Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-27815 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking.…
CVE-2026-27814 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during…
CVE-2026-27813 2026-03-26 MEDIUM 5.3 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events…
CVE-2026-26074 2026-03-26 HIGH 7.0 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with…
CVE-2026-26073 2026-03-26 MEDIUM 5.9 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and…
CVE-2026-33246 2026-03-25 MEDIUM 6.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is…
CVE-2026-33219 2026-03-25 MEDIUM 5.3 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the…
CVE-2026-33218 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode…
CVE-2026-33217 2026-03-25 HIGH 7.1 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs…
CVE-2026-33216 2026-03-25 HIGH 8.6 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are…
CVE-2026-29785 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled…
CVE-2026-27889 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity…
CVE-2025-15101 2026-03-26 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with…
CVE-2026-27602 2026-03-25 HIGH 7.2 Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell…
CVE-2026-33931 2026-03-26 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the…
CVE-2026-33934 2026-03-26 MEDIUM 4.3 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows…
CVE-2026-33932 2026-03-26 HIGH 7.6 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document…
CVE-2026-33918 2026-03-26 HIGH 7.6 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the…
CVE-2026-33917 2026-03-26 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS…
CVE-2026-33915 2026-03-26 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the…
CVE-2026-33913 2026-03-25 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module…
CVE-2026-33912 2026-03-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that,…
CVE-2026-33911 2026-03-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a…
CVE-2026-33248 2026-03-25 MEDIUM 4.2 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map`…
CVE-2026-33249 2026-03-25 MEDIUM 4.3 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client…
CVE-2026-29187 2026-03-25 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient…
CVE-2026-33910 2026-03-25 HIGH 7.2 OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the…
CVE-2026-33933 2026-03-26 MEDIUM 6.1 OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting…
CVE-2026-34051 2026-03-26 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality,…
CVE-2026-34053 2026-03-26 HIGH 7.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows…
CVE-2026-34055 2026-03-26 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates…
CVE-2026-29976 2026-03-26 MEDIUM 6.2 Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function
CVE-2026-22790 2026-03-26 HIGH 8.8 EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads…
CVE-2026-34056 2026-03-26 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3…
CVE-2026-4897 2026-03-26 MEDIUM 5.5 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input…
CVE-2026-4247 2026-03-26 HIGH 7.5 When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should…
CVE-2026-33397 2026-03-26 N/A 0.0 The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x…
CVE-2026-33287 2026-03-26 HIGH 7.5 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&`…
CVE-2026-29933 2026-03-26 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying…
CVE-2026-28298 2026-03-26 MEDIUM 5.9 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-28297 2026-03-26 MEDIUM 6.1 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-27664 2026-03-26 HIGH 7.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability…
CVE-2026-27663 2026-03-26 MEDIUM 6.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote…
CVE-2026-26072 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is EV SoC…
CVE-2026-26071 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID…
CVE-2026-26070 2026-03-26 MEDIUM 4.6 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is an EV…
CVE-2026-26008 2026-03-26 HIGH 7.5 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS…
CVE-2026-23995 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN…
CVE-2026-24068 2026-03-26 HIGH 8.8 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should…
CVE-2026-22593 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length…
« Anterior Página 10 de 4099 Siguiente »