Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-32685 2026-06-02 N/A 0.0 Path traversal vulnerability in Gleam's handling of custom documentation pages allows arbitrary file read and file write outside the intended documentation output directory. The documentation.pages entries from gleam.toml…
CVE-2026-32250 2026-06-02 MEDIUM 4.3 NamelessMC is website software for Minecraft servers. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in version 2.2.4 in the id parameter of the endpoint `/index.php?route=/queries/user/`. The application…
CVE-2026-30963 2026-06-01 LOW 3.9 Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests…
CVE-2026-0078 2026-06-01 HIGH 7.8 In setGlobalProxy of DevicePolicyManagerService.java, there is a possible desync in persistence due to improper input validation. This could lead to local escalation of privilege with no additional execution…
CVE-2026-0076 2026-06-01 HIGH 7.8 In validateNode of ResourceTypes.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no…
CVE-2025-70099 2026-06-01 HIGH 7.5 A NULL pointer dereference in the ext4_dir_en_get_name_len function in include/ext4_dir.h of lwext4 1.0.0 allows attackers to cause a denial of service by supplying a specially crafted EXT4 filesystem…
CVE-2026-0061 2026-06-01 MEDIUM 5.9 In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local…
CVE-2026-0070 2026-06-01 MEDIUM 5.5 In multiple functions of DevicePolicyManagerService.java, there is a possible way to hide a system critical package due to improper input validation. This could lead to local denial of…
CVE-2026-0074 2026-06-01 MEDIUM 5.5 In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2026-0077 2026-06-01 MEDIUM 5.9 In resumeConfigurationDispatch of ActivityRecord.java, there is a possible background application launch (bal) due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-59610 2026-06-01 MEDIUM 6.4 Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
CVE-2025-59611 2026-06-01 MEDIUM 6.7 Memory corruption in diagnostic services due to absence of input validation
CVE-2025-59612 2026-06-01 MEDIUM 6.7 Memory corruption in windows drivers while sending incorrect trusted application request
CVE-2025-59613 2026-06-01 MEDIUM 6.7 Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
CVE-2025-59614 2026-06-01 MEDIUM 6.7 Memory Corruption when sending random number generator command with insufficient output buffer size.
CVE-2026-24085 2026-06-01 HIGH 7.2 Memory Corruption when processing display command line information due to improper initialization of a variable.
CVE-2026-24087 2026-06-01 HIGH 7.2 Memory corruption while processing fastboot OEM commands.
CVE-2026-24088 2026-06-01 HIGH 8.2 Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader.
CVE-2026-24089 2026-06-01 HIGH 7.2 Memory corruption while processing fastboot commands with invalid input.
CVE-2026-24090 2026-06-01 HIGH 7.1 Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
CVE-2026-24091 2026-06-01 HIGH 7.2 Memory corruption while processing fastboot commands with improperly formatted input.
CVE-2026-24092 2026-06-01 HIGH 7.2 Memory Corruption when processing fastboot commands to set display mode.
CVE-2026-25258 2026-06-01 HIGH 7.8 Memory corruption while processing IOCTL calls for escape operations.
CVE-2026-25259 2026-06-01 HIGH 7.8 Memory corruption while processing multiple IOCTL command for escape operations.
CVE-2026-25260 2026-06-01 HIGH 7.8 Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
CVE-2026-25276 2026-06-01 HIGH 8.8 Memory corruption while using Strongbox due to missing bounds check.
CVE-2026-25277 2026-06-01 HIGH 8.8 Memory corruption while using Strongbox due to buffer overflow.
CVE-2019-25718 2026-06-01 HIGH 8.4 Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog…
CVE-2019-25716 2026-06-01 MEDIUM 6.5 Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network…
CVE-2026-9844 2026-06-02 N/A 0.0 Use of default credentials vulnerability in Roche Diagnostics navify Digital Pathology (RabbitMQ Management interface modules) allows Default Usernames and Passwords. This issue affects navify Digital Pathology: from 2.0.0 before…
CVE-2026-41918 2026-06-02 MEDIUM 5.7 A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V4.0). The affected applications stores sensitive information in the browser cache when an authenticated user modify…
CVE-2026-8993 2026-06-02 MEDIUM 6.5 D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM…
CVE-2026-10510 2026-06-02 MEDIUM 6.1 Cross-Site Scripting (XSS) in GeniexWebView component in Transsion AI Assistant Lifestyle application (com.transsion.aiassistantlifestyle) all versions on Android allows remote attacker to execute arbitrary JavaScript in the WebView context…
CVE-2026-7195 2026-06-02 HIGH 8.8 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531,…
CVE-2026-35717 2026-06-02 N/A 0.0 A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request…
CVE-2026-10611 2026-06-02 N/A 0.0 An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deployments configured with LdapAuth.mixedAuth=true and Security.require_otp=true, users authenticated through an authentication…
CVE-2026-37232 2026-06-01 HIGH 8.6 An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in openair2/E2AP/RAN_FUNCTION/O-RAN/ran_func_kpm_subs.c (lines 182 and 197)…
CVE-2026-10549 2026-06-02 N/A 0.0 LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to…
CVE-2026-3871 2026-06-02 MEDIUM 6.5 A buffer overflow vulnerability in the UPnP DeletePortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition…
CVE-2026-3870 2026-06-02 MEDIUM 6.5 A buffer overflow vulnerability in the UPnP AddPortMapping() command in Zyxel VMG4005-B50B firmware versions through 5.13(ABRL.5.4)C0 could allow an adjacent attacker to trigger a temporary denial-of-service (DoS) condition…
CVE-2018-25433 2026-06-01 HIGH 8.2 Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter.…
CVE-2026-49136 2026-06-01 HIGH 7.5 Banana Slides through 0.4.0, patched in commit e8bc490, contains a path traversal vulnerability in the generate_image() function within the AI service backend that allows unauthenticated attackers to read…
CVE-2026-49782 2026-06-02 MEDIUM 5.4 Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0.
CVE-2026-39555 2026-06-02 HIGH 8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1.
CVE-2026-39553 2026-06-02 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes WaveRide allows PHP Local File Inclusion. This issue affects WaveRide: from…
CVE-2026-39552 2026-06-02 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply Co. Blueprint allows PHP Local File Inclusion. This issue affects…
CVE-2026-28116 2026-06-02 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0.
CVE-2026-27351 2026-06-02 MEDIUM 5.4 Missing Authorization vulnerability in Sekander Badsha Crew HRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Crew HRM: from n/a through 1.2.2.
CVE-2025-69369 2026-06-02 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes Racquet allows PHP Local File Inclusion. This issue affects Racquet: from…
CVE-2025-68886 2026-06-02 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes Cookiteer allows PHP Local File Inclusion. This issue affects Cookiteer: from…
« Anterior Página 140 de 4507 Siguiente »