CVE-2026-7112
5.6MEDIUM
A vulnerability has been found in NousResearch hermes-agent 0.8.0. Affected by this vulnerability is the function _check_auth of the file gateway/platforms/api_server.py of the component API_SERVER_KE...
4/27/2026CWE-287
Banco de Dados de Segurança
BANCO DE DADOS DE
VULNERABILIDADES
Banco de dados completo de CVEs, exploits do Exploit-DB e catálogo KEV da CISA. Atualizado diariamente.
CVEs
6K+
Exploits
2K+
KEV
94
Diário
AO VIVO
Críticas e Exploradas
CRITICAL
CVE-2026-41409
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname...
CRITICAL
CVE-2026-41635
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes...
CRITICAL
CVE-2026-6951
Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due t...
CRITICAL
CVE-2026-1952
Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability....
CRITICAL
CVE-2026-1951
Delta Electronics AS320T has no checking of the length of the buffer with the directory name vulne...
CVEs Recentes
CVE-2026-7110
3.5LOW
A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cros...
4/27/2026CWE-79, CWE-94
CVE-2026-7109
5.3MEDIUM
A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in impr...
4/27/2026CWE-266, CWE-285
CVE-2026-41409
9.8CRITICAL
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in ...
4/27/2026CWE-502
CVE-2026-40858
NONE
The camel-infinispan component's ProtoStream-based remote aggregation repository deserializes data read from a remote Infinispan cache using java.io.ObjectInputStream without applying any ObjectInputF...
4/27/2026CWE-502
CVE-2026-40022
NONE
When authentication is enabled on the Apache Camel embedded HTTP server or embedded management server (camel-platform-http-main) and a non-root context path such as /api or /admin is configured via ca...
4/27/2026CWE-288
Exploits Recentes
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
Catálogo CISA KEV
| ID CVE | Fornecedor | Produto | Data adicionada | Ransomware |
|---|---|---|---|---|
| CVE-2024-57726 | SimpleHelp | SimpleHelp | 2026-04-24 | - |
| CVE-2024-57728 | SimpleHelp | SimpleHelp | 2026-04-24 | - |
| CVE-2024-7399 | Samsung | MagicINFO 9 Server | 2026-04-24 | - |
| CVE-2025-29635 | D-Link | DIR-823X | 2026-04-24 | - |
| CVE-2026-39987 | Marimo | Marimo | 2026-04-23 | - |
Fontes de Dados
Este banco de dados é fornecido apenas para fins educacionais e de pesquisa de segurança autorizada.