CVE-2026-22730
8.8HIGH
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability ...
3/18/2026
Base de Datos de Seguridad
BASE DE DATOS DE
VULNERABILIDADES
Base de datos completa de CVEs, exploits de Exploit-DB y el catálogo KEV de CISA. Actualizada diariamente con las últimas vulnerabilidades.
CVEs
3K+
Exploits
2K+
KEV
54
Diario
EN VIVO
Críticas y Explotadas
CRITICAL
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...
CRITICAL
CVE-2026-3826
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem...
CRITICAL
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa...
CRITICAL
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker...
CRITICAL
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the ...
CVEs Recientes
CVE-2026-22729
8.6HIGH
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-control...
3/18/2026
CVE-2026-22323
7.1HIGH
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur...
3/18/2026CWE-352
CVE-2026-22322
7.1HIGH
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript...
3/18/2026CWE-79
CVE-2026-22321
5.3MEDIUM
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thre...
3/18/2026CWE-121
CVE-2026-22320
6.5MEDIUM
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized...
3/18/2026CWE-121
Exploits Recientes
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
Catálogo CISA KEV
| ID CVE | Proveedor | Producto | Fecha añadida | Ransomware |
|---|---|---|---|---|
| CVE-2025-47813 | Wing FTP Server | Wing FTP Server | 2026-03-16 | - |
| CVE-2026-3909 | Skia | 2026-03-13 | - | |
| CVE-2026-3910 | Chromium V8 | 2026-03-13 | - | |
| CVE-2025-68613 | n8n | n8n | 2026-03-11 | - |
| CVE-2026-1603 | Ivanti | Endpoint Manager (EPM) | 2026-03-09 | - |
Fuentes de Datos
Esta base de datos se proporciona únicamente con fines educativos y de investigación de seguridad autorizada.