TROYANOSYVIRUS

Vulnerabilidades CVE

Base de dados CVE enriquecida com CISA KEV e NVD

Total: 16,928 CVEs
CVE IDCVSSSeveridadeKEVAvistamentos
CVE-2026-33286

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti'...

9.1CRITICAL0
CVE-2026-33283

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing malformed UL NAS Transport NAS messages without a Request Type. An attacker able to send crafted NAS...

6.5MEDIUM0
CVE-2026-33282

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing a malformed NGAP LocationReport message with `ue-presence-in-area-of-interest` event type and omitt...

7.5HIGH0
CVE-2026-33281

Ella Core is a 5G core designed for private networks. Versions prior to 1.6.0 panic when processing NGAP messages with invalid PDU Session IDs outside of 1-15. An attacker able to send crafted NGAP me...

6.5MEDIUM0
CVE-2026-33252

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` he...

7.1HIGH0
CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this...

7.5HIGH0
CVE-2026-33242

Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated ex...

7.5HIGH0
CVE-2026-33241

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading reque...

7.5HIGH0
CVE-2026-33211

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines ...

9.6CRITICAL0
CVE-2026-33202

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys dire...

9.1CRITICAL0
CVE-2026-33195

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#path_for` does not validate that the r...

9.8CRITICAL0
CVE-2026-33176

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept stri...

7.5HIGH0
CVE-2026-33174

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, the...

7.5HIGH0
CVE-2026-33173

Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the client...

5.3MEDIUM0
CVE-2026-33170

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@h...

6.1MEDIUM0
CVE-2026-33169

Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to ins...

5.3MEDIUM0
CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter...

7.5HIGH0
CVE-2026-4066

The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and includi...

4.3MEDIUM0
CVE-2026-3225

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of...

4.3MEDIUM0
CVE-2026-33168

Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as an HTML attribute name in ...

N/ANONE0
CVE-2026-33167

Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not properly escape exception messages. A ...

N/ANONE0
CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax...

8.8HIGH0
CVE-2026-2412

The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanit...

6.5MEDIUM0
CVE-2026-4681

A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This issue a...

N/ANONE0
CVE-2026-4612

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Ha...

7.3HIGH0
CVE-2026-4611

A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the a...

7.2HIGH0
CVE-2026-33634

Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags in `aquasecurity/trivy-action...

8.8HIGHKEV0
CVE-2026-32913

OpenClaw before 2026.3.7 contains an improper header validation vulnerability in fetchWithSsrFGuard that forwards custom authorization headers across cross-origin redirects. Attackers can trigger redi...

9.3CRITICAL0
CVE-2026-32912

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32911

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32910

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32909

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32908

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32907

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32904

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32903

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32902

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32901

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32900

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32300

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the M...

8.1HIGH0
CVE-2026-32299

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the p...

7.5HIGH0
CVE-2026-32279

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Server-Side Request Forgery (SSRF) iss...

6.8MEDIUM0
CVE-2026-32278

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, a Stored Cross-site Scripting (XSS) issu...

8.2HIGH0
CVE-2026-32277

Connect-CMS is a content management system. In versions 1.35.0 through 1.41.0 and 2.35.0 through 2.41.0, a DOM-based Cross-Site Scripting (XSS) issue exists in the Cabinet Plugin list view. Versions 1...

8.7HIGH0
CVE-2026-32276

Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an authenticated user may be able to exe...

8.8HIGH0
CVE-2026-32066

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32047

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-32012

Rejected reason: This CVE ID has been rejected.

N/ANONE0
CVE-2026-29111

systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse...

5.5MEDIUM0
CVE-2026-28483

Rejected reason: This CVE ID has been rejected.

N/ANONE0
Pagina 112 de 339

This product uses data from the NVD API but is not endorsed or certified by the NVD.