Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-45830 2026-06-12 N/A 0.0 A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in…
CVE-2026-40677 2026-06-12 N/A 0.0 The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
CVE-2026-8828 2026-06-12 N/A 0.0 A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in…
CVE-2026-44976 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in…
CVE-2026-50560 2026-06-12 N/A 0.0 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack…
CVE-2026-50011 2026-06-12 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the…
CVE-2026-50010 2026-06-12 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager…
CVE-2026-50009 2026-06-12 MEDIUM 4.8 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path…
CVE-2026-48748 2026-06-12 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the…
CVE-2026-48059 2026-06-12 N/A 0.0 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks…
CVE-2026-48043 2026-06-12 MEDIUM 5.3 Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by…
CVE-2026-48006 2026-06-12 N/A 0.0 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when…
CVE-2026-47691 2026-06-12 HIGH 8.7 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records,…
CVE-2026-5792 2026-06-12 MEDIUM 6.5 Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through…
CVE-2026-53568 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched…
CVE-2026-50026 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue…
CVE-2026-47182 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched…
CVE-2026-44975 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has…
CVE-2026-44208 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue…
CVE-2026-44207 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue…
CVE-2026-44206 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in…
CVE-2026-8694 2026-06-12 MEDIUM 5.3 Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.
CVE-2026-54133 2026-06-12 CRITICAL 9.8 jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to…
CVE-2026-9271 2026-06-12 MEDIUM 5.9 Vulnerability Title
CVE-2026-47208 2026-06-12 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape…
CVE-2026-47196 2026-06-12 N/A 0.0 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule…
CVE-2026-45418 2026-06-11 HIGH 8.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different…
CVE-2026-12066 2026-06-12 HIGH 7.3 A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation…
CVE-2026-12065 2026-06-12 LOW 1.8 A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The…
CVE-2026-48613 2026-06-12 MEDIUM 5.9 SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to…
CVE-2026-48612 2026-06-12 HIGH 8.0 Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account.…
CVE-2026-48611 2026-06-12 CRITICAL 9.8 Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
CVE-2026-48610 2026-06-12 HIGH 8.1 Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized…
CVE-2026-47370 2026-06-12 CRITICAL 9.9 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a…
CVE-2026-47369 2026-06-12 CRITICAL 9.9 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges…
CVE-2026-47368 2026-06-12 HIGH 8.6 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS…
CVE-2026-47367 2026-06-12 CRITICAL 9.9 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection…
CVE-2026-47365 2026-06-12 CRITICAL 9.9 Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands…
CVE-2026-53787 2026-06-12 CRITICAL 9.8 Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media…
CVE-2026-47366 2026-06-12 HIGH 7.2 Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account,…
CVE-2026-7368 2026-06-12 HIGH 8.1 The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard…
CVE-2026-10557 2026-06-12 CRITICAL 9.8 The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary…
CVE-2026-12058 2026-06-12 N/A 0.0 The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
CVE-2026-11535 2026-06-12 N/A 0.0 An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
CVE-2026-50245 2026-06-11 HIGH 7.7 Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
CVE-2026-50005 2026-06-11 HIGH 7.7 Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
CVE-2026-9266 2026-06-12 N/A 0.0 A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The…
CVE-2026-48914 2026-06-12 MEDIUM 6.7 A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious…
CVE-2026-20746 2026-06-12 N/A 0.0 Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes…
CVE-2026-11933 2026-06-12 HIGH 8.8 A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run…
« Anterior Página 103 de 4525 Siguiente »