Búsqueda de CVEs
363.360 resultadosCVE-2026-45822MEDIUMdecode-uri-component through 0.4.1 is vulnerable to denial of service. The decode() function splits input on '%' producing N tokens and callEPSS 0.3%CVE-2026-12578HIGHDTMSoft - Deserialization of Untrusted Data VulnerabilityEPSS 0.4%CVE-2026-12240HIGHExport User Data <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion via display_name FieldEPSS 0.3%CVE-2026-14164HIGHLibarchive: double-free vulnerability in rar5 decompression logic via dangling filtered_buf pointer in init_unpack()EPSS 0.4%CVE-2026-12819CRITICALDVP-12SE Missing Authentication and Unauthorized Write access VulnerabilityEPSS 0.3%CVE-2026-12818CRITICALDVP-12SE Exposure of Sensitive Information VulnerabilityEPSS 0.3%CVE-2026-56137HIGHRPG MAKER MV and MZ provided by Gotcha Gotcha Games Inc. contain an OS command injection vulnerability. If a user loads a specially crafted EPSS 0.7%CVE-2026-56809MEDIUMMultiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vEPSS 0.2%CVE-2026-56808HIGHDGM3103SCT provided by AVTECH Security Corporation contains an OS command injection vulnerability, which may lead to arbitrary command execuEPSS 1.6%CVE-2026-9576MEDIUMFluent Booking < 2.1.2 - Calendar Manager+ Sensitive Information Disclosure via Attendee ExportEPSS 0.2%CVE-2026-11590HIGHWP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated SQL Injection via filter[elements] Array KeysEPSS 0.3%CVE-2026-11589HIGHWP Support Plus Responsive Ticket System <= 9.1.2 - Unauthenticated Stored XSS via File UploadEPSS 0.3%CVE-2026-11581MEDIUMKali Forms < 2.4.13 - Contributor+ Stored XSS via Form Field CaptionEPSS 0.1%CVE-2026-12073CRITICALProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email OverwriteEPSS 0.3%CVE-2026-11367MEDIUMPixMagix <= 1.7.2 - Authenticated (Author+) Path Traversal in 'layers[].id' ParameterEPSS 0.5%CVE-2026-12349MEDIUMPremium Addons for KingComposer <= 1.1.1 - Missing Authorization to Unauthenticated Arbitrary Custom Sidebar Creation and Deletion via 'add_custom_sidebar' and 'remove_custom_sidebar' AJAX actionsEPSS 0.2%CVE-2026-12560MEDIUMEditorial Rating <= 4.0.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Link URL' FieldEPSS 0.2%CVE-2026-8944MEDIUMPlugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' ParameterEPSS 0.1%CVE-2026-12114MEDIUMTeam Members <= 8.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'custom_css' ParameterEPSS 0.2%CVE-2026-14160MEDIUMTime-of-check time-of-use (TOCTOU) race condition vulnerability in Samsung Open Source Escargot allows Leveraging Race Conditions.
This issEPSS 0.1%