Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-7009
2026-06-12
HIGH
7.8
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This…
CVE-2025-7008
2026-06-12
HIGH
7.8
Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the…
CVE-2025-7006
2026-06-12
MEDIUM
5.5
Use of stack memory after free vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast…
CVE-2025-7005
2026-06-12
MEDIUM
5.5
Uncontrolled recursion vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton…
CVE-2025-7004
2026-06-12
HIGH
7.8
Heap buffer out-of-bounds write vulnerability in Avast Antivirus when scanning a malformed Windows PE file may allow Local Execution of Code or Denial-of-Service of the antivirus process. This…
CVE-2025-7003
2026-06-12
HIGH
7.8
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.…
CVE-2025-7002
2026-06-12
HIGH
7.8
Heap buffer out-of-bounds read vulnerability in Avira Antivirus engine when scanning a malformed PDF file may allow Local Execution of Code or Denial-of-Service of the antivirus engine process.…
CVE-2020-2521
2026-06-12
N/A
0.0
Rejected reason: This candidate was issued in error.
CVE-2026-54397
2026-06-12
N/A
0.0
A vulnerability in MISP’s non-REST event editing path allowed an authenticated user with event edit permissions to manipulate the submitted form data and set an event’s sharing_group_id to…
CVE-2026-54396
2026-06-12
N/A
0.0
An information disclosure vulnerability exists in the MISP AuthKey edit functionality. When a validation error occurs during an AuthKey edit request, the user dropdown was populated using the…
CVE-2026-54395
2026-06-12
N/A
0.0
MISP contains a reflected cross-site scripting vulnerability in the UiBeta event index view. The urlparams value is inserted into an inline JavaScript handler using HTML escaping inside a…
CVE-2026-54394
2026-06-12
N/A
0.0
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that…
CVE-2026-54393
2026-06-12
N/A
0.0
A stored cross-site scripting vulnerability exists in MISP when the Overmind theme is used. The setHomePage endpoint previously saved the user-controlled path value through setSettingInternal(), bypassing the normal…
CVE-2026-54362
2026-06-12
N/A
0.0
An incorrect visibility condition in the MISP event template builder allowed authenticated non-site-admin users to view galaxies that should not have been visible to their organisation. The custom…
CVE-2026-54057
2026-06-12
N/A
0.0
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.3, kitty's OSC 21 (color-control) query reply reflects attacker-controlled bytes, including newlines, into the shell's input without…
CVE-2026-54056
2026-06-12
HIGH
7.6
Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, `kitten dnd` can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable…
CVE-2026-53607
2026-06-12
LOW
3.7
ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO feature for serving…
CVE-2026-53606
2026-06-12
MEDIUM
5.4
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use `allowedSchemesAppliedToAttributes` (default:…
CVE-2026-4870
2026-06-12
HIGH
7.5
IBM Qiskit SDK 0.43.0 through 2.5.0 could allow an attacker to trigger a segmentation fault leading to a denial of service due to uncontrolled recursion in the parser.
CVE-2026-47264
2026-06-12
MEDIUM
5.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializer#tag_group_names returned every tag group a tag…
CVE-2026-47263
2026-06-12
MEDIUM
4.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the MessageBus.publish call for /web_hook_events/ in Jobs::RedeliverWebHookEvents…
CVE-2026-45775
2026-06-12
MEDIUM
6.8
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup…
CVE-2026-45085
2026-06-12
MEDIUM
5.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin…
CVE-2026-45014
2026-06-12
N/A
0.0
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version…
CVE-2026-45012
2026-06-12
HIGH
7.6
ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget import flow. An…
CVE-2026-45011
2026-06-12
HIGH
7.3
ApostropheCMS is an open-source Node.js content management system. Version 4.29.0 has a stored cross-site scripting vulnerability in the image widget functionality. A user with the Editor role can…
CVE-2026-44990
2026-06-12
CRITICAL
9.3
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Under the default configuration, versions of `sanitize-html` prior to…
CVE-2026-44786
2026-06-12
HIGH
7.5
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, chat events for public category channels are…
CVE-2026-44785
2026-06-12
MEDIUM
4.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, the AI "explain" helper only checks can_see?…
CVE-2026-44784
2026-06-12
MEDIUM
6.5
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins…
CVE-2026-44783
2026-06-12
MEDIUM
5.4
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a flaw in how replies to whisper…
CVE-2026-44782
2026-06-12
MEDIUM
4.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, GroupPostSerializer declared include_user_long_name? as the predicate for…
CVE-2026-44780
2026-06-12
MEDIUM
4.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload["raw_email"] for posts that…
CVE-2026-44779
2026-06-12
MEDIUM
4.3
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, bot debug endpoints disclose whisper translation audit…
CVE-2026-24618
2026-06-12
MEDIUM
4.3
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through…
CVE-2026-12130
2026-06-12
LOW
3.5
A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page.…
CVE-2026-12129
2026-06-12
LOW
3.5
A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface.…
CVE-2026-12018
2026-06-11
HIGH
8.8
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity:…
CVE-2026-54361
2026-06-12
N/A
0.0
MISP contained multiple mass assignment vulnerabilities in the handling of collections, tag collections, event delegations, and shadow attributes. Several controller actions accepted user-supplied fields that should have remained…
CVE-2026-54360
2026-06-12
N/A
0.0
A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving…
CVE-2026-54359
2026-06-12
N/A
0.0
MISP contains an insecure default configuration in which the Security.check_sec_fetch_site_header control is disabled. When this setting is disabled, state-changing requests such as POST, PUT, or AJAX requests are…
CVE-2026-54358
2026-06-12
N/A
0.0
An incorrect authorization vulnerability in MISP allows an organization administrator to target site administrator accounts belonging to the same organization through the administrative email functionality. The affected code…
CVE-2026-54357
2026-06-12
N/A
0.0
An improper authorization vulnerability in MISP allowed an authenticated organization administrator to access or modify user settings belonging to site administrator accounts within the same organization. The affected…
CVE-2026-54055
2026-06-12
MEDIUM
5.0
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.2, a local privilege escalation vulnerability exists in kitty's file transmission protocol where a child process running…
CVE-2026-50552
2026-06-12
MEDIUM
6.3
Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/stations).…
CVE-2026-50287
2026-06-12
N/A
0.0
AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that…
CVE-2026-43872
2026-06-12
N/A
0.0
Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue.
CVE-2026-42890
2026-06-12
N/A
0.0
Actual is an open-source personal finance application. In the macOS desktop application version 25.x (built on Electron 39.2.7), the ELECTRON_RUN_AS_NODE fuse is not disabled, allowing an attacker who…
CVE-2026-42851
2026-06-12
HIGH
7.8
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a…
CVE-2026-42850
2026-06-12
N/A
0.0
Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code…
« Anterior
Página 101 de 4526
Siguiente »
Page load link
Go to Top