Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-39572 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Retr... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-39585 Missing Authorization vulnerability in Arraytics Booktics booktics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booktics: from n/a through <= 1.0.16. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39689 Missing Authorization vulnerability in eshipper eShipper Commerce eshipper-commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eShipper Commerce: from n... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39694 Missing Authorization vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sim... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39698 Missing Authorization vulnerability in PublisherDesk The Publisher Desk ads.txt the-publisher-desk-ads-txt allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Th... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39701 Missing Authorization vulnerability in Andrew ShopWP wpshopify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopWP: from n/a through <= 5.2.4. | 5.3 | MEDIUM | — | 0 |
| CVE-2026-40764 Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Contact Form by WPForms wpforms-lite allows Cross Site Request Forgery.This issue affects Contact Form by WPForms: from n/a through <= 1.... | 8.1 | HIGH | — | 0 |
| CVE-2026-40784 Authorization Bypass Through User-Controlled Key vulnerability in Mahmudul Hasan Arif FluentBoards fluent-boards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affe... | 8.1 | HIGH | — | 0 |
| CVE-2026-33978 Notesnook is a note-taking app focused on user privacy & ease of use. Prior to version 3.3.17, a stored XSS vulnerability exists in the mobile share / web clip flow because attacker-controlled clip me... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-40045 OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft se... | 5.7 | MEDIUM | — | 0 |
| CVE-2026-31370 Honor E APP is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality. | 6.3 | MEDIUM | — | 0 |
| CVE-2026-6553 Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS... | N/A | NONE | — | 0 |
| CVE-2026-41038 This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vu... | N/A | NONE | — | 0 |
| CVE-2026-41039 This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit ... | N/A | NONE | — | 0 |
| CVE-2026-40604 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearanceki... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-40614 PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is a buffer overflow when decoding Opus audio frames due to insufficient buffer size validatio... | 8.8 | HIGH | — | 0 |
| CVE-2026-40247 free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId ... | 7.5 | HIGH | — | 0 |
| CVE-2026-32147 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP ssh (ssh_sftpd module) allows an authenticated SFTP user to modify file attributes outside th... | N/A | NONE | — | 0 |
| CVE-2026-28277 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In version 1.0.9 and prior, LangGraph checkpointers can load msg... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-0848 NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verific... | N/A | NONE | — | 0 |
| CVE-2026-28476 OpenClaw versions prior to 2026.2.14 contain a server-side request forgery vulnerability in the optional Tlon Urbit extension that accepts user-provided base URLs for authentication without proper val... | 8.3 | HIGH | — | 0 |
| CVE-2026-5376 An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expir... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-40023 Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specificat... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-33212 Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have... | 3.1 | LOW | — | 0 |
| CVE-2026-33220 Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been fi... | 6.8 | MEDIUM | — | 0 |
| CVE-2026-33435 Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain circ... | 8.0 | HIGH | — | 0 |
| CVE-2026-40525 OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration v... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-6774 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | 5.4 | MEDIUM | — | 0 |
| CVE-2026-31014 Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent pr... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-22163 Requires malware code to misuse the DDK kernel module IOCTL interface. Such code can use the interface in an unsupported way that allows subversion of the GPU to perform writes to arbitrary physical ... | 7.8 | HIGH | — | 0 |
| CVE-2026-24907 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-6249 Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshel... | 8.8 | HIGH | — | 0 |
| CVE-2026-6257 Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rena... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-6550 Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass ... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-32311 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to man... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-5928 Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version... | 7.5 | HIGH | — | 0 |
| CVE-2026-34082 Dify is an open-source LLM app development platform. Prior to 1.13.1, the method `DELETE /console/api/installed-apps/<appId>/conversations/<conversationId>` has poor authorization checking and allows ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-41298 OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HTTP modes. Read-scoped callers can terminate running subagent sessions by se... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-39886 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Versions 3.4.0 through 3.4.9 have a signed integer over... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-39973 Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafted... | 7.1 | HIGH | — | 0 |
| CVE-2026-39861 Claude Code is an agentic coding tool. Prior to version 2.1.64, Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claud... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-40264 OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their toke... | 2.7 | LOW | — | 0 |
| CVE-2026-40520 FreePBX api module version 17.0.8 and prior contain a command injection vulnerability in the initiateGqlAPIProcess() function where GraphQL mutation input fields are passed directly to shell_exec() wi... | 7.2 | HIGH | — | 0 |
| CVE-2025-10354 Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using... | N/A | NONE | — | 0 |
| CVE-2025-14362 The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH key... | 7.3 | HIGH | — | 0 |
| CVE-2025-31958 HCL BigFix Service Management is susceptible to HTTP Request Smuggling. HTTP request smuggling vulnerabilities arise when websites route HTTP requests through web servers with inconsistent HTTP parsi... | 3.7 | LOW | — | 0 |
| CVE-2026-0971 An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. | 4.3 | MEDIUM | — | 0 |
| CVE-2025-15638 Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 includes versions of Dropbear 2019.78 or earlier. These include versions o... | 10.0 | CRITICAL | — | 0 |
| CVE-2025-41011 HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a requ... | N/A | NONE | — | 0 |
| CVE-2025-41029 SQL injection vulnerability in Zeon Academy Pro by Zeon Global Tech. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the paramet... | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.