Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-45830
2026-06-12
N/A
0.0
A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in…
CVE-2026-40677
2026-06-12
N/A
0.0
The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.
CVE-2026-8828
2026-06-12
N/A
0.0
A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in…
CVE-2026-44976
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in…
CVE-2026-50560
2026-06-12
N/A
0.0
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty HTTP/2 max header size handling produces an attack…
CVE-2026-50011
2026-06-12
HIGH
7.5
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, RedisArrayAggregator pre-allocates ArrayList with initial capacity equal to the…
CVE-2026-50010
2026-06-12
HIGH
7.5
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, SimpleTrustManagerFactory.engineGetTrustManagers() and related paths wrap any user-supplied plain X509TrustManager…
CVE-2026-50009
2026-06-12
MEDIUM
4.8
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path…
CVE-2026-48748
2026-06-12
HIGH
7.5
Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, a memory exhaustion vulnerability in the Netty HTTP/3 codec allows the…
CVE-2026-48059
2026-06-12
N/A
0.0
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks…
CVE-2026-48043
2026-06-12
MEDIUM
5.3
Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the `DelegatingDecompressorFrameListener` class orchestrates HTTP/2 decompression by…
CVE-2026-48006
2026-06-12
N/A
0.0
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when…
CVE-2026-47691
2026-06-12
HIGH
8.7
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records,…
CVE-2026-5792
2026-06-12
MEDIUM
6.5
Authentication bypass by spoofing vulnerability in Hedef Media Promotion Interactive Media Marketing Inc. Related Marketing Cloud (RMC) allows Brute Force. This issue affects Related Marketing Cloud (RMC): through…
CVE-2026-53568
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched…
CVE-2026-50026
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue…
CVE-2026-47182
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to version 16.17.4, any authenticated user can access private files by guessing the file path. This issue has been patched…
CVE-2026-44975
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, any authenticated user can reset onboarding for all users in the system. This issue has…
CVE-2026-44208
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, lack of validations in the "submit_discussion()" endpoint allows for unauthorized access to resources. This issue…
CVE-2026-44207
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, an IDOR vulnerability allows authenticated users to access other users' email configuration details. This issue…
CVE-2026-44206
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in…
CVE-2026-8694
2026-06-12
MEDIUM
5.3
Improper access control in Devolutions PowerShell Universal 2026.1.7 and earlier allows an unauthenticated remote attacker to obtain the OpenAPI specification of user-defined REST endpoints.
CVE-2026-54133
2026-06-12
CRITICAL
9.8
jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP data structures. Versions prior to…
CVE-2026-9271
2026-06-12
MEDIUM
5.9
Vulnerability Title
CVE-2026-47208
2026-06-12
CRITICAL
10.0
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape…
CVE-2026-47196
2026-06-12
N/A
0.0
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the automod add command trims user input but does not reject an empty result. Adding a rule…
CVE-2026-45418
2026-06-11
HIGH
8.8
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #132, any authenticated user who can upload videos can add multiple subtitles from different…
CVE-2026-12066
2026-06-12
HIGH
7.3
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation…
CVE-2026-12065
2026-06-12
LOW
1.8
A vulnerability was identified in Groww Stock, Mutual Fund, Gold App up to 20260805 on Android. This affects an unknown part of the component WebView URL Handler. The…
CVE-2026-48613
2026-06-12
MEDIUM
5.9
SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to…
CVE-2026-48612
2026-06-12
HIGH
8.0
Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’s account to be linked to an attacker-controlled account.…
CVE-2026-48611
2026-06-12
CRITICAL
9.8
Improper authentication checks in the OAuth implementation allow account hijacking even when OAuth is not configured or enabled leading to unauthorized access in default installations.
CVE-2026-48610
2026-06-12
HIGH
8.1
Under certain network configurations, a malicious actor with access to network could exploit an Improper Access Control vulnerability found in certain devices running UniFi OS to make unauthorized…
CVE-2026-47370
2026-06-12
CRITICAL
9.9
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to execute a…
CVE-2026-47369
2026-06-12
CRITICAL
9.9
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain devices running UniFi OS to escalate privileges…
CVE-2026-47368
2026-06-12
HIGH
8.6
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in certain devices running UniFi OS to obtain data from such UniFi OS…
CVE-2026-47367
2026-06-12
CRITICAL
9.9
A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Enterprise Agent to execute a Command Injection…
CVE-2026-47365
2026-06-12
CRITICAL
9.9
Argument injection vulnerability in WordPress Toolkit before 6.11.0 as used in cPanel & WHM, allows remote authenticated users to bypass cross-tenant authorization and execute arbitrary wp-toolkit CLI commands…
CVE-2026-53787
2026-06-12
CRITICAL
9.8
Amasty Order Attributes for Magento 2 before version 4.0.0 contains an unauthenticated arbitrary file upload vulnerability that allows unauthenticated attackers to write arbitrary files to the store's media…
CVE-2026-47366
2026-06-12
HIGH
7.2
Improper verification of access permissions when modifying permissions through the Administration Control Panel (ACP) allowed an authenticated administrator to grant permissions beyond the level authorized for their account,…
CVE-2026-7368
2026-06-12
HIGH
8.1
The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard…
CVE-2026-10557
2026-06-12
CRITICAL
9.8
The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary…
CVE-2026-12058
2026-06-12
N/A
0.0
The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.
CVE-2026-11535
2026-06-12
N/A
0.0
An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.
CVE-2026-50245
2026-06-11
HIGH
7.7
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
CVE-2026-50005
2026-06-11
HIGH
7.7
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
CVE-2026-9266
2026-06-12
N/A
0.0
A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The…
CVE-2026-48914
2026-06-12
MEDIUM
6.7
A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious…
CVE-2026-20746
2026-06-12
N/A
0.0
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when recent login history is enabled and copying virtual attributes…
CVE-2026-11933
2026-06-12
HIGH
8.8
A use-after-free vulnerability exists in MongoDB Server's server-side JavaScript engine when converting BSON documents to JavaScript arrays. An authenticated user with read privileges who is able to run…
« Anterior
Página 103 de 4525
Siguiente »
Page load link
Go to Top