Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-7707 A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the arg... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-7708 A vulnerability was determined in Open5GS up to 2.7.7. The affected element is the function ogs_dbi_subscription_data in the library /lib/dbi/subscription.c of the component UDR. This manipulation of ... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-7709 A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-6948 Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server v... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-7710 A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Performi... | 7.3 | HIGH | — | 0 |
| CVE-2026-7725 A vulnerability was found in PrefectHQ prefect up to 3.6.25.dev6. Affected by this issue is some unknown functionality of the file src/prefect/runner/storage.py of the component GitRepository Pull Han... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-29200 A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user ... | N/A | NONE | — | 0 |
| CVE-2026-43859 mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. | 3.7 | LOW | — | 0 |
| CVE-2026-43860 mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | 3.7 | LOW | — | 0 |
| CVE-2026-43861 mutt before 2.3.2 does not check for '\0' in url_pct_decode. | 3.7 | LOW | — | 0 |
| CVE-2026-43862 In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | 3.7 | LOW | — | 0 |
| CVE-2026-43863 mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | 3.7 | LOW | — | 0 |
| CVE-2026-43864 mutt before 2.3.2 has a show_sig_summary NULL pointer dereference. | 2.5 | LOW | — | 0 |
| CVE-2026-7736 A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer u... | 7.3 | HIGH | — | 0 |
| CVE-2026-7737 A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29199 phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is disabled, the servers hostname may be extracted from the HTTP Host h... | 8.1 | HIGH | — | 0 |
| CVE-2026-28402 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is e... | 7.1 | HIGH | — | 0 |
| CVE-2026-1874 Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electri... | 7.5 | HIGH | — | 0 |
| CVE-2026-5475 A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-5476 A vulnerability was identified in NASA cFS up to 7.0.0 on 32-bit. Affected is the function CFE_TBL_ValidateCodecLoadSize of the file cfe/modules/tbl/fsw/src/cfe_tbl_passthru_codec.c. The manipulation ... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-24231 NVIDIA NemoClaw contains a vulnerability in the validateEndpointUrl() SSRF protection component, where an attacker could cause a server-side request forgery by supplying a crafted endpoint URL referen... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7423 Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device crash) when outgoing pin... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-7425 Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device crash)... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-7426 Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by ... | 8.1 | HIGH | — | 0 |
| CVE-2025-14543 Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-34264 During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the ... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-22741 Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: * the app... | 3.1 | LOW | — | 0 |
| CVE-2026-22745 Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-23863 An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the ap... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-23866 Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigge... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-21996 An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab() | 3.3 | LOW | — | 0 |
| CVE-2026-7715 A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arango_backup of the file src/tools.ts of the component MCP Interface. Such manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7716 A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument da... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7717 A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Execut... | 8.8 | HIGH | — | 0 |
| CVE-2026-7727 A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function GetQueryMachineGridOnePageData of the file /Base/BaseService.asmx/D... | 7.3 | HIGH | — | 0 |
| CVE-2026-7728 A vulnerability was identified in ryanjoachim mcp-rtfm 0.1.0. This vulnerability affects the function get_doc_content/read_doc/update_doc of the component MCP Interface. Such manipulation of the argum... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7729 A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7730 A weakness has been identified in privsim mcp-test-runner 0.2.0. Impacted is the function child_process.spawn of the file src/index.ts of the component MCP Interface. Executing a manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7731 A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STA... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7744 A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injectio... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7746 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected is an unknown function of the file /product_expiry/edit-admin.php. Such manipulation of the ... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-7747 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Pe... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-33846 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and m... | 7.5 | HIGH | — | 0 |
| CVE-2026-7749 A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipu... | 8.8 | HIGH | — | 0 |
| CVE-2026-7750 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The m... | 8.8 | HIGH | — | 0 |
| CVE-2026-6500 Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. | N/A | NONE | — | 0 |
| CVE-2026-6501 Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | N/A | NONE | — | 0 |
| CVE-2026-36365 An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions... | N/A | NONE | — | 0 |
| CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE m... | N/A | NONE | — | 0 |
| CVE-2026-20073 A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traf... | 5.8 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.