Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-35202 2026-06-02 N/A 0.0 Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits…
CVE-2026-35049 2026-06-02 MEDIUM 6.5 wire-ios is an iOS client for the Wire secure messaging application. Prior to version 4.16.0, upon receiving a crafted malicious Proteus external message with an encrypted payload that…
CVE-2026-40314 2026-06-02 N/A 0.0 NamelessMC is website software for Minecraft servers. In version 2.2.4,`core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. `modules/Core/queries/reactions.php` allows unauthenticated GET requests…
CVE-2026-35447 2026-06-02 N/A 0.0 NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to…
CVE-2026-35443 2026-06-02 N/A 0.0 NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization.…
CVE-2026-34993 2026-06-02 MEDIUM 6.4 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using…
CVE-2026-34077 2026-06-02 HIGH 7.5 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site…
CVE-2026-33245 2026-06-02 HIGH 8.0 React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site…
CVE-2026-34460 2026-06-02 MEDIUM 5.4 NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code.…
CVE-2026-28299 2026-06-02 HIGH 8.2 SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when exploited, could cause the Web Help Desk server to crash due to insufficient…
CVE-2026-1829 2026-06-02 HIGH 8.8 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.02 via the 'et_pb_text' shortcode 'cvdb_content_visibility_check'…
CVE-2026-10701 2026-06-02 N/A 0.0 Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3.
CVE-2026-10629 2026-06-02 CRITICAL 9.1 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise…
CVE-2026-10617 2026-06-02 HIGH 7.3 A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. This affects the function resolveAuth of the file internal/http/auth.go of the component Webhook Verification Handler. The…
CVE-2026-10616 2026-06-02 MEDIUM 4.3 A weakness has been identified in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function TeamTasksTool.executeComplete of the file internal/tools/team_tasks_lifecycle.go of the component Team Task Completion…
CVE-2026-10622 2026-06-02 HIGH 8.2 Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.
CVE-2026-10621 2026-06-02 HIGH 7.5 Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize…
CVE-2026-10584 2026-06-02 MEDIUM 5.9 Proxy server in Graph Explorer before 3.0.1 falls back to HTTP when certificate files are missing, which might allow remote threat actors to obtain sensitive information via interception…
CVE-2026-10606 2026-06-02 HIGH 7.3 A vulnerability was determined in DedeCMS 5.7.88. The affected element is the function TrimMsg of the file /plus/feedback.php of the component Feedback Handler. Executing a manipulation of the…
CVE-2026-0611 2026-06-02 CRITICAL 9.8 Spacelabs Healthcare Sentinel versions 10.5.x and higher and 11.x.x before 11.6.0 contain an unauthenticated remote code execution vulnerability through a deprecated .NET Remoting HTTP channel exposed on port…
CVE-2021-4479 2026-06-02 MEDIUM 4.0 Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant…
CVE-2021-4478 2026-06-02 HIGH 8.2 Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer…
CVE-2019-25724 2026-06-02 MEDIUM 6.5 Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or…
CVE-2019-25723 2026-06-02 MEDIUM 4.0 Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted…
CVE-2025-48652 2026-06-01 HIGH 7.8 In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of…
CVE-2025-48648 2026-06-01 MEDIUM 5.5 In isSameApp of NotificationManagerService.java, there is a possible persistent dos due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed.…
CVE-2025-48616 2026-06-01 LOW 3.3 In multiple functions of KeyguardViewMediator.java , there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could…
CVE-2025-48570 2026-06-01 HIGH 7.8 In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy. This could lead to local escalation…
CVE-2025-26418 2026-06-01 MEDIUM 5.9 In setUserDisclaimerAcknowledged of CarDevicePolicyService.java, there is a possible way to bypass the user dialog when adding an account to a managed device due to a missing permission check.…
CVE-2025-22426 2026-06-01 MEDIUM 5.9 In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local…
CVE-2025-22424 2026-06-01 HIGH 7.8 In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no…
CVE-2025-32348 2026-06-01 HIGH 7.8 In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution…
CVE-2026-0055 2026-06-01 MEDIUM 6.2 In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller (DPC) into an invalid directory due to a path traversal error. This could lead…
CVE-2026-0052 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with…
CVE-2026-0051 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service…
CVE-2026-0050 2026-06-01 LOW 3.3 In handleBondStateChanged of AdapterService.java, there is a possible sensitive information disclosure due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges…
CVE-2026-0048 2026-06-01 MEDIUM 6.8 In hide of WindowState.java, there is a possible way to trick the user into approving permissions due to a tapjacking/overlay attack. This could lead to local escalation of…
CVE-2026-0046 2026-06-01 MEDIUM 6.2 In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation…
CVE-2026-0044 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of…
CVE-2026-0043 2026-06-01 MEDIUM 5.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no…
CVE-2026-0042 2026-06-01 MEDIUM 5.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional…
CVE-2026-0041 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution…
CVE-2026-0040 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with…
CVE-2026-0039 2026-06-01 MEDIUM 6.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no…
CVE-2026-0018 2026-06-01 MEDIUM 5.5 In multiple functions of AccessibilityManagerService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no…
CVE-2026-0016 2026-06-01 LOW 3.3 In updateProvidersWhenServiceRemoved of CredentialManagerService.java, there is a possible way to override settings across users due to a permissions bypass. This could lead to local information disclosure with no…
CVE-2026-0056 2026-06-01 LOW 3.3 In setTo of ResourceTypes.cpp, there is a possible read out of bounds due to an incorrect bounds check. This could lead to local information disclosure with no additional…
CVE-2026-28577 2026-06-01 HIGH 7.8 In addWindow of WindowManagerService.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2026-0067 2026-06-01 MEDIUM 5.5 In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a permanent denial of service due to a logic error in the code. This could lead…
CVE-2026-0059 2026-06-01 HIGH 8.0 In multiple functions of sdp_discovery.cc, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution…
« Anterior Página 138 de 4507 Siguiente »