Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. | 7.5 | HIGH | — | 0 |
| CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-He... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-66485 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks agai... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-66486 IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the ... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-66487 IBM Aspera Shares 1.9.9 through 1.11.0 does not properly rate limit the frequency that an authenticated user can send emails, which could result in email flooding or a denial of service. | 2.7 | LOW | — | 0 |
| CVE-2026-23077 In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulte... | 7.8 | HIGH | — | 0 |
| CVE-2026-23095 In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its i... | 7.5 | HIGH | — | 0 |
| CVE-2026-23098 In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 p... | 8.8 | HIGH | — | 0 |
| CVE-2026-23111 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted elemen... | 7.8 | HIGH | — | 0 |
| CVE-2026-23175 In the Linux kernel, the following vulnerability has been resolved: net: cpsw: Execute ndo_set_rx_mode callback in a work queue Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for IPV6_ADD_MEMBER... | 7.0 | HIGH | — | 0 |
| CVE-2026-23178 In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() `i2c_hid_xfer` is used to read `recv_len + sizeof(__le16)` byt... | 7.8 | HIGH | — | 0 |
| CVE-2026-23180 In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for if_id in IRQ handler The IRQ handler extracts if_id from the upper 16 bits of the hardware stat... | 7.0 | HIGH | — | 0 |
| CVE-2026-23185 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mlo_scan_start_wk mlo_scan_start_wk is not canceled on disconnection. In fact, it is not canceled anywh... | 7.8 | HIGH | — | 0 |
| CVE-2026-23191 In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the str... | 7.8 | HIGH | — | 0 |
| CVE-2024-40849 A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to break out of its sandbox. | 7.5 | HIGH | — | 0 |
| CVE-2024-40858 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.1. An app may be able to access Contacts without user consent. | 7.1 | HIGH | — | 0 |
| CVE-2026-34752 Haraka is a Node.js mail server. Prior to version 3.1.4, sending an email with __proto__: as a header name crashes the Haraka worker process. This issue has been patched in version 3.1.4. | 7.5 | HIGH | — | 0 |
| CVE-2026-20090 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with administrative privileges to conduct a stored XSS attack against a user of the int... | 4.8 | MEDIUM | — | 0 |
| CVE-2026-20093 A vulnerability in the change password functionality of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to bypass authentication and gain access to the sys... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-20094 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with read-only privileges to perform command injection attacks on an affected system an... | 8.8 | HIGH | — | 0 |
| CVE-2026-20095 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20096 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to perform command injection attacks on an affected system ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20097 A vulnerability in the web-based management interface of Cisco IMC could allow an authenticated, remote attacker with admin-level privileges to execute arbitrary code as the root user. This vulne... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20151 A vulnerability in the web interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to elevate privileges on an affected system. This vulnerabil... | 7.3 | HIGH | — | 0 |
| CVE-2026-5346 A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulati... | 7.3 | HIGH | — | 0 |
| CVE-2026-30332 A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a leg... | 7.5 | HIGH | — | 0 |
| CVE-2026-5350 A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack... | 8.8 | HIGH | — | 0 |
| CVE-2026-23418 In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to avoid a memory leak on the err... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23419 In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk_... | 7.5 | HIGH | — | 0 |
| CVE-2026-5467 A vulnerability was identified in Casdoor 2.356.0. Affected by this issue is some unknown functionality of the component OAuth Authorization Request Handler. Such manipulation of the argument redirect... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-34576 Postiz is an AI social media scheduling tool. Prior to version 2.21.3, the POST /public/v1/upload-from-url endpoint accepts a user-supplied URL and fetches it server-side using axios.get() with no SSR... | 7.7 | HIGH | — | 0 |
| CVE-2026-34523 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-34584 listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to acces... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-23360 In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous adm... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23402 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE Adjust KVM's sanity check against overwriting a shadow... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5327 A security flaw has been discovered in efforthye fast-filesystem-mcp up to 3.5.1. The affected element is the function handleGetDiskUsage of the file src/index.ts. Performing a manipulation results in... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-34890 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: fr... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23222 In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_... | 7.8 | HIGH | — | 0 |
| CVE-2026-23224 In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_fil... | 7.8 | HIGH | — | 0 |
| CVE-2026-23246 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (control... | 8.8 | HIGH | — | 0 |
| CVE-2026-7404 A weakness has been identified in getsimpletool mcpo-simple-server up to 0.2.0. Affected is the function delete_shared_prompt of the file src/mcpo_simple_server/services/prompt_manager/base_manager.py... | 7.3 | HIGH | — | 0 |
| CVE-2026-7407 A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /pizzafy/admin/ajax.php?action=save_... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-7408 A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Performing a manipulation re... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-5318 A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation o... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-5244 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mg_tls_recv_cert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pub... | 7.3 | HIGH | — | 0 |
| CVE-2026-5245 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handle_mdns_record of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the arg... | 5.6 | MEDIUM | — | 0 |
| CVE-2026-40199 Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6() includes the sentinel byte from _pack_ipv4() when building the packed ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-69993 Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing a... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-6729 HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by expl... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-0562 A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function i... | 8.3 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.