Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-6250
2026-06-11
N/A
0.0
An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input. Externally controlled data is interpreted as a…
CVE-2026-41005
2026-06-11
CRITICAL
9.0
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the…
CVE-2026-47209
2026-06-12
HIGH
8.6
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the…
CVE-2026-47137
2026-06-12
CRITICAL
10.0
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination…
CVE-2026-47135
2026-06-12
HIGH
8.7
vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the…
CVE-2026-53722
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or…
CVE-2026-53721
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity…
CVE-2026-49993
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete…
CVE-2026-46342
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6…
CVE-2026-45670
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix…
CVE-2026-45669
2026-06-12
N/A
0.0
Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML…
CVE-2026-1836
2026-06-12
N/A
0.0
The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to…
CVE-2026-11967
2026-06-12
N/A
0.0
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable.…
CVE-2026-11879
2026-06-12
N/A
0.0
MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be…
CVE-2026-11849
2026-06-12
CRITICAL
9.8
The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the…
CVE-2026-11848
2026-06-12
MEDIUM
5.3
The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.
CVE-2026-11847
2026-06-12
MEDIUM
4.3
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended…
CVE-2026-11846
2026-06-12
HIGH
8.1
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system…
CVE-2026-11845
2026-06-12
HIGH
7.2
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on…
CVE-2026-11844
2026-06-12
MEDIUM
4.9
The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.
CVE-2026-12060
2026-06-12
MEDIUM
6.5
Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening…
CVE-2026-12059
2026-06-12
HIGH
8.8
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system…
CVE-2026-53819
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted…
CVE-2026-53818
2026-06-11
MEDIUM
6.6
OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke…
CVE-2026-53817
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens.…
CVE-2026-53816
2026-06-11
HIGH
7.2
OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or…
CVE-2026-53815
2026-06-11
MEDIUM
6.5
OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them…
CVE-2026-53814
2026-06-11
HIGH
8.3
OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token…
CVE-2026-53813
2026-06-11
HIGH
7.8
OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load…
CVE-2026-53812
2026-06-11
HIGH
7.7
OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger…
CVE-2026-53811
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with…
CVE-2026-53810
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension…
CVE-2026-53809
2026-06-11
LOW
3.8
OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers…
CVE-2026-53808
2026-06-11
MEDIUM
6.5
OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration.…
CVE-2026-53807
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves…
CVE-2026-53806
2026-06-11
HIGH
8.8
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell…
CVE-2026-9269
2026-06-12
LOW
3.5
The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2026-47739
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been…
CVE-2026-44205
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts…
CVE-2026-41581
2026-06-12
N/A
0.0
Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions…
CVE-2026-49347
2026-06-12
N/A
0.0
Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release…
CVE-2026-48485
2026-06-12
N/A
0.0
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons…
CVE-2026-47195
2026-06-12
N/A
0.0
Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check…
CVE-2026-49482
2026-06-12
MEDIUM
4.3
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle…
CVE-2026-47238
2026-06-11
MEDIUM
6.5
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a…
CVE-2026-45060
2026-06-11
CRITICAL
9.8
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can…
CVE-2026-42846
2026-06-11
CRITICAL
9.8
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by…
CVE-2026-47244
2026-06-12
MEDIUM
5.3
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts…
CVE-2026-46340
2026-06-12
HIGH
7.5
Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the…
CVE-2026-45674
2026-06-12
HIGH
8.7
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of…
« Anterior
Página 104 de 4525
Siguiente »
Page load link
Go to Top