Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-50265 2026-06-05 HIGH 7.0 A flaw was found in libinput. A local attacker with access to /dev/uinput can inject arbitrary udev properties through the libinput-device-group helper. This injection can lead to root…
CVE-2026-11332 2026-06-05 HIGH 7.8 A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious…
CVE-2026-9088 2026-06-05 LOW 2.7 A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint.…
CVE-2026-38500 2026-06-05 N/A 0.0 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2026-50264 2026-06-05 HIGH 7.8 An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an…
CVE-2026-50263 2026-06-05 MEDIUM 5.5 A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the…
CVE-2026-50262 2026-06-05 MEDIUM 5.5 An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding…
CVE-2026-50261 2026-06-05 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those…
CVE-2026-50260 2026-06-05 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger…
CVE-2026-50259 2026-06-05 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper…
CVE-2026-50258 2026-06-05 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does…
CVE-2026-50257 2026-06-05 HIGH 7.8 A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer…
CVE-2026-50256 2026-06-05 HIGH 7.8 A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length…
CVE-2026-11312 2026-06-05 LOW 3.3 A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the function purge_kv_map in the library /src/infinistore.h of the component KV Map Handler. Performing…
CVE-2026-11329 2026-06-05 LOW 3.6 A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generate_hash_key of the file src/Runtime/python/torch_onnxmlir/src/torch_onnxmlir/backend.py of the component Placeholder Node…
CVE-2026-49777 2026-06-05 CRITICAL 10.0 Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce:…
CVE-2026-10877 2026-06-05 HIGH 7.3 A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component…
CVE-2026-10876 2026-06-05 MEDIUM 6.3 A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page…
CVE-2026-10586 2026-06-05 HIGH 7.2 The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2026-10875 2026-06-04 MEDIUM 6.3 A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of…
CVE-2026-10874 2026-06-04 MEDIUM 6.3 A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument…
CVE-2026-10872 2026-06-04 HIGH 7.2 A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in…
CVE-2026-10871 2026-06-04 HIGH 7.2 A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the…
CVE-2026-10870 2026-06-04 HIGH 7.2 A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command…
CVE-2019-25737 2026-06-04 HIGH 7.2 Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit payloads containing…
CVE-2019-25731 2026-06-04 HIGH 7.2 Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inject script code…
CVE-2025-62338 2026-06-04 LOW 3.3 HCL BigFix Cloud Lifecycle Management is affected by lack of input validation.  This low-level flaw allows unauthorized access and may lead to information exposure.
CVE-2026-10796 2026-06-04 HIGH 7.5 nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the available versions from…
CVE-2026-49941 2026-06-04 HIGH 7.5 Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like…
CVE-2026-7774 2026-06-04 N/A 0.0 tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. This allowed a…
CVE-2026-8722 2026-06-04 MEDIUM 6.5 Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional…
CVE-2026-28318 2026-06-04 HIGH 7.5 SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in…
CVE-2026-49186 2026-06-04 CRITICAL 9.8 The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or…
CVE-2026-49185 2026-06-04 CRITICAL 9.8 The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.
CVE-2026-49187 2026-06-04 HIGH 7.5 The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.
CVE-2026-49188 2026-06-04 CRITICAL 9.8 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
CVE-2026-49189 2026-06-04 HIGH 7.8 Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.
CVE-2026-49190 2026-06-04 HIGH 8.8 The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.
CVE-2026-49191 2026-06-04 CRITICAL 9.8 The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.
CVE-2026-49192 2026-06-04 MEDIUM 5.4 The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.
CVE-2026-49193 2026-06-04 HIGH 7.5 Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.
CVE-2026-49194 2026-06-04 HIGH 8.8 The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.
CVE-2026-49202 2026-06-04 HIGH 8.6 Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.
CVE-2026-49203 2026-06-04 HIGH 8.3 Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.
CVE-2026-49204 2026-06-04 MEDIUM 6.5 Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.
CVE-2026-50205 2026-06-04 HIGH 8.2 System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.
CVE-2026-50206 2026-06-04 MEDIUM 6.8 Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.
CVE-2026-50292 2026-06-04 HIGH 7.4 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
CVE-2026-49942 2026-06-04 HIGH 7.3 Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661),…
CVE-2026-46741 2026-06-04 HIGH 7.5 Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could…
« Anterior Página 130 de 4508 Siguiente »