Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-47147 2026-06-25 HIGH 7.1 In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to…
CVE-2026-47146 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined…
CVE-2026-47145 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined…
CVE-2026-47152 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has…
CVE-2026-47153 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has…
CVE-2026-47154 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device…
CVE-2026-4526 2026-06-25 MEDIUM 6.5 In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device…
CVE-2026-57434 2026-06-25 N/A 0.0 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native…
CVE-2026-57235 2026-06-25 N/A 0.0 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the…
CVE-2026-12937 2026-06-25 HIGH 7.5 The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress Plugin plugin for WordPress is vulnerable to generic SQL Injection via the 'post_id' parameter in…
CVE-2026-57536 2026-06-25 N/A 0.0 Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to…
CVE-2026-57535 2026-06-25 N/A 0.0 Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF…
CVE-2026-57534 2026-06-25 N/A 0.0 Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.
CVE-2026-57533 2026-06-25 N/A 0.0 Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be…
CVE-2026-57532 2026-06-25 N/A 0.0 Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could…
CVE-2026-57437 2026-06-25 N/A 0.0 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection.…
CVE-2026-57435 2026-06-25 N/A 0.0 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to…
CVE-2026-57236 2026-06-25 N/A 0.0 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a…
CVE-2026-57234 2026-06-25 LOW 2.6 Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for…
CVE-2026-56071 2026-06-25 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Forminator
CVE-2026-56042 2026-06-25 HIGH 7.1 Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce
CVE-2026-56023 2026-06-25 MEDIUM 5.4 Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce
CVE-2026-54849 2026-06-25 CRITICAL 9.3 Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce
CVE-2026-54841 2026-06-25 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Vitepos
CVE-2026-54838 2026-06-25 HIGH 8.5 Subscriber SQL Injection in WC Vendors Marketplace
CVE-2026-54823 2026-06-25 CRITICAL 9.9 Contributor Remote Code Execution (RCE) in Widget Options
CVE-2026-54822 2026-06-25 HIGH 8.5 Subscriber SQL Injection in SALESmanago & Leadoo
CVE-2026-55454 2026-06-24 CRITICAL 9.9 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default…
CVE-2026-54067 2026-06-24 CRITICAL 9.9 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet() interpolates it via insertAdjacentHTML. A…
CVE-2026-50189 2026-06-24 N/A 0.0 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, Appsmith's bundled supervisord exposes an XML-RPC interface on port 9001, reachable from outside…
CVE-2026-42389 2026-06-25 MEDIUM 5.3 This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.
CVE-2026-42388 2026-06-25 MEDIUM 5.9 Incomplete validation of the SOA record present in a catalog zone might lead to a crash.
CVE-2026-42387 2026-06-25 MEDIUM 5.9 A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.
CVE-2026-40012 2026-06-25 MEDIUM 5.3 ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;
CVE-2026-13314 2026-06-25 N/A 0.0 Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.
CVE-2026-13225 2026-06-25 N/A 0.0 Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.
CVE-2026-13223 2026-06-25 N/A 0.0 Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply…
CVE-2026-13222 2026-06-25 N/A 0.0 Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply…
CVE-2026-12755 2026-06-25 LOW 2.7 Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to…
CVE-2026-55455 2026-06-24 N/A 0.0 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the outbound HTTP host filter applied by WebClientUtils (used by the REST API…
CVE-2026-53766 2026-06-24 MEDIUM 6.1 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by checking whether path.resolve(filePath)…
CVE-2026-53765 2026-06-24 MEDIUM 6.1 Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with…
CVE-2026-52794 2026-06-24 HIGH 7.5 Sentry is an error tracking and performance monitoring tool. From 24.4.0 until 26.5.2, a Regular Expression Denial of Service (ReDoS) vulnerability exists in Sentry's event ingestion pipeline, where…
CVE-2026-49979 2026-06-24 N/A 0.0 Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a…
CVE-2026-8662 2026-06-25 LOW 3.3 Path Traversal vulnerability in the create_archive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The…
CVE-2026-8658 2026-06-25 MEDIUM 6.0 OS Command Injection vulnerability in Rapid7 InsightConnect Tcpdump Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the options or filter parameters due to insufficient…
CVE-2026-8666 2026-06-25 HIGH 7.7 OS Command Injection vulnerability in the traceroute action of Rapid7 InsightConnect Traceroute Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host, port, max_ttl,…
CVE-2026-8665 2026-06-25 HIGH 7.7 OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters…
CVE-2026-8664 2026-06-25 MEDIUM 6.0 OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient…
CVE-2026-8660 2026-06-25 HIGH 7.7 OS Command Injection vulnerability in the ping action of Rapid7 InsightConnect Ping Plugin on Linux allows remote attackers to execute arbitrary OS commands via the host parameter due…
« Anterior Página 14 de 4502 Siguiente »