Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-49958
2026-06-09
MEDIUM
5.0
Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard function within api/workspace_git.py that allows attackers to delete files outside the configured…
CVE-2026-49956
2026-06-09
MEDIUM
6.5
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint…
CVE-2026-49955
2026-06-09
MEDIUM
5.3
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing…
CVE-2026-49948
2026-06-09
HIGH
8.1
Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider and…
CVE-2026-24065
2026-06-09
HIGH
8.1
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the client…
CVE-2026-36818
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to…
CVE-2026-36817
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to…
CVE-2026-36816
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to…
CVE-2026-36815
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to…
CVE-2026-36811
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to…
CVE-2026-36810
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to…
CVE-2026-36809
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to…
CVE-2026-36808
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to…
CVE-2026-36807
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to…
CVE-2026-36800
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to…
CVE-2026-36799
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to…
CVE-2026-36798
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities…
CVE-2026-36797
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to…
CVE-2026-36796
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to…
CVE-2026-36792
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows…
CVE-2026-36784
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows…
CVE-2026-36783
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows…
CVE-2026-36779
2026-06-09
N/A
0.0
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and…
CVE-2026-36727
2026-06-09
N/A
0.0
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
CVE-2026-8025
2026-06-09
CRITICAL
9.8
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Platform:…
CVE-2026-49161
2026-06-09
HIGH
7.8
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-50511
2026-06-09
HIGH
7.8
Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-50508
2026-06-09
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-50507
2026-06-09
MEDIUM
6.8
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-48573
2026-06-09
HIGH
7.9
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48570
2026-06-09
HIGH
7.9
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48569
2026-06-09
HIGH
7.1
Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-48568
2026-06-09
HIGH
7.9
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-48566
2026-06-09
MEDIUM
5.5
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-48565
2026-06-09
HIGH
7.8
Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally.
CVE-2026-48563
2026-06-09
HIGH
7.5
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-48562
2026-06-09
MEDIUM
4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-48560
2026-06-09
MEDIUM
5.4
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47656
2026-06-09
HIGH
7.9
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
CVE-2026-47654
2026-06-09
HIGH
7.5
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47653
2026-06-09
HIGH
8.8
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47652
2026-06-09
HIGH
8.2
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-47648
2026-06-09
HIGH
7.0
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-47643
2026-06-09
CRITICAL
9.8
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network.
CVE-2026-47639
2026-06-09
MEDIUM
5.4
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47638
2026-06-09
MEDIUM
4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47637
2026-06-09
MEDIUM
4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47636
2026-06-09
MEDIUM
5.4
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-47635
2026-06-09
HIGH
8.4
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-47634
2026-06-09
HIGH
7.3
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
« Anterior
Página 115 de 4520
Siguiente »
Page load link
Go to Top