Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-20006 A vulnerability in the TLS cryptography functionality of the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause th... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20007 A vulnerability in the Snort 2 and Snort 3 deep packet inspection of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Snort rule... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20017 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-20018 A vulnerability in the sftunnel functionality of Cisco Secure Firewall Management Center (FMC) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote att... | 5.9 | MEDIUM | — | 0 |
| CVE-2026-20031 A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vu... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-20044 A vulnerability in the lockdown mechanism of Cisco Secure Firewall Management Center (FMC) Software could allow an authenticated, local attacker to perform arbitrary commands as root. This vulnerab... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-20064 A vulnerability in of Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, local attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) con... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-20052 A vulnerability in the memory management handling for the Snort 3 Detection Engine of Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the S... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20053 Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vulnerab... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20054 Multiple Cisco products are affected by a vulnerability in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. This vu... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20057 Multiple Cisco products are affected by a vulnerability in the Snort 3 Visual Basic for Applications (VBA) feature which could allow an unauthenticated, remote attacker to cause the Snort 3 Detection ... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20058 Multiple Cisco products are affected by vulnerabilities in the Snort 3 VBA feature that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to crash. These vulnera... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20062 A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in o... | 7.2 | HIGH | — | 0 |
| CVE-2026-20063 A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerabi... | 6.0 | MEDIUM | — | 0 |
| CVE-2026-20065 Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20066 Multiple Cisco products are affected by a vulnerability in the Snort 3 Detection Engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20067 Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20068 Multiple Cisco products are affected by a vulnerability in the Snort 3 detection engine that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to restart, resulting... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20069 A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthentic... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-20070 A vulnerability in the VPN web services component of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthentic... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-20073 A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to send traf... | 5.8 | MEDIUM | — | 0 |
| CVE-2026-20079 A vulnerability in the web interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an a... | 10.0 | CRITICAL | — | 0 |
| CVE-2026-20082 A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause incoming... | 8.6 | HIGH | — | 0 |
| CVE-2026-20100 A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could ... | 7.7 | HIGH | — | 0 |
| CVE-2026-22389 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Cocco cocco allows PHP Local File Inclusion.This issue affects Co... | 8.1 | HIGH | — | 0 |
| CVE-2026-0847 A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and Brack... | 7.5 | HIGH | — | 0 |
| CVE-2026-20149 A vulnerability in Cisco Webex could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this vulnerability, and no customer action is ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-26949 Dell Device Management Agent (DDMA), versions prior to 26.02, contain an Incorrect Authorization vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-70223 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formAdvNetwork. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-70226 Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formEasySetupWizard. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29084 Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the login flow accepts credential-bearing requests without CSRF protection mechani... | 4.6 | MEDIUM | — | 0 |
| CVE-2026-1128 The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack | 4.3 | MEDIUM | — | 0 |
| CVE-2026-2446 The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options (such as d... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28438 CocoIndex is a data transformation framework for AI. Prior to version 0.3.34, the Doris target connector didn't verify the configured table name before creating some SQL statements (ALTER TABLE). So, ... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28795 OpenChatBI is an intelligent chat-based BI tool powered by large language models, designed to help users query, analyze, and visualize data through natural language conversations. Prior to version 0.2... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28799 PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap use-after-free vulnerability exists in PJSIP's event subscription framework (evsub.c) that ... | 7.5 | HIGH | — | 0 |
| CVE-2026-28800 Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with ... | 6.4 | MEDIUM | — | 0 |
| CVE-2026-28801 Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, any ahk code contained inside of a pattern or path file is executed by the macro. Since users com... | 6.6 | MEDIUM | — | 0 |
| CVE-2026-28802 Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empt... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-28804 pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream ... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-29038 changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting (XSS) vulnerability identified in the /rss/tag/ endpoint of ... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29039 changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, the changedetection.io application allows users to specify XPath expressions as content filters via th... | 7.5 | HIGH | — | 0 |
| CVE-2026-29042 Nuclio is a "Serverless" framework for Real-Time Events and Data Processing. Prior to version 1.15.20, the Nuclio Shell Runtime component contains a command injection vulnerability in how it processes... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29048 HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encodin... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-29049 melange allows users to build apk packages using declarative pipelines. In version 0.40.5 and prior, melange update-cache downloads URIs from build configs via io.Copy without any size limit or HTTP c... | 4.3 | MEDIUM | — | 0 |
| CVE-2026-29058 AVideo is a video-sharing Platform software. Prior to version 7.0, an unauthenticated attacker can execute arbitrary OS commands on the server by injecting shell command substitution into the base64Ur... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-29065 changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, a Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path ... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-29068 PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, there is a stack buffer overflow vulnerability when pjmedia-codec parses an RTP payload contain mo... | 7.5 | HIGH | — | 0 |
| CVE-2026-29062 jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser... | 7.5 | HIGH | — | 0 |
| CVE-2026-29073 SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even rea... | 8.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.