Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-23811 A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23812 A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28695 Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create() Twig function combined with a Symfony Process ... | 7.2 | HIGH | — | 0 |
| CVE-2026-28696 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused b... | 7.5 | HIGH | — | 0 |
| CVE-2026-28697 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injectio... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-29069 Craft is a content management system (CMS). Prior to 5.9.0-beta.2 and 4.17.0-beta.2, the actionSendActivationEmail() endpoint is accessible to unauthenticated users and does not require a permission c... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-3520 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability in Multer prior to version 2.1.1 allows an attacker to trigger a Denial of Service (DoS) by sending malformed request... | 7.5 | HIGH | — | 0 |
| CVE-2019-25498 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. Attackers c... | 8.2 | HIGH | — | 0 |
| CVE-2019-25499 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. Attackers can send PO... | 8.2 | HIGH | — | 0 |
| CVE-2019-25500 Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can sen... | 8.2 | HIGH | — | 0 |
| CVE-2019-25501 Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. Attackers can send POST req... | 8.2 | HIGH | — | 0 |
| CVE-2026-20001 A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inade... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20002 A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnera... | 8.1 | HIGH | — | 0 |
| CVE-2026-20003 A vulnerability in the REST API of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inade... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-20006 A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause th... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20007 A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rule... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20062 A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in o... | 7.2 | HIGH | — | 0 |
| CVE-2026-20063 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-20065 Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20066 Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20067 Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20068 Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20069 A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthentic... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-0847 A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and Brack... | 7.5 | HIGH | — | 0 |
| CVE-2026-20149 A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26949 Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-70223 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70226 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-3125 A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, resulting from a path normalization bypass in the /cdn-cgi/image/ handler.The @opennextjs/cloud... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-70219 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the goform/formDeviceReboot. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28434 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, when a request handler throws a C++ exception and the application has not registered a custom excepti... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-28435 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.35.0, cpp-httplib (httplib.h) does not enforce Server::set_payload_max_length() on the decompressed request... | 7.5 | HIGH | — | 0 |
| CVE-2026-3536 Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cr... | 8.8 | HIGH | — | 0 |
| CVE-2026-3537 Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security sever... | 8.8 | HIGH | — | 0 |
| CVE-2026-3538 Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cri... | 8.8 | HIGH | — | 0 |
| CVE-2026-3539 Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a craft... | 8.8 | HIGH | — | 0 |
| CVE-2026-3540 Inappropriate implementation in WebAudio in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity:... | 8.8 | HIGH | — | 0 |
| CVE-2026-3541 Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Hig... | 8.8 | HIGH | — | 0 |
| CVE-2025-70221 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70225 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curtime parameter to the goform/formEasySetupWWConfig component | 9.8 | CRITICAL | — | 0 |
| CVE-2025-68467 Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet f... | 3.4 | LOW | — | 0 |
| CVE-2025-70222 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formLogin,goform/getAuthCode. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-22040 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the sam... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-25750 Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm version 0.12.71, a URL parameter injection vulnerability existed in LangSmith Studi... | 8.1 | HIGH | — | 0 |
| CVE-2026-29045 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/a... | 7.5 | HIGH | — | 0 |
| CVE-2026-29085 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not vali... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-29086 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newlin... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-2297 The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.aud... | N/A | NONE | — | 0 |
| CVE-2026-22052 ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the conte... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2833 An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, c... | 9.1 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.