Busca de CVEs
359.920 resultadosCVE-2026-56815HIGHpwnlift before d7a9544, in a privileged deployment, contains a symlink following vulnerability in the upload handler in Components/Pages/HomEPSS —CVE-2026-35019CRITICALNetComm NF20MESH < R6B032 Hardcoded AES Key Authentication BypassEPSS —CVE-2026-35018HIGHNetComm NF20MESH < R6B032 Authenticated RCE via OS Command InjectionEPSS —CVE-2026-11772MEDIUMReflected XSS in DRIMO CMSEPSS —CVE-2026-12969MEDIUMDnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validationEPSS —CVE-2026-10609MEDIUMOpenshift/cluster-logging-operator: cluster logging operator creates and forwards serviceaccount tokens without verifying clf creator authorizationEPSS —CVE-2026-4610MEDIUMProfileGrid <= 5.9.9.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Message ContentEPSS —CVE-2026-54892HIGHPlug: quadratic-time decoding of nested query/body parameters enables denial of serviceEPSS —CVE-2026-10857MEDIUMReflected XSS in Akinsoft's e-CommerceEPSS —CVE-2026-56784HIGHOpenRemote Manager - Cross-Tenant IDOR in Bulk Alarm DeletionEPSS —CVE-2026-56762MEDIUMHono - Missing Cookie Name Validation in setCookie()EPSS —CVE-2026-56701HIGHGrav - XML External Entity Injection via SVG UploadEPSS —CVE-2026-56379NONEImageMagick - Command Injection via SVG DecoderEPSS —CVE-2026-56376MEDIUMImageMagick - Heap Use-After-Free in Meta CoderEPSS —CVE-2026-56371NONEImageMagick - Memory Leak in TXT File Processing via Texture AttributeEPSS —CVE-2026-56322HIGHCapgo - Information Disclosure via Unauthenticated /updates defaultChannel ParameterEPSS —CVE-2026-56315CRITICALpicklescan - Remote Code Execution via Unblocked Standard Library ModulesEPSS —CVE-2026-56301MEDIUMNuxt - Arbitrary File Read via World-Connectable vite-node IPC Socket on LinuxEPSS —CVE-2026-56275MEDIUMFlowise - Server-Side Request Forgery via Execute Flow Base URLEPSS —CVE-2026-56274HIGHFlowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccessEPSS —