Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-50806 2026-01-13 HIGH 8.8 4images 1.9 contains a remote command execution vulnerability that allows authenticated administrators to inject reverse shell code through template editing functionality. Attackers can save malicious code in the…
CVE-2022-50805 2026-01-13 HIGH 8.2 Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by…
CVE-2022-50693 2026-01-13 HIGH 8.4 Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2021-47750 2026-01-13 MEDIUM 6.1 YouPHPTube
CVE-2026-20805 2026-01-13 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.
CVE-2026-22755 2026-01-13 N/A 0.0 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Vivotek Affected device model numbers are FD8365, FD8365v2, FD9165, FD9171, FD9187, FD9189, FD9365, FD9371, FD9381,…
CVE-2026-0890 2026-01-13 MEDIUM 6.5 Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
CVE-2026-0889 2026-01-13 HIGH 7.5 Denial-of-service in the DOM: Service Workers component. This vulnerability affects Firefox < 147.
CVE-2026-0888 2026-01-13 MEDIUM 5.3 Information disclosure in the XML component. This vulnerability affects Firefox < 147.
CVE-2026-0887 2026-01-13 MEDIUM 5.3 Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
CVE-2026-0886 2026-01-13 MEDIUM 5.3 Incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
CVE-2026-0885 2026-01-13 MEDIUM 6.5 Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
CVE-2026-22799 2026-01-12 N/A 0.0 Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper…
CVE-2026-22794 2026-01-12 CRITICAL 9.6 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.93, the server uses the Origin value from the request headers as the email…
CVE-2026-22789 2026-01-12 MEDIUM 5.4 WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows…
CVE-2026-22788 2026-01-12 HIGH 8.2 WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated…
CVE-2025-64155 2026-01-13 CRITICAL 9.8 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4, FortiSIEM 7.1.0 through 7.1.8, FortiSIEM…
CVE-2026-22813 2026-01-12 N/A 0.0 OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM. There is no sanitization with DOMPurify…
CVE-2026-22812 2026-01-12 HIGH 8.8 OpenCode is an open source AI coding agent. Prior to 1.0.216, OpenCode automatically starts an unauthenticated HTTP server that allows any local process (or any website via permissive…
CVE-2026-22804 2026-01-12 HIGH 8.0 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix…
CVE-2026-0882 2026-01-13 HIGH 8.8 Use-after-free in the IPC component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
CVE-2026-0881 2026-01-13 CRITICAL 10.0 Sandbox escape in the Messaging System component. This vulnerability affects Firefox < 147.
CVE-2026-0880 2026-01-13 HIGH 8.8 Sandbox escape due to integer overflow in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
CVE-2026-0879 2026-01-13 CRITICAL 9.8 Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability affects Firefox < 147, Firefox ESR < 115.32, and Firefox ESR < 140.7.
CVE-2025-8090 2026-01-13 MEDIUM 6.2 Null pointer dereference in the MsgRegisterEvent() system call could allow an attacker with local access and code execution abilities to crash the QNX Neutrino kernel.
CVE-2025-71023 2026-01-13 HIGH 7.5 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the mac2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-66177 2026-01-13 HIGH 8.8 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN)…
CVE-2025-66176 2026-01-13 HIGH 8.8 There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network…
CVE-2026-0408 2026-01-13 N/A 0.0 A path traversal vulnerability in NETGEAR WiFi range extenders allows an attacker with LAN authentication to access the router's IP and review the contents of the dynamically generated…
CVE-2026-0407 2026-01-13 N/A 0.0 An insufficient authentication vulnerability in NETGEAR WiFi range extenders allows a network adjacent attacker with WiFi authentication or a physical Ethernet port connection to bypass the authentication process and access…
CVE-2025-68707 2026-01-13 N/A 0.0 An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long…
CVE-2026-0406 2026-01-13 N/A 0.0 An insufficient input validation vulnerability in the NETGEAR XR1000v2 allows attackers connected to the router's LAN to execute OS command injections.
CVE-2026-0405 2026-01-13 N/A 0.0 An authentication bypass vulnerability in NETGEAR Orbi devices allows users connected to the local network to access the router web interface as an admin.
CVE-2026-0404 2026-01-13 N/A 0.0 An insufficient input validation vulnerability in NETGEAR Orbi devices' DHCPv6 functionality allows network adjacent attackers authenticated over WiFi or on LAN to execute OS command injections on the router. DHCPv6 is…
CVE-2026-0403 2026-01-13 N/A 0.0 An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections.
CVE-2025-67685 2026-01-13 LOW 3.8 A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions may allow…
CVE-2025-65784 2026-01-13 N/A 0.0 Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
CVE-2025-62182 2026-01-13 N/A 0.0 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
CVE-2025-59922 2026-01-13 HIGH 7.2 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2.0…
CVE-2025-66698 2026-01-13 HIGH 8.6 An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.
CVE-2025-58693 2026-01-13 MEDIUM 6.5 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker to…
CVE-2025-58411 2026-01-13 N/A 0.0 Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of resources reference counting creating a potential use after free scenario.…
CVE-2025-58409 2026-01-13 N/A 0.0 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances…
CVE-2025-47855 2026-01-13 CRITICAL 9.8 An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to obtain the…
CVE-2025-46685 2026-01-13 HIGH 7.5 Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2025-46684 2026-01-13 MEDIUM 6.6 Dell SupportAssist OS Recovery, versions prior to 5.5.15.1, contain a Creation of Temporary File With Insecure Permissions vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2025-25652 2026-01-13 N/A 0.0 In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal.
CVE-2025-25249 2026-01-13 HIGH 8.1 A heap-based buffer overflow vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4.0 through 6.4.16, FortiSASE…
CVE-2025-25176 2026-01-13 N/A 0.0 Intermediate register values of secure workloads can be exfiltrated in workloads scheduled from applications running in the non-secure environment of a platform.
CVE-2026-0884 2026-01-13 CRITICAL 9.8 Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.
« Anterior Página 106 de 3931 Siguiente »