Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-24717 2026-06-10 N/A 0.0 A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability…
CVE-2026-24716 2026-06-10 N/A 0.0 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the…
CVE-2026-22899 2026-06-10 N/A 0.0 A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to…
CVE-2026-22893 2026-06-10 N/A 0.0 A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability…
CVE-2025-66281 2026-06-10 N/A 0.0 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS)…
CVE-2025-66280 2026-06-10 N/A 0.0 An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit…
CVE-2025-66279 2026-06-10 N/A 0.0 A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability…
CVE-2025-66273 2026-06-10 N/A 0.0 A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability…
CVE-2025-62851 2026-06-10 N/A 0.0 A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the…
CVE-2025-62850 2026-06-10 N/A 0.0 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the…
CVE-2025-66276 2026-06-10 N/A 0.0 QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later
CVE-2025-59382 2026-06-10 N/A 0.0 QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:
CVE-2025-58468 2026-06-10 N/A 0.0 A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities.…
CVE-2026-9754 2026-06-09 MEDIUM 6.5 An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command
CVE-2026-9753 2026-06-09 HIGH 8.1 The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApplyOplogUpdate can…
CVE-2026-9752 2026-06-09 MEDIUM 6.5 An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with…
CVE-2026-9751 2026-06-09 MEDIUM 5.5 The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
CVE-2026-9750 2026-06-09 MEDIUM 6.5 An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems…
CVE-2026-9749 2026-06-09 MEDIUM 6.5 This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces…
CVE-2026-9748 2026-06-09 MEDIUM 6.5 The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism,…
CVE-2026-9747 2026-06-09 MEDIUM 6.5 Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.
CVE-2026-9746 2026-06-09 MEDIUM 6.5 When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user…
CVE-2026-9743 2026-06-09 MEDIUM 6.5 In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor,…
CVE-2026-9742 2026-06-09 HIGH 7.5 When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command…
CVE-2026-9741 2026-06-09 MEDIUM 6.5 A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields…
CVE-2026-9740 2026-06-09 HIGH 7.5 A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of…
CVE-2026-9735 2026-06-09 MEDIUM 5.5 MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parameters are written…
CVE-2026-9151 2026-06-10 N/A 0.0 An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent,…
CVE-2026-9067 2026-06-10 CRITICAL 9.1 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate…
CVE-2026-9060 2026-06-10 LOW 3.5 The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin…
CVE-2026-8071 2026-06-10 HIGH 8.8 The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to…
CVE-2026-3326 2026-06-10 HIGH 8.6 The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated…
CVE-2026-53675 2026-06-10 MEDIUM 4.3 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can…
CVE-2026-53674 2026-06-10 HIGH 7.1 BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause…
CVE-2026-53673 2026-06-10 HIGH 8.1 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a user_id…
CVE-2026-34417 2026-06-09 MEDIUM 6.1 OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter…
CVE-2026-25860 2026-06-09 MEDIUM 6.1 OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding…
CVE-2026-50570 2026-06-10 HIGH 8.5 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety validation for tenant-facing…
CVE-2026-50569 2026-06-10 MEDIUM 4.3 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() validated Methods, FunctionReference, Host, IngressConfig, and…
CVE-2026-50568 2026-06-10 LOW 3.6 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/utils.go validated that a path…
CVE-2026-50567 2026-06-10 HIGH 7.7 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go joined each archive entry…
CVE-2026-50566 2026-06-10 CRITICAL 9.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a tenant with environments.fission.io create/update RBAC can…
CVE-2026-50565 2026-06-10 MEDIUM 4.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were created with ServiceAccountName:…
CVE-2026-50564 2026-06-10 CRITICAL 9.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec,…
CVE-2026-50563 2026-06-10 CRITICAL 9.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor path lets a tenant…
CVE-2026-50545 2026-06-10 CRITICAL 9.9 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.podSpec / spec.builder.podSpec passthrough lacked validation,…
CVE-2026-49824 2026-06-10 HIGH 8.5 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission webhook (pkg/webhook/function.go) validated…
CVE-2026-49823 2026-06-10 HIGH 7.7 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference…
CVE-2026-49822 2026-06-10 HIGH 7.7 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who could create a…
CVE-2026-49821 2026-06-10 HIGH 7.7 Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller processed Package CRDs without…
« Anterior Página 109 de 4522 Siguiente »