Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-2115 2026-02-07 HIGH 7.3 A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes…
CVE-2026-2114 2026-02-07 HIGH 7.3 A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql…
CVE-2026-25859 2026-02-07 N/A 0.0 Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.
CVE-2026-25858 2026-02-07 N/A 0.0 macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using…
CVE-2026-25857 2026-02-07 N/A 0.0 Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes…
CVE-2026-25568 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled,…
CVE-2026-25567 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing…
CVE-2026-25566 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and…
CVE-2026-25565 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow…
CVE-2026-25564 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId…
CVE-2026-25563 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId…
CVE-2026-25562 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible…
CVE-2026-25561 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId,…
CVE-2026-25560 2026-02-07 N/A 0.0 WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate…
CVE-2025-15564 2026-02-07 LOW 3.3 A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod::operator of the file src/value.cpp. The manipulation leads to divide by zero. The…
CVE-2026-2113 2026-02-07 HIGH 7.3 A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads…
CVE-2026-2111 2026-02-07 MEDIUM 4.3 A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module.…
CVE-2026-2110 2026-02-07 LOW 3.7 A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results…
CVE-2026-2109 2026-02-07 MEDIUM 5.4 A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation…
CVE-2026-2108 2026-02-07 MEDIUM 5.3 A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial…
CVE-2026-2107 2026-02-07 MEDIUM 6.3 A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoController.java of the component Log Info Handler. The manipulation results…
CVE-2026-2106 2026-02-07 MEDIUM 6.3 A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\NoticeController.java of the component Notice Management. The…
CVE-2026-2105 2026-02-07 MEDIUM 6.3 A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of the component Department Management. Executing…
CVE-2026-2090 2026-02-07 HIGH 7.3 A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term…
CVE-2026-2089 2026-02-07 HIGH 7.3 A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results…
CVE-2026-2088 2026-02-07 HIGH 7.3 A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads…
CVE-2026-2087 2026-02-07 HIGH 7.3 A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the…
CVE-2026-2086 2026-02-07 HIGH 8.8 A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface.…
CVE-2026-2085 2026-02-07 HIGH 7.2 A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of…
CVE-2026-2084 2026-02-07 HIGH 7.2 A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to…
CVE-2026-2083 2026-02-07 HIGH 7.3 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID…
CVE-2026-2082 2026-02-07 MEDIUM 4.7 A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os…
CVE-2026-2081 2026-02-07 MEDIUM 4.7 A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command…
CVE-2026-2080 2026-02-07 HIGH 7.2 A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to…
CVE-2026-2079 2026-02-07 MEDIUM 6.3 A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java of the component Menu Management. Executing a…
CVE-2026-1675 2026-02-07 MEDIUM 5.3 The Advanced Country Blocker plugin for WordPress is vulnerable to Authorization Bypass in all versions up to, and including, 2.3.1 due to the use of a predictable default…
CVE-2026-1643 2026-02-07 MEDIUM 6.1 The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This…
CVE-2026-1634 2026-02-07 MEDIUM 6.1 The Subitem AL Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2026-1613 2026-02-07 MEDIUM 6.4 The Wonka Slide plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `list_class` shortcode in all versions up to, and including, 1.3.3 due to insufficient…
CVE-2026-1611 2026-02-07 MEDIUM 6.4 The Wikiloops Track Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `wikiloops` shortcode in all versions up to, and including, 1.0.1 due to…
CVE-2026-1608 2026-02-07 MEDIUM 6.4 The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `youtube` shortcode in all versions up to, and including, 0.4.7 due to insufficient…
CVE-2026-1573 2026-02-07 MEDIUM 6.4 The OMIGO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `omigo_donate_button` shortcode in all versions up to, and including, 3.3 due to insufficient input…
CVE-2026-1570 2026-02-07 MEDIUM 6.4 The Simple Bible Verse via Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `verse` shortcode in all versions up to, and including, 1.1…
CVE-2026-1082 2026-02-07 MEDIUM 4.3 The TITLE ANIMATOR plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on…
CVE-2026-0555 2026-02-07 MEDIUM 6.4 The Premmerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premmerce_wizard_actions' AJAX endpoint in all versions up to, and including, 1.3.20. This is due to…
CVE-2025-15477 2026-02-07 MEDIUM 6.5 The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode `category` and `id` attributes in all versions up to, and including, 0.1.5 due to…
CVE-2025-15476 2026-02-07 MEDIUM 4.3 The The Bucketlister plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bucketlister_do_admin_ajax() function in all versions up to,…
CVE-2026-2078 2026-02-07 MEDIUM 6.3 A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission Management. Performing a manipulation results…
CVE-2026-2077 2026-02-07 MEDIUM 6.3 A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the component Role…
CVE-2026-2076 2026-02-07 MEDIUM 6.3 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component User Management…
Página 1 de 3910 Siguiente »