Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-28580 2026-06-01 HIGH 7.8 In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution…
CVE-2026-28581 2026-06-01 MEDIUM 4.0 In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with…
CVE-2026-28586 2026-06-01 LOW 3.3 In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution…
CVE-2025-59601 2026-06-01 MEDIUM 6.5 Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
CVE-2025-59604 2026-06-01 HIGH 7.8 Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
CVE-2025-59605 2026-06-01 HIGH 7.8 Memory Corruption when processing device identifier strings that exceed the expected maximum length.
CVE-2025-59606 2026-06-01 HIGH 7.8 Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
CVE-2025-59609 2026-06-01 MEDIUM 5.5 Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
CVE-2024-42206 2026-06-02 LOW 3.1 HCL iReflection Third party vulnerable and outdated components issue was detected in the web application
CVE-2026-40619 2026-06-02 HIGH 7.8 A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access…
CVE-2026-49943 2026-06-02 MEDIUM 6.3 CZ.NIC BIRD Internet Routing Daemon through 2.19.0 contains a stack-based buffer overflow in the BGP AS_PATH mask matching implementation in nest/a-path.c. The as_path_match() function uses a fixed-size stack…
CVE-2026-38978 2026-06-02 N/A 0.0 transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.
CVE-2026-35718 2026-06-02 N/A 0.0 A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted…
CVE-2026-30652 2026-06-02 N/A 0.0 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker…
CVE-2026-30650 2026-06-02 N/A 0.0 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated…
CVE-2026-33244 2026-06-02 MEDIUM 5.4 React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP `Location` header value can…
CVE-2026-24237 2026-06-02 HIGH 7.8 NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering,…
CVE-2026-24221 2026-06-02 HIGH 7.8 NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering…
CVE-2026-1871 2026-06-02 N/A 0.0 TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by…
CVE-2026-40715 2026-06-02 HIGH 7.8 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to…
CVE-2026-40713 2026-06-02 MEDIUM 6.1 Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information…
CVE-2026-10591 2026-06-02 HIGH 8.8 Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions…
CVE-2026-47117 2026-06-02 CRITICAL 9.8 OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied model_name parameter,…
CVE-2026-5419 2026-06-01 LOW 3.7 A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive…
CVE-2026-45685 2026-06-02 HIGH 7.5 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the…
CVE-2026-45684 2026-06-02 MEDIUM 4.9 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the…
CVE-2026-45679 2026-06-02 MEDIUM 6.5 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, OBI exports raw Redis error text as the span status message. Because Redis…
CVE-2026-45678 2026-06-02 HIGH 7.5 OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Postgres protocol parser assumes BIND message payloads contain a valid NUL-terminated portal…
CVE-2026-33398 2026-06-02 N/A 0.0 NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled `post` ID and…
CVE-2026-37235 2026-06-01 HIGH 7.5 FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is…
CVE-2026-25879 2026-06-01 CRITICAL 9.8 Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with…
CVE-2026-10291 2026-06-01 MEDIUM 4.3 A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep…
CVE-2026-0088 2026-06-01 HIGH 7.8 In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of…
CVE-2026-0086 2026-06-01 MEDIUM 6.8 In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with…
CVE-2026-45554 2026-06-02 MEDIUM 5.3 NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to…
CVE-2026-45553 2026-06-02 HIGH 7.5 NiceGUI is a Python-based UI framework. Prior to version 3.12.0, ui.restructured_text() renders reStructuredText server-side with Docutils without disabling file insertion directives. When a NiceGUI application passes attacker-controlled content…
CVE-2026-45080 2026-06-02 N/A 0.0 Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, improper access control allows disclosure of password hash. This issue has been patched in version…
CVE-2026-44367 2026-06-02 LOW 2.7 Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of…
CVE-2026-10047 2026-06-02 N/A 0.0 The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled SS:SP-derived offset as an index…
CVE-2026-10046 2026-06-02 N/A 0.0 Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler computes a destination offset…
CVE-2026-42654 2026-06-02 HIGH 7.1 Authentication Bypass Using an Alternate Path or Channel vulnerability in WP Swings Wallet System for WooCommerce allows Password Recovery Exploitation. This issue affects Wallet System for WooCommerce: from…
CVE-2026-40780 2026-06-02 HIGH 7.5 Authentication Bypass Using an Alternate Path or Channel vulnerability in Liquid Web / StellarWP BookIt allows Password Recovery Exploitation. This issue affects BookIt: from n/a before 2.5.4.1.
CVE-2026-45729 2026-06-01 MEDIUM 4.3 Thor Vector Graphics (ThorVG) is a production-ready vector graphics engine. Prior to version 1.0.5, a null pointer dereference in SvgLoader::run() allows any caller that passes untrusted SVG data…
CVE-2026-45302 2026-06-01 HIGH 8.2 parse-nested-form-data is a tiny node module for parsing FormData by name into objects and arrays. Prior to version 1.0.1, parseFormData() walks bracket and dot-notation FormData field names into…
CVE-2026-43965 2026-06-02 N/A 0.0 Path traversal vulnerability in Gleam's dependency management allows arbitrary directory deletion via malicious build/packages/packages.toml content. Package keys read from build/packages/packages.toml by LocalPackages::read_from_disc are passed without validation to paths.build_packages_package(),…
CVE-2026-42795 2026-06-02 N/A 0.0 Symlink following vulnerability in Gleam's Hex package export allows files outside the project root to be embedded in the generated package tarball. The file collection helpers (gleam_files, native_files,…
CVE-2026-42670 2026-06-02 HIGH 7.5 Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Five Star Restaurant Reservations: from…
CVE-2026-37233 2026-06-01 HIGH 7.5 FlexRIC v2.0.0 contains an authorization bypass in the iApp's xApp isolation mechanism. The equality function eq_xapp_ric_gen_id() in src/ric/iApp/xapp_ric_id.c compares m0->xapp_id against itself (m0->xapp_id) instead of the other argument…
CVE-2026-37230 2026-06-01 HIGH 7.5 FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in…
CVE-2026-37226 2026-06-01 HIGH 7.5 FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT)…
« Anterior Página 139 de 4507 Siguiente »