Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-13482 2026-06-28 LOW 3.7 A vulnerability was detected in skypilot-org skypilot up to 0.12.0. Impacted is the function username.encode of the file sky/users/server.py of the component User ID Handler. The manipulation results…
CVE-2026-10646 2026-06-28 HIGH 7.4 Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an asynchronous DNS resolver query. The socket layer…
CVE-2026-10644 2026-06-28 MEDIUM 4.2 The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_enable() is invoked with a…
CVE-2026-10593 2026-06-28 MEDIUM 6.5 The Zephyr Bluetooth LE Audio Basic Audio Profile (BAP) unicast client mishandles peer-supplied ASE state notifications. In unicast_client_ep_qos_state() (subsys/bluetooth/audio/bap_unicast_client.c), the handler writes attacker-controlled QoS fields (interval, framing, phy,…
CVE-2026-58058 2026-06-28 MEDIUM 6.5 Nmap through 7.99 does not keep the IPv6 extension-header walk within the captured packet in ipv6_get_data_primitive (libnetutil/netutil.cc), so the pointer advances past the buffer and the remaining-length computation…
CVE-2026-58057 2026-06-28 MEDIUM 5.0 Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the…
CVE-2026-58056 2026-06-28 HIGH 7.6 RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding…
CVE-2026-58055 2026-06-28 MEDIUM 5.4 nghttp2's nghttpx proxy through 1.69.0 forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body onto reusable keep-alive backend connections, re-adding the Upgrade and Connection…
CVE-2026-58054 2026-06-28 HIGH 7.2 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group (gid…
CVE-2026-58053 2026-06-28 CRITICAL 9.9 Gitea act_runner with the Docker backend (through act 0.262.0) passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only…
CVE-2026-58052 2026-06-28 LOW 3.3 7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact…
CVE-2026-58051 2026-06-28 MEDIUM 6.5 libssh2 through 1.11.1 grows its publickey list with SSH2_REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves…
CVE-2026-58050 2026-06-28 HIGH 7.0 libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey-subsystem response and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking, so on 32-bit…
CVE-2026-58049 2026-06-28 HIGH 8.6 FFmpeg's RASC video decoder (decode_dlta in libavcodec/rasc.c) performs 32-bit reads and writes at the row cursor before the NEXT_LINE row-boundary check and validates the DLTA region in pixel…
CVE-2026-8095 2026-06-28 HIGH 8.1 The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive…
CVE-2026-10643 2026-06-28 HIGH 8.7 Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg_controllen < pktinfo_len) before writing a full control message consisting…
CVE-2026-49416 2026-06-27 N/A 0.0 The CONS_HISTORY ioctl handler did not adequately validate the requested history size. A large value caused an integer overflow in the buffer size calculation, resulting in a heap…
CVE-2026-49414 2026-06-27 N/A 0.0 The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a…
CVE-2026-49417 2026-06-27 N/A 0.0 Second, the audio buffer backing a mapping could be freed when the device was closed even though the mapping remained valid. The freed memory could then be reused…
CVE-2026-49413 2026-06-27 N/A 0.0 The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where…
CVE-2026-49412 2026-06-27 N/A 0.0 The kernel handler for IPV6_MSFILTER dropped a serializing lock in order to copy the source-filter list from userspace, then reacquired the lock. During this window another thread could…
CVE-2026-45259 2026-06-27 N/A 0.0 sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting…
CVE-2026-45258 2026-06-27 N/A 0.0 dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset…
CVE-2026-9242 2026-06-27 MEDIUM 5.3 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to Authentication Bypass via Insufficient Verification of Data Authenticity in all…
CVE-2026-9233 2026-06-27 MEDIUM 4.3 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 11.1.4.…
CVE-2026-3462 2026-06-27 MEDIUM 6.5 The Frisbii Pay plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the 'upload_csv' and 'process_batch' functions in all versions up…
CVE-2026-13295 2026-06-27 MEDIUM 6.4 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via panels_data Parameter in all versions up to, and including, 2.34.3 due to insufficient…
CVE-2026-12471 2026-06-27 MEDIUM 4.3 The Spexo theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the activate_plugin function in all versions up to, and including, 2.0.11.…
CVE-2026-12432 2026-06-27 MEDIUM 5.3 The WP Full Stripe Free plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 8.4.3 via the wpfs_update_failed_payment_status AJAX action. The handler is…
CVE-2026-12399 2026-06-27 MEDIUM 4.4 The Gutenverse – WordPress Blocks, Page Builder & Site Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and…
CVE-2026-11987 2026-06-27 MEDIUM 4.3 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions…
CVE-2026-11783 2026-06-27 MEDIUM 6.4 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Product SKU in…
CVE-2026-11773 2026-06-27 MEDIUM 4.3 The Masteriyo LMS – LMS Course Builder, Quizzes & Certificates plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.1. This is…
CVE-2026-11597 2026-06-27 MEDIUM 6.4 The Surbma | Infusionsoft Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'infusionsoft-form' shortcode in versions up to, and including, 2.0.1. This is due…
CVE-2026-11364 2026-06-27 MEDIUM 4.3 The Product Specifications for WooCommerce plugin for WordPress is vulnerable to unauthorized modification, creation, and deletion of data in versions up to and including 0.8.9. This is due…
CVE-2026-9677 2026-06-27 N/A 0.0 The Shariff for WordPress Shariff for WordPress plugin through 1.0.11 does not sanitize or escape the shariff_infourl setting before outputting it in the frontend HTML via the generateshariff()…
CVE-2026-13245 2026-06-27 MEDIUM 6.1 The MaxButtons – Create buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'view' parameter in all versions up to, and including, 9.8.5 due to…
CVE-2026-12404 2026-06-27 MEDIUM 5.3 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 9.2.2. This is due to…
CVE-2026-10820 2026-06-27 N/A 0.0 The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.16.17 does not verify that the user performing a subscription…
CVE-2026-9640 2026-06-26 HIGH 7.2 A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An…
CVE-2026-53914 2026-06-26 MEDIUM 6.7 In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata
CVE-2026-45257 2026-06-26 HIGH 7.8 The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for…
CVE-2026-13331 2026-06-27 MEDIUM 6.5 The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'search' parameter in all versions up to, and including,…
CVE-2026-12415 2026-06-27 CRITICAL 9.8 The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including,…
CVE-2026-57231 2026-06-26 HIGH 7.5 Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no…
CVE-2026-56773 2026-06-26 HIGH 8.8 Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify…
CVE-2026-53577 2026-06-26 MEDIUM 6.5 Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains an access control bypass that allows any authenticated user to…
CVE-2026-54352 2026-06-26 CRITICAL 9.6 Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with [email protected] into a temp directory, then for each…
CVE-2026-55838 2026-06-26 MEDIUM 4.3 RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless…
CVE-2026-55188 2026-06-26 HIGH 8.2 RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler…
Página 1 de 4502 Siguiente »