CVE-2026-27047 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue ... | 8.1 | HIGH | — | 0 |
| CVE-2026-32116 Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file (wormhole receive) from a malicious party cou... | 8.1 | HIGH | — | 0 |
| CVE-2026-4718 Undefined behavior in the WebRTC: Signaling component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | 8.1 | HIGH | — | 0 |
| CVE-2026-27080 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Deston deston allows PHP Local File Inclusion.This issue affects ... | 8.1 | HIGH | — | 0 |
| CVE-2026-32260 Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.7.0 to 2.7.1, A command injection vulnerability exists in Deno's node:child_process polyfill (shell: true mode) that bypasses the fix... | 8.1 | HIGH | — | 0 |
| CVE-2026-23801 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes The Issue theissue allows PHP Local File Inclusion.This issue affect... | 8.1 | HIGH | — | 0 |
| CVE-2026-22324 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Melania allows PHP Local File Inclusion.This issue affects Melania: fr... | 8.1 | HIGH | — | 0 |
| CVE-2026-2626 The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin ... | 8.1 | HIGH | — | 0 |
| CVE-2026-32808 pyLoad is a free and open-source download manager written in Python. Versions before 0.5.0b3.dev97 are vulnerable to path traversal during password verification of certain encrypted 7z archives (encry... | 8.1 | HIGH | — | 0 |
| CVE-2026-26741 PX4 Autopilot versions 1.12.x through 1.15.x contain a logic flaw in the mode switching mechanism. When switching from Auto mode to Manual mode while the drone is in the "ARMED" state (after landing a... | 8.1 | HIGH | — | 0 |
| CVE-2026-27097 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes CasaMia | Property Rental Real Estate WordPress Theme casamia allo... | 8.1 | HIGH | — | 0 |
| CVE-2026-32300 Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the M... | 8.1 | HIGH | — | 0 |
| CVE-2026-27098 Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny... | 8.1 | HIGH | — | 0 |
| CVE-2026-33344 Dagu is a workflow engine with a built-in Web user interface. From version 2.0.0 to before version 2.3.1, the fix for CVE-2026-27598 added ValidateDAGName to CreateNewDAG and rewrote generateFilePath ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27369 Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | 8.1 | HIGH | — | 0 |
| CVE-2026-32500 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CreativeWS MetaMax metamax allows PHP Local File Inclusion.This issue affects M... | 8.1 | HIGH | — | 0 |
| CVE-2026-27992 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Meals & Wheels meals-wheels allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2026-30707 An issue was discovered in SpeedExam Online Examination System (SaaS) after v.FEV2026. It allows Broken Access Control via the ReviewAnswerDetails ASP.NET PageMethod. Authenticated attackers can bypas... | 8.1 | HIGH | — | 0 |
| CVE-2026-39307 PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting templ... | 8.1 | HIGH | — | 0 |
| CVE-2026-27993 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Aldo aldo allows PHP Local File Inclusion.This issue affects Aldo: fro... | 8.1 | HIGH | — | 0 |
| CVE-2026-27994 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Tediss tediss allows PHP Local File Inclusion.This issue affects Tedis... | 8.1 | HIGH | — | 0 |
| CVE-2026-27995 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Justitia justitia allows PHP Local File Inclusion.This issue affects J... | 8.1 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.