Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-26070 2026-03-26 MEDIUM 4.6 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is an EV…
CVE-2026-26008 2026-03-26 HIGH 7.5 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS…
CVE-2026-23995 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN…
CVE-2026-24068 2026-03-26 HIGH 8.8 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should…
CVE-2026-22593 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length…
CVE-2014-125112 2026-03-26 CRITICAL 9.8 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on…
CVE-2019-25650 2026-03-26 HIGH 8.4 River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the…
CVE-2019-25649 2026-03-26 MEDIUM 5.5 River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized…
CVE-2019-25648 2026-03-26 MEDIUM 6.2 MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field.…
CVE-2018-25219 2026-03-26 HIGH 8.4 PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the…
CVE-2018-25218 2026-03-26 HIGH 8.4 PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers…
CVE-2018-25217 2026-03-26 HIGH 8.4 PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can…
CVE-2018-25216 2026-03-26 MEDIUM 6.2 AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field.…
CVE-2018-25215 2026-03-26 MEDIUM 5.5 Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the…
CVE-2018-25214 2026-03-26 MEDIUM 6.2 MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the…
CVE-2018-25213 2026-03-26 HIGH 8.4 Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers…
CVE-2018-25212 2026-03-26 HIGH 8.4 Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can…
CVE-2018-25211 2026-03-26 HIGH 7.8 Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string…
CVE-2026-4887 2026-03-26 MEDIUM 6.1 A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit…
CVE-2025-41027 2026-03-26 N/A 0.0 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter…
CVE-2025-41026 2026-03-26 N/A 0.0 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter…
CVE-2018-25210 2026-03-26 HIGH 8.2 WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL…
CVE-2018-25209 2026-03-26 HIGH 8.2 OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit…
CVE-2018-25208 2026-03-26 HIGH 8.2 qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter_by parameters. Attackers can submit malicious POST requests…
CVE-2018-25207 2026-03-26 HIGH 7.1 Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST…
CVE-2018-25206 2026-03-26 HIGH 8.2 KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious…
CVE-2018-25205 2026-03-26 HIGH 8.2 ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit…
CVE-2018-25204 2026-03-26 HIGH 8.2 Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests…
CVE-2018-25203 2026-03-26 HIGH 8.2 Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can…
CVE-2018-25202 2026-03-26 HIGH 8.2 SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers…
CVE-2018-25201 2026-03-26 HIGH 7.1 School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username…
CVE-2018-25195 2026-03-26 HIGH 8.2 Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit…
CVE-2018-25185 2026-03-26 HIGH 8.2 Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send…
CVE-2018-25183 2026-03-26 HIGH 8.2 Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious…
CVE-2026-4809 2026-03-26 CRITICAL 9.8 plank/laravel-mediable through version 6.4.0 can allow upload of a dangerous file type when an application using the package accepts or prefers a client-supplied MIME type during file upload…
CVE-2026-4263 2026-03-26 N/A 0.0 Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter  'visitor' in '/api/v1/webchat/message'.
CVE-2026-4262 2026-03-26 N/A 0.0 Vulnerability of incorrect authorization in HiJiffy Chatbot allows an attacker to download private messages from other users via the parameter 'ID' in '/api/v1/download//'.
CVE-2026-4874 2026-03-26 LOW 3.1 A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a…
CVE-2026-4747 2026-03-26 HIGH 8.8 Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer,…
CVE-2026-4652 2026-03-26 HIGH 7.5 On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or…
CVE-2026-32680 2026-03-26 HIGH 7.8 The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may…
CVE-2026-28760 2026-03-26 HIGH 7.8 The installer of RATOC RAID Monitoring Manager for Windows searches the current directory to load certain DLLs. If a user is directed to place a crafted DLL with…
CVE-2026-1890 2026-03-26 MEDIUM 5.3 The LeadConnector WordPress plugin before 3.0.22 does not have authorization in a REST route, allowing unauthenticated users to call it and overwrite existing data
CVE-2026-1430 2026-03-26 MEDIUM 4.8 The WP Lightbox 2 WordPress plugin before 3.0.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2025-15488 2026-03-26 MEDIUM 6.5 The Responsive Plus WordPress plugin before 3.4.3 is vulnerable to arbitrary shortcode execution due to the software allowing unauthenticated users to execute the update_responsive_woo_free_shipping_left_shortcode AJAX action that does…
CVE-2025-15433 2026-03-26 MEDIUM 6.8 The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via…
CVE-2026-33201 2026-03-26 MEDIUM 6.8 Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device…
CVE-2026-33526 2026-03-26 N/A 0.0 Squid is a caching proxy for the Web. Prior to version 7.5, due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This…
CVE-2026-33515 2026-03-26 N/A 0.0 Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid is vulnerable to out of bounds read when handling ICP…
CVE-2026-33285 2026-03-26 HIGH 7.5 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's `memoryLimit` security mechanism can be completely bypassed by using reverse…
« Anterior Página 11 de 4099 Siguiente »