Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33496 2026-03-26 HIGH 8.1 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33495 2026-03-26 MEDIUM 6.5 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often…
CVE-2026-33494 2026-03-26 CRITICAL 10.0 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33487 2026-03-26 HIGH 7.5 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one…
CVE-2026-33486 2026-03-26 MEDIUM 6.8 Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28,…
CVE-2026-33481 2026-03-26 MEDIUM 5.3 Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not…
CVE-2026-33470 2026-03-26 MEDIUM 6.5 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access…
CVE-2026-33438 2026-03-26 MEDIUM 6.5 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of…
CVE-2026-33015 2026-03-26 MEDIUM 5.2 EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's…
CVE-2026-1015 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially…
CVE-2026-1262 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2026-2483 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
CVE-2025-36438 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVE-2026-2484 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
CVE-2026-2485 2026-03-25 MEDIUM 4.8 IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2026-32120 2026-03-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the…
CVE-2026-33348 2026-03-25 HIGH 8.7 OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The…
CVE-2026-33909 2026-03-25 MEDIUM 5.9 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are…
CVE-2025-36440 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
CVE-2025-64646 2026-03-25 MEDIUM 6.2 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
CVE-2025-64647 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2025-64648 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-33223 2026-03-25 MEDIUM 6.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to…
CVE-2026-33222 2026-03-25 MEDIUM 4.9 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore…
CVE-2026-33247 2026-03-25 HIGH 7.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials…
CVE-2026-4867 2026-03-26 HIGH 7.5 Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.).…
CVE-2026-3116 2026-03-26 MEDIUM 4.9 Mattermost Plugins versions
CVE-2026-3115 2026-03-26 MEDIUM 4.3 Mattermost versions 11.2.x
CVE-2026-3114 2026-03-26 MEDIUM 6.5 Mattermost versions 11.4.x
CVE-2026-3113 2026-03-26 MEDIUM 5.0 Mattermost versions 11.4.x
CVE-2026-3112 2026-03-26 MEDIUM 6.8 Mattermost versions 11.4.x
CVE-2026-3109 2026-03-26 LOW 2.2 Mattermost Plugins versions
CVE-2026-3108 2026-03-26 HIGH 8.0 Mattermost versions 11.2.x
CVE-2026-34071 2026-03-26 MEDIUM 5.4 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized…
CVE-2026-33636 2026-03-26 HIGH 7.6 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds…
CVE-2026-33468 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape…
CVE-2026-33442 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does…
CVE-2026-33430 2026-03-26 HIGH 7.3 Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase…
CVE-2026-33416 2026-03-26 HIGH 7.5 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and…
CVE-2026-33402 2026-03-26 N/A 0.0 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch…
CVE-2026-33009 2026-03-26 HIGH 8.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT…
CVE-2026-32846 2026-03-26 N/A 0.0 OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the…
CVE-2026-29044 2026-03-26 MEDIUM 5.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path…
CVE-2026-27828 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address).…
CVE-2026-27816 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With…
CVE-2026-27815 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking.…
CVE-2026-27814 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during…
CVE-2026-27813 2026-03-26 MEDIUM 5.3 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events…
CVE-2026-26074 2026-03-26 HIGH 7.0 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with…
CVE-2026-26073 2026-03-26 MEDIUM 5.9 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and…
« Anterior Página 120 de 4210 Siguiente »