Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-9719 2026-06-06 MEDIUM 4.3 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This…
CVE-2026-9290 2026-06-06 HIGH 7.5 The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via…
CVE-2026-8976 2026-06-06 MEDIUM 4.3 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up…
CVE-2026-8900 2026-06-06 MEDIUM 6.4 The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input…
CVE-2026-8893 2026-06-06 MEDIUM 6.4 The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including,…
CVE-2026-8608 2026-06-06 MEDIUM 5.3 The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This…
CVE-2026-7047 2026-06-06 MEDIUM 4.3 The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect…
CVE-2026-6448 2026-06-06 MEDIUM 4.9 The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all…
CVE-2026-6242 2026-06-06 N/A 0.0 An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacker…
CVE-2026-6241 2026-06-06 N/A 0.0 An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An…
CVE-2026-6240 2026-06-06 N/A 0.0 A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated…
CVE-2026-6239 2026-06-06 N/A 0.0 A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes…
CVE-2026-34123 2026-06-06 N/A 0.0 On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the…
CVE-2026-10038 2026-06-06 MEDIUM 4.3 The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading…
CVE-2025-12656 2026-06-06 LOW 3.8 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_site() function…
CVE-2026-7654 2026-06-05 HIGH 8.8 The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to…
CVE-2026-7523 2026-06-05 MEDIUM 4.3 The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying…
CVE-2026-45409 2026-06-05 N/A 0.0 Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads…
CVE-2026-11431 2026-06-05 N/A 0.0 A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter…
CVE-2026-11429 2026-06-05 N/A 0.0 A path traversal vulnerability exists in the Git Service component shared by Altium Enterprise Server and Altium 365. The service accepts a sequence of post-clone file-manipulation operations that…
CVE-2026-11424 2026-06-05 N/A 0.0 A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose…
CVE-2026-11416 2026-06-05 HIGH 8.1 MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured download…
CVE-2026-7763 2026-06-05 CRITICAL 9.8 A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio…
CVE-2026-36785 2026-06-05 N/A 0.0 Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to…
CVE-2026-37737 2026-06-05 MEDIUM 6.5 sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypass CORS…
CVE-2026-7762 2026-06-05 CRITICAL 9.8 A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micro HaLowLink 2 software versions prior to 2.11.13 allows an unauthenticated attacker within radio…
CVE-2026-11423 2026-06-05 N/A 0.0 A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A…
CVE-2026-11422 2026-06-05 HIGH 7.1 Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious…
CVE-2024-6858 2026-06-04 MEDIUM 6.5 In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback…
CVE-2026-45758 2026-06-05 CRITICAL 9.6 Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai`…
CVE-2026-45300 2026-06-05 HIGH 7.4 The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x…
CVE-2026-11420 2026-06-05 N/A 0.0 Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on…
CVE-2026-11419 2026-06-05 N/A 0.0 A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated…
CVE-2026-11414 2026-06-05 N/A 0.0 A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an…
CVE-2026-11401 2026-06-05 HIGH 8.0 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges…
CVE-2026-11400 2026-06-05 HIGH 8.0 An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges…
CVE-2026-25624 2026-06-05 MEDIUM 5.7 An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables…
CVE-2026-25623 2026-06-05 MEDIUM 6.0 An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this…
CVE-2026-25622 2026-06-05 MEDIUM 6.0 A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into…
CVE-2026-25621 2026-06-05 MEDIUM 6.0 A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0;…
CVE-2026-25620 2026-06-05 MEDIUM 6.0 An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects…
CVE-2026-45779 2026-06-05 N/A 0.0 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote…
CVE-2026-45778 2026-06-05 N/A 0.0 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile…
CVE-2026-45777 2026-06-05 N/A 0.0 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands…
CVE-2026-45776 2026-06-05 N/A 0.0 OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit…
CVE-2026-46493 2026-06-05 HIGH 7.5 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
CVE-2026-46401 2026-06-05 N/A 0.0 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after…
CVE-2026-46400 2026-06-05 N/A 0.0 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only…
CVE-2026-46398 2026-06-05 N/A 0.0 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure…
CVE-2026-46397 2026-06-05 MEDIUM 6.5 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows…
« Anterior Página 121 de 4511 Siguiente »