Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-4170 A weakness has been identified in Topsec TopACM 3.0. Affected by this vulnerability is an unknown functionality of the file /view/systemConfig/management/nmc_sync.php of the component HTTP Request Han... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4169 A security flaw has been discovered in Tecnick TCExam up to 16.6.0. Affected is the function F_xml_export_users of the file admin/code/tce_xml_users.php of the component XML Export. Performing a manip... | 2.4 | LOW | — | 0 |
| CVE-2026-4168 A vulnerability was identified in Tecnick TCExam 16.5.0. This impacts an unknown function of the file /admin/code/tce_edit_group.php of the component Group Handler. Such manipulation of the argument N... | 2.4 | LOW | — | 0 |
| CVE-2026-4167 A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overf... | 8.8 | HIGH | — | 0 |
| CVE-2026-4166 A vulnerability was found in Wavlink WL-NU516U1 240425. The impacted element is the function sub_404F68 of the file /cgi-bin/login.cgi. The manipulation of the argument homepage/hostname results in cr... | 3.5 | LOW | — | 0 |
| CVE-2026-4165 A vulnerability has been found in Worksuite HR, CRM and Project Management up to 5.5.25. The affected element is an unknown function of the file /account/orders/create. The manipulation of the argumen... | 2.4 | LOW | — | 0 |
| CVE-2026-4164 A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function Delete_Mac_list/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a mani... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4163 A vulnerability was detected in Wavlink WL-WN579A3 220323. This issue affects the function SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Performing a manip... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3839 Unraid Authentication Request Path Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Unraid. Authenticatio... | N/A | NONE | — | 0 |
| CVE-2026-3838 Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is re... | N/A | NONE | — | 0 |
| CVE-2026-3562 Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations o... | N/A | NONE | — | 0 |
| CVE-2026-3561 Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected ins... | N/A | NONE | — | 0 |
| CVE-2026-3560 Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on aff... | N/A | NONE | — | 0 |
| CVE-2026-3559 Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations ... | N/A | NONE | — | 0 |
| CVE-2026-3558 Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected inst... | N/A | NONE | — | 0 |
| CVE-2026-3557 Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary cod... | N/A | NONE | — | 0 |
| CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected install... | N/A | NONE | — | 0 |
| CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on... | N/A | NONE | — | 0 |
| CVE-2026-3476 A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a specially cra... | 7.8 | HIGH | — | 0 |
| CVE-2026-3442 A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3441 A flaw was found in GNU Binutils. This heap-based buffer overflow vulnerability, specifically an out-of-bounds read in the bfd linker, allows an attacker to gain access to sensitive information. By co... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3227 A command injection vulnerability was identified in TP-Link TL-WR802N v4, TL-WR841N v14, and TL-WR840N v6 due to improper neutralization of special elements used in an OS command. In the router confi... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-3111 Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful ... | N/A | NONE | — | 0 |
| CVE-2026-3110 Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/administracion/admin_usuarios.cgi?filtro_estado=T&wAccion=listado_xlsx&wBuscar=&wFiltrar=&wOrde... | N/A | NONE | — | 0 |
| CVE-2026-3086 GStreamer H.266 Codec Parser Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inter... | N/A | NONE | — | 0 |
| CVE-2026-3085 GStreamer rtpqdm2depay Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inte... | N/A | NONE | — | 0 |
| CVE-2026-3084 GStreamer H.266 Codec Parser Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interac... | N/A | NONE | — | 0 |
| CVE-2026-3083 GStreamer rtpqdm2depay Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction... | N/A | NONE | — | 0 |
| CVE-2026-3082 GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Inter... | N/A | NONE | — | 0 |
| CVE-2026-3081 GStreamer H.266 Codec Parser Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreame... | N/A | NONE | — | 0 |
| CVE-2026-3024 Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to c... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-3023 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user ... | 8.8 | HIGH | — | 0 |
| CVE-2026-3022 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability c... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3021 Non-relational SQL injection vulnerability (NoSQLi) in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/centro/equipo/empleado'. This vulnerability could allow an authenticate... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3020 Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email ... | N/A | NONE | — | 0 |
| CVE-2026-32778 libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition. | 2.9 | LOW | — | 0 |
| CVE-2026-32777 libexpat before 2.7.5 allows an infinite loop while parsing DTD content. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-32776 libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content. | 4.0 | MEDIUM | — | 0 |
| CVE-2026-32775 libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. | 7.4 | HIGH | — | 0 |
| CVE-2026-32774 Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through c... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-32772 telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR. | 3.4 | LOW | — | 0 |
| CVE-2026-32732 Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the packag... | N/A | NONE | — | 0 |
| CVE-2026-32729 Runtipi is a personal homeserver orchestrator. Prior to 4.8.1, The Runtipi /api/auth/verify-totp endpoint does not enforce any rate limiting, attempt counting, or account lockout mechanism. An attacke... | 8.1 | HIGH | — | 0 |
| CVE-2026-32724 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition between... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-32720 The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals (i.e. logs, metrics and distributed traces). Prior to 0.2.1, due to a mis-written NetworkPolicy... | N/A | NONE | — | 0 |
| CVE-2026-32719 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() funct... | 4.2 | MEDIUM | — | 0 |
| CVE-2026-32717 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended user... | 2.7 | LOW | — | 0 |
| CVE-2026-32715 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow ma... | 3.8 | LOW | — | 0 |
| CVE-2026-32713 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&& instead of ||), allowing ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-32709 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer to r... | 5.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.