Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-3242 In Concrete CMS below version 9.4.8, a rogue administrator can add stored XSS via the Switch Language block. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 4.8 with vect... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-2025 The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the bl... | 7.5 | HIGH | — | 0 |
| CVE-2026-28774 An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interfa... | 8.8 | HIGH | — | 0 |
| CVE-2026-28775 An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28776 International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, un... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28777 International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH acc... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28778 International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker c... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29119 International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can u... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29120 The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password ... | 7.8 | HIGH | — | 0 |
| CVE-2026-3094 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the curr... | 7.8 | HIGH | — | 0 |
| CVE-2026-3439 A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall. | 4.9 | MEDIUM | — | 0 |
| CVE-2026-21425 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could po... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-21426 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access ... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-22270 Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an uncontrolled search path element vulnerability. A high privileged attacker with local access could... | 6.7 | MEDIUM | — | 0 |
| CVE-2026-24732 Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing F... | N/A | NONE | — | 0 |
| CVE-2026-25907 Dell PowerScale OneFS, version 9.13.0.0, contains an overly restrictive account lockout mechanism vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerabi... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-22418 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Great Lotus great-lotus allows PHP Local File Inclusion.This issue... | 8.1 | HIGH | — | 0 |
| CVE-2026-23232 In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a.... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23233 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla [1] [1] https://bugzill... | 7.8 | HIGH | — | 0 |
| CVE-2026-23234 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free issue in f2fs_write_end_io(). It is caused by ... | 7.8 | HIGH | — | 0 |
| CVE-2026-23235 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access an... | 7.1 | HIGH | — | 0 |
| CVE-2025-59787 2N Access Commander application version 3.4.2 and prior returns HTTP 500 Internal Server Error responses when receiving malformed or manipulated requests, indicating improper handling of invalid input... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-30901 Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | 7.0 | HIGH | — | 0 |
| CVE-2025-62879 A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens (both accessKey and secretKey) into the rancher-backup-operator pod's logs. | 6.8 | MEDIUM | — | 0 |
| CVE-2026-22285 Dell Device Management Agent (DDMA), versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnera... | 4.4 | MEDIUM | — | 0 |
| CVE-2026-26478 A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code a... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-26514 An Argument Injection vulnerability exists in bird-lg-go before commit 6187a4e. The traceroute module uses shlex.Split to parse user input without validation, allowing remote attackers to inject arbit... | 7.5 | HIGH | — | 0 |
| CVE-2026-26673 An issue in DJI Mavic Mini, Spark, Mavic Air, Mini, Mini SE 0.1.00.0500 and below allows a remote attacker to cause a denial of service via the DJI Enhanced-WiFi transmission subsystem | 7.5 | HIGH | — | 0 |
| CVE-2025-15558 Docker CLI for Windows searches for plugin binaries in C:\ProgramData\Docker\cli-plugins, a directory that does not exist by default. A low-privileged attacker can create this directory and place mali... | 8.0 | HIGH | — | 0 |
| CVE-2026-23810 A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point (AP) to classify the frame as group-address... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23811 A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-23812 A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28695 Craft is a content management system (CMS). There is an authenticated admin RCE in Craft CMS 5.8.21 via Server-Side Template Injection using the create() Twig function combined with a Symfony Process ... | 7.2 | HIGH | — | 0 |
| CVE-2026-28696 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused b... | 7.5 | HIGH | — | 0 |
| CVE-2026-28697 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, an authenticated administrator can achieve Remote Code Execution (RCE) by injecting a Server-Side Template Injectio... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-28781 Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permi... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-28782 Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, the "Duplicate" entry action does not properly verify if the user has permission to perform this action on the spec... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-28783 Craft is a content management system (CMS). Prior to 5.9.0-beta.1 and 4.17.0-beta.1, Craft CMS implements a blocklist to prevent potentially dangerous PHP functions from being called via Twig non-Clos... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-28784 Craft is a content management system (CMS). Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in t... | 7.2 | HIGH | — | 0 |
| CVE-2026-30902 Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | 7.8 | HIGH | — | 0 |
| CVE-2019-25502 Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the job_type_value parameter in the jobs endpoint. Att... | 6.1 | MEDIUM | — | 0 |
| CVE-2019-25503 PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Atta... | 7.1 | HIGH | — | 0 |
| CVE-2019-25505 Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requ... | 7.1 | HIGH | — | 0 |
| CVE-2019-25506 FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the logi... | 8.2 | HIGH | — | 0 |
| CVE-2025-70218 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via POST to the goform/formAdvFirewall component. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70220 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAutoDetecWAN_wizard4. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20017 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-20018 A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote att... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-20031 A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20044 A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerab... | 6.0 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.