Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-22754 2026-04-22 HIGH 7.5 Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for computing a path matcher, then the servlet path is not included and the related…
CVE-2026-22753 2026-04-22 HIGH 7.5 Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security…
CVE-2026-22748 2026-04-22 MEDIUM 5.3 Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through…
CVE-2026-22747 2026-04-22 MEDIUM 6.8 Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate,…
CVE-2026-22746 2026-04-22 LOW 3.7 Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users…
CVE-2026-40451 2026-04-22 MEDIUM 6.1 DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject…
CVE-2026-6835 2026-04-22 MEDIUM 6.1 The a+HCM developed by aEnrich has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload arbitrary files to any path, including HTML documents, which may result…
CVE-2026-6834 2026-04-22 MEDIUM 6.5 The a+HRD developed by aEnrich has a Missing Authorization vulnerability, allowing authenticated remote attackers to arbitrarily read database contents through a specific API method.
CVE-2026-6833 2026-04-22 MEDIUM 6.5 The a+HRD developed by aEnrich has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-6416 2026-04-22 LOW 2.7 Tanium addressed an uncontrolled resource consumption vulnerability in Interact.
CVE-2026-6408 2026-04-22 LOW 2.7 Tanium addressed an information disclosure vulnerability in Tanium Server.
CVE-2026-6392 2026-04-22 LOW 2.7 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2026-6386 2026-04-22 N/A 0.0 In order to apply a particular protection key to an address range, the kernel must update the corresponding page table entries. The subroutine which handled this failed to…
CVE-2026-5398 2026-04-22 N/A 0.0 The implementation of TIOCNOTTY failed to clear a back-pointer from the structure representing the controlling terminal to the calling process' session. If the invoking process then exits, the…
CVE-2026-41458 2026-04-22 N/A 0.0 OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers to crash the server by exploiting unsynchronized access…
CVE-2026-41457 2026-04-22 N/A 0.0 OwnTone Server versions 28.4 through 29.0 contain a SQL injection vulnerability in DAAP query and filter handling that allows attackers to inject arbitrary SQL expressions by supplying malicious…
CVE-2026-41146 2026-04-22 N/A 0.0 facil.io is a C micro-framework for web applications. Prior to commit 5128747363055201d3ecf0e29bf0a961703c9fa0, `fio_json_parse` can enter an infinite loop when it encounters a nested JSON value starting with `i`…
CVE-2026-41145 2026-04-22 N/A 0.0 MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's `STREAMING-UNSIGNED-PAYLOAD-TRAILER` code path allows any user who knows…
CVE-2026-40344 2026-04-22 N/A 0.0 MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T03-20-12Z, an authentication bypass vulnerability in MinIO's Snowball auto-extract handler (`PutObjectExtractHandler`) allows any user who…
CVE-2026-6784 2026-04-21 HIGH 7.5 Memory safety bugs present in Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2026-6783 2026-04-21 MEDIUM 5.3 Incorrect boundary conditions, integer overflow in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6782 2026-04-21 HIGH 7.5 Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6781 2026-04-21 HIGH 7.5 Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6780 2026-04-21 HIGH 7.5 Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6779 2026-04-21 MEDIUM 5.3 Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6778 2026-04-21 MEDIUM 5.3 Invalid pointer in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6777 2026-04-21 MEDIUM 5.3 Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6776 2026-04-21 HIGH 7.8 Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6775 2026-04-21 MEDIUM 5.3 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6774 2026-04-21 MEDIUM 5.4 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6773 2026-04-21 HIGH 7.5 Denial-of-service due to integer overflow in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6772 2026-04-21 HIGH 7.5 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6771 2026-04-21 CRITICAL 9.8 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6770 2026-04-21 MEDIUM 6.5 Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6769 2026-04-21 HIGH 8.8 Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6768 2026-04-21 CRITICAL 9.8 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6767 2026-04-21 MEDIUM 5.3 Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6766 2026-04-21 HIGH 7.5 Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6765 2026-04-21 MEDIUM 5.3 Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6764 2026-04-21 MEDIUM 6.5 Incorrect boundary conditions in the DOM: Device Interfaces component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6763 2026-04-21 MEDIUM 6.5 Mitigation bypass in the File Handling component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6762 2026-04-21 N/A 0.0 Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6761 2026-04-21 HIGH 8.8 Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6760 2026-04-21 N/A 0.0 Mitigation bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6759 2026-04-21 HIGH 7.5 Use-after-free in the Widget: Cocoa component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6758 2026-04-21 HIGH 7.5 Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6757 2026-04-21 N/A 0.0 Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6755 2026-04-21 MEDIUM 6.5 Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150.
CVE-2026-6754 2026-04-21 HIGH 7.5 Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6753 2026-04-21 N/A 0.0 Incorrect boundary conditions in the WebRTC component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
Página 1 de 4194 Siguiente »