Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-6250 2026-06-11 N/A 0.0 An authenticated format string vulnerability exists in the ONVIF service of Tapo C110 v2 due to improper handling of user-controlled input.  Externally controlled data is interpreted as a…
CVE-2026-41005 2026-06-11 CRITICAL 9.0 Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider (confidentiality) as a substitute for XML signatures from the Identity Provider (authenticity) in two SAML flows: the…
CVE-2026-47209 2026-06-12 HIGH 8.6 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the BaseHandler.set trap in bridge.js (line 1231) ignores the receiver parameter and unconditionally writes to the…
CVE-2026-47137 2026-06-12 CRITICAL 10.0 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, the fix for GHSA-8hg8-63c5-gwmx (CVE-2023-37903) introduced a check in nodevm.js line 263 that blocks the combination…
CVE-2026-47135 2026-06-12 HIGH 8.7 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the…
CVE-2026-53722 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or…
CVE-2026-53721 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. From versions 3.11.0 to before 3.21.7 and 4.0.0 to before 4.4.7, there is a route-rule middleware bypass via case-sensitivity…
CVE-2026-49993 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder from versions 3.15.4 to before 3.21.7 and 4.0.0 to before 4.4.7, there is an incomplete…
CVE-2026-46342 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. In Nuxt versions 3.1.0 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6 and @nuxt/nitro-server versions 3.20.0 to before 3.21.6…
CVE-2026-45670 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. In @nuxt/rspack-builder and @nuxt/webpack-builder versions 3.15.4 to before 3.21.6, and 4.0.0-alpha.1 to before 4.4.6, there is an incomplete fix…
CVE-2026-45669 2026-06-12 N/A 0.0 Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6, navigateTo() with external: true generates a server-side HTML…
CVE-2026-1836 2026-06-12 N/A 0.0 The system stores the username and password from the login form after submitting the request. This could allow an attacker with access to the platform to return to…
CVE-2026-11967 2026-06-12 N/A 0.0 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading a malicious DLL located in the same directory as the portable executable.…
CVE-2026-11879 2026-06-12 N/A 0.0 MobaXterm Personal Edition (Portable), in its 26.3 version (Build 5154), allows arbitrary code execution by loading malicious DLLs from a temporary directory that is predictable and can be…
CVE-2026-11849 2026-06-12 CRITICAL 9.8 The  iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attackers to exploit hard-coded credentials to gain administrative privileges on the…
CVE-2026-11848 2026-06-12 MEDIUM 5.3 The iRM-IEI Remote Management developed by IEI Integration Corp has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain partial system configuration information.
CVE-2026-11847 2026-06-12 MEDIUM 4.3 The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended…
CVE-2026-11846 2026-06-12 HIGH 8.1 The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system…
CVE-2026-11845 2026-06-12 HIGH 7.2 The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on…
CVE-2026-11844 2026-06-12 MEDIUM 4.9 The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.
CVE-2026-12060 2026-06-12 MEDIUM 6.5 Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening…
CVE-2026-12059 2026-06-12 HIGH 8.8 The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system…
CVE-2026-53819 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted…
CVE-2026-53818 2026-06-11 MEDIUM 6.6 OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke…
CVE-2026-53817 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable admin-capable device tokens.…
CVE-2026-53816 2026-06-11 HIGH 7.2 OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. A malicious or…
CVE-2026-53815 2026-06-11 MEDIUM 6.5 OpenClaw before 2026.5.19 contains an authorization bypass vulnerability in message read actions that skips channel allowlist checks. Lower-trust callers can request messages from channels not intended for them…
CVE-2026-53814 2026-06-11 HIGH 8.3 OpenClaw before 2026.5.20 contains a privilege escalation vulnerability where hook-triggered agent runs incorrectly receive owner-scoped MCP loopback authority instead of hook-appropriate scope. Attackers with a valid hook token…
CVE-2026-53813 2026-06-11 HIGH 7.8 OpenClaw before 2026.4.25 contains a path traversal vulnerability in memory-core artifact loading where workspace state influences local package root resolution. Attackers with access to affected workspaces can load…
CVE-2026-53812 2026-06-11 HIGH 7.7 OpenClaw before 2026.5.18 contains a server-side request forgery vulnerability in browser control that allows authenticated users to bypass private-network navigation checks through Playwright act interactions. Attackers can trigger…
CVE-2026-53811 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.7 contains a privilege escalation vulnerability in the Matrix allowFrom feature that allows authenticated accounts to match policy entries through mutable display name metadata. Attackers with…
CVE-2026-53810 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension…
CVE-2026-53809 2026-06-11 LOW 3.8 OpenClaw before 2026.4.25 contains a policy bypass vulnerability in embedded runner policy that allows requests using provider aliases to compare against aliases instead of canonical provider identities. Attackers…
CVE-2026-53808 2026-06-11 MEDIUM 6.5 OpenClaw before 2026.5.6 contains an approval policy bypass vulnerability in the Skill Workshop apply flow that allows agent tool calls to set apply: true despite approvalPolicy: pending configuration.…
CVE-2026-53807 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.6 contains an authorization bypass vulnerability in Telegram interactive callbacks that allows authenticated users to skip commands.allowFrom validation. Attackers can invoke affected callbacks to mark themselves…
CVE-2026-53806 2026-06-11 HIGH 8.8 OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell…
CVE-2026-9269 2026-06-12 LOW 3.5 The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such…
CVE-2026-47739 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, stored XSS in Note was possible due to lack of sanitization. This issue has been…
CVE-2026-44205 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to version 15.106.0, a stored XSS vulnerability in the user profile image section allows an attacker to execute malicious scripts…
CVE-2026-41581 2026-06-12 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 15.106.0 and 16.16.0, there is a possible SQL Injection via get_blog_list. This issue has been patched in versions…
CVE-2026-49347 2026-06-12 N/A 0.0 Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release…
CVE-2026-48485 2026-06-12 N/A 0.0 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the latest release suppresses mentions when creating, unbanning, unwarning, kicking, muting, and unmuting, but stored warning reasons…
CVE-2026-47195 2026-06-12 N/A 0.0 Quest Bot is an opensource Discord Bot. Prior to version 1.1.6, the purge and slowmode commands check only guild-level permissions on the invoking member. They do not check…
CVE-2026-49482 2026-06-12 MEDIUM 4.3 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle…
CVE-2026-47238 2026-06-11 MEDIUM 6.5 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #133, a normal authenticated user can edit another user's video subtitles because of a…
CVE-2026-45060 2026-06-11 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can…
CVE-2026-42846 2026-06-11 CRITICAL 9.8 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by…
CVE-2026-47244 2026-06-12 MEDIUM 5.3 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAX_VALUE, and Http2Settings never inserts…
CVE-2026-46340 2026-06-12 HIGH 7.5 Netty is a network application framework for development of protocol servers and clients. In versions of netty-transport-sctp prior to 4.1.135.Final and 4.2.15.Final, for each non-complete SctpMessage fragment the…
CVE-2026-45674 2026-06-12 HIGH 8.7 Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, Netty's DnsResolveContext fails to validate the origin (bailiwick) of…
« Anterior Página 104 de 4525 Siguiente »