Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-4250 A vulnerability was found in Albert Sağlık Hizmetleri ve Ticaret Albert Health up to 1.7.3 on Android. Affected is an unknown function of the file resources/assets/service-account.json of the componen... | 2.5 | LOW | — | 0 |
| CVE-2026-4284 A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-mod... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4285 A vulnerability was identified in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. Impacted is the function recognizeMarkdown of the file yudao-module-digitalcourse/yudao-module-... | 2.7 | LOW | — | 0 |
| CVE-2026-4288 A weakness has been identified in Tiandy Easy7 Integrated Management Platform 7.17.0. The impacted element is an unknown function of the file /rest/devStatus/getDevDetailedInfo of the component Endpoi... | 7.3 | HIGH | — | 0 |
| CVE-2026-4289 A security vulnerability has been detected in Tiandy Easy7 Integrated Management Platform up to 7.17.0. This affects an unknown function of the file /rest/preSetTemplate/getRecByTemplateId. The manipu... | 7.3 | HIGH | — | 0 |
| CVE-2026-4307 A security flaw has been discovered in frdel/agent0ai agent-zero 0.9.7-10. The impacted element is the function get_abs_path of the file python/helpers/files.py. The manipulation results in path trave... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4308 A weakness has been identified in frdel/agent0ai agent-zero 0.9.7. This affects the function handle_pdf_document of the file python/helpers/document_query.py. This manipulation causes server-side requ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4474 A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_single_student_update.php. This manipulation of the argument st_name causes c... | 2.4 | LOW | — | 0 |
| CVE-2026-4475 A vulnerability has been found in Yi Technology YI Home Camera 2 2.1.1_20171024151200. The affected element is an unknown function of the file home/web/ipc. Such manipulation leads to hard-coded crede... | 8.8 | HIGH | — | 0 |
| CVE-2026-4496 A vulnerability was found in sigmade Git-MCP-Server up to 785aa159f262a02d5791a5d8a8e13c507ac42880. Affected by this vulnerability is the function child_process.exec of the file src/gitUtils.ts of the... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-4497 A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. Affected by this issue is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi. This manipulation causes os command inj... | 7.3 | HIGH | — | 0 |
| CVE-2026-4499 A vulnerability was determined in D-Link DIR-820LW 2.03. Affected is the function ssdpcgi_main of the component SSDP. Executing a manipulation can lead to os command injection. The attack may be launc... | 7.3 | HIGH | — | 0 |
| CVE-2026-4543 A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation o... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-4544 A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects an unknown function of the file /cgi-bin/login.cgi of the component POST Request Handler. Executing a manipulation of the argu... | 2.4 | LOW | — | 0 |
| CVE-2026-4115 A vulnerability was detected in PuTTY 0.83. Affected is the function eddsa_verify of the file crypto/ecc-ssh.c of the component Ed25519 Signature Handler. The manipulation results in improper verifica... | 3.7 | LOW | — | 0 |
| CVE-2026-4550 A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-4563 A weakness has been identified in MacCMS up to 2025.1000.4052. This vulnerability affects the function order_info of the file application/index/controller/User.php of the component Member Order Detail... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-4564 A security vulnerability has been detected in yangzongzhuan RuoYi up to 4.8.2. This issue affects some unknown processing of the file /monitor/job/ of the component Quartz Job Handler. Such manipulati... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-2402 CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authenticati... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-2403 CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettin... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2404 CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-66335 Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intend... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33557 A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.D... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-33558 Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By defaul... | 5.3 | MEDIUM | — | 0 |
| CVE-2010-20124 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2011-10031 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2013-10041 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2013-10045 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2013-10056 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2014-125120 Rejected reason: This CVE has the been REJECTED and will not be published by the CNA. | N/A | NONE | — | 0 |
| CVE-2026-0539 Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This s... | N/A | NONE | — | 0 |
| CVE-2026-31434 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub_... | N/A | NONE | — | 0 |
| CVE-2026-31475 In the Linux kernel, the following vulnerability has been resolved: ASoC: sma1307: fix double free of devm_kzalloc() memory A previous change added NULL checks and cleanup for allocation failures in... | 7.8 | HIGH | — | 0 |
| CVE-2026-6048 The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2.... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-31530 In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use after free of parent_port in cxl_detach_ep() cxl_detach_ep() is called during bottom-up removal when all CXL mem... | 7.8 | HIGH | — | 0 |
| CVE-2026-6518 The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `cm... | 8.8 | HIGH | — | 0 |
| CVE-2026-2505 The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode rend... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-6563 A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to b... | 8.8 | HIGH | — | 0 |
| CVE-2026-6623 A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Per... | 2.4 | LOW | — | 0 |
| CVE-2026-6630 A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the... | 8.8 | HIGH | — | 0 |
| CVE-2026-6797 A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/commo... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-40944 Oxia is a metadata store and coordination system. Prior to 0.16.2, the trustedCertPool() function in the TLS configuration only parses the first PEM block from CA certificate files. When a CA bundle c... | N/A | NONE | — | 0 |
| CVE-2026-40945 Oxia is a metadata store and coordination system. Prior to 0.16.2, when OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in productio... | N/A | NONE | — | 0 |
| CVE-2026-40946 Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the st... | N/A | NONE | — | 0 |
| CVE-2026-6799 A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET§ion=ping_config of the component En... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-2714 The Institute Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Enquiry Form Title' setting in all versions up to, and including, 5.5. This is due to insufficient i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-2717 The HTTP Headers plugin for WordPress is vulnerable to CRLF Injection in all versions up to, and including, 1.19.2. This is due to insufficient sanitization of custom header name and value fields befo... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-2719 The Private WP suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Exceptions' setting in all versions up to, and including, 0.4.1. This is due to insufficient input sanit... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-3362 The Short Comment Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Minimum Count' settings field in all versions up to and including 2.2. This is due to insufficient i... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-4074 The Quran Live Multilanguage plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cheikh' and 'lang' shortcode attributes in all versions up to, and including, 1.0.3. This is due... | 6.4 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.