Búsqueda de CVEs

363.341 resultados
CVE-2026-13331MEDIUMGroundhogg <= 4.5.5 - Authenticated (Marketer+) SQL Injection via 'search' ParameterEPSS 0.3%CVE-2023-37524HIGHHCL Traveler for Microsoft Outlook (HTMO) is susceptible to vulnerabilities due to .NET Framework 4.5 being out of serviceEPSS 0.1%CVE-2026-56414HIGHH.VIEW HV-500S6 IP Camera Unrestricted Upload of File with Dangerous TypeEPSS 0.4%CVE-2026-55975HIGHH.VIEW HV-500S6 IP Camera OS Command InjectionEPSS 0.7%CVE-2026-31928CRITICALDaktronics Controller Firmware Use of Hard-coded CredentialsEPSS 0.4%CVE-2026-33560HIGHDaktronics Controller Firmware Unrestricted Upload of File with Dangerous TypeEPSS 0.3%CVE-2026-28701CRITICALDaktronics Controller Firmware Path TraversalEPSS 0.8%CVE-2026-49869CRITICALKestra: Unauthenticated Remote Code Execution via Authentication Bypass in `AuthenticationFilter`EPSS 0.7%CVE-2026-45807HIGHKestra: Path traversal via URL-encoded "%2E%2E" in execution and namespace file endpoints allows arbitrary file readEPSS 0.4%CVE-2026-49984HIGHKestra: Path traversal in `LocalStorage` allows any authenticated user to read arbitrary server files via the execution file-download API (`\..\` bypasses the `..` guard)EPSS 0.4%CVE-2026-53576CRITICALKestra: Unauthenticated RCE via /configs path-suffix auth-filter bypassEPSS 0.5%CVE-2026-53577MEDIUMKestra: Cross-Execution File Read via Preview Endpoint (IDOR)EPSS 0.3%CVE-2026-55069HIGHKestra BasicAuth Password Stored as SHA-512 Enables Offline Brute-Force AttackEPSS 0.2%CVE-2026-54351HIGHBudibase: Mass Assignment in Webhook Trigger Allows Cross-Workspace Automation Execution via appId OverrideEPSS 0.5%CVE-2026-54353HIGHBudibase: Potential SSRF DNS rebinding bypass in outbound fetch validationEPSS 0.2%CVE-2026-54350CRITICALBudibase: Anonymous NoSQL operator injection via published-app query templatesEPSS 0.5%CVE-2026-50137HIGHBudibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentialsEPSS 0.4%CVE-2024-23581MEDIUMHCL Traveler for Microsoft Outlook (HTMO) is susceptible to an application modification vulnerabilityEPSS 0.1%CVE-2026-50136HIGHBudibase: Unauthenticated S3 signed upload URL generation allows arbitrary writes with stored datasource credentialsEPSS 0.3%CVE-2026-50132HIGHBudibase: Chat Identity Link Hijacking via Missing Consent & CSRF — Account Impersonation in BudibaseEPSS 0.2%