Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-27260 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-27261 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-27262 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable f... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27263 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-27264 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-27265 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-27266 Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts int... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-21290 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-pr... | 8.7 | HIGH | — | 0 |
| CVE-2026-21311 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-p... | 8.0 | HIGH | — | 0 |
| CVE-2026-21359 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature b... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-21360 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-21361 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-... | 8.1 | HIGH | — | 0 |
| CVE-2026-23813 A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-23814 A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior. | 8.8 | HIGH | — | 0 |
| CVE-2026-23815 A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an a... | 7.2 | HIGH | — | 0 |
| CVE-2026-23816 A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | 7.2 | HIGH | — | 0 |
| CVE-2026-3884 Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker wou... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-31844 An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter us... | 8.8 | HIGH | — | 0 |
| CVE-2026-3824 IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website. | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3825 IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attac... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-3826 IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3903 The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce... | 4.3 | MEDIUM | — | 0 |
| CVE-2019-25478 GetGo Download Manager 6.2.2.3300 contains a buffer overflow vulnerability that allows remote attackers to cause denial of service by sending HTTP responses with excessively long headers. Attackers ca... | 7.5 | HIGH | — | 0 |
| CVE-2026-1965 libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent reques... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3783 When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a redirect to a second URL, curl could leak that token to the second hostname under some circumstances. If the ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3784 curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a server, even if the new request uses different credentials for the HTTP proxy. The proper behavior is to create or use a s... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-3805 When doing a second SMB request to the same host again, curl would wrongly use a data pointer pointing into already freed memory. | 7.5 | HIGH | — | 0 |
| CVE-2026-32063 OpenClaw version 2026.2.19-2 prior to 2026.2.21 contains a command injection vulnerability in systemd unit file generation where attacker-controlled environment values are not validated for CR/LF char... | 7.1 | HIGH | — | 0 |
| CVE-2026-3496 The JetBooking plugin for WordPress is vulnerable to SQL Injection via the 'check_in_date' parameter in all versions up to, and including, 4.0.3. This is due to insufficient escaping on the user suppl... | 7.5 | HIGH | — | 0 |
| CVE-2025-70027 An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4. This allows attackers to obtain sensitive information | 7.5 | HIGH | — | 0 |
| CVE-2025-70330 Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an a... | 3.3 | LOW | — | 0 |
| CVE-2026-30900 Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2025-13929 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a den... | 7.5 | HIGH | — | 0 |
| CVE-2025-14513 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a de... | 7.5 | HIGH | — | 0 |
| CVE-2026-0602 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose meta... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-1069 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted ... | 7.5 | HIGH | — | 0 |
| CVE-2026-1090 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markd... | 8.7 | HIGH | — | 0 |
| CVE-2026-20117 A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attack... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-28803 Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-29777 Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.10, A tenant with write access to an HTTPRoute resource can inject backtick-delimited rule tokens into Traefik's router rule language v... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30234 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, an authenticated project member with BCF import permissions can upload a crafted .bcf archive where the <Snapshot... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30741 A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31892 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 2.9.0 to before 4.0.2 and 3.7.11, A user who can submit Workflows can completely b... | 8.1 | HIGH | — | 0 |
| CVE-2026-30239 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved to a different bud... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-12555 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenti... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-67034 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injec... | 8.8 | HIGH | — | 0 |
| CVE-2025-67035 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The SSH Client and SSH Server pages are affected by multiple OS injection vulnerabilities due to missing sanitization of input parameters. An at... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-67036 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The Log Info page allows users to see log files by specifying their names. Due to a missing sanitization in the file name parameter, an authenti... | 8.8 | HIGH | — | 0 |
| CVE-2025-68623 In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privil... | 8.8 | HIGH | — | 0 |
| CVE-2025-70082 An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.