Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-3225 2026-03-23 MEDIUM 4.3 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function…
CVE-2026-33168 2026-03-23 N/A 0.0 Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as…
CVE-2026-33167 2026-03-23 N/A 0.0 Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not…
CVE-2026-33046 2026-03-23 N/A 0.0 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX…
CVE-2026-2412 2026-03-23 MEDIUM 6.5 The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is…
CVE-2026-4681 2026-03-23 N/A 0.0 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This…
CVE-2026-4612 2026-03-23 HIGH 7.3 A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation…
CVE-2026-4611 2026-03-23 HIGH 7.2 A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname…
CVE-2026-33634 2026-03-23 N/A 0.0 Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags…
CVE-2026-29111 2026-03-23 MEDIUM 5.5 systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version…
CVE-2026-27646 2026-03-23 MEDIUM 5.3 OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass…
CVE-2026-24516 2026-03-23 HIGH 8.8 A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in…
CVE-2026-32912 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-28483 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-28455 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-22173 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-33478 2026-03-23 CRITICAL 10.0 WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated…
CVE-2026-32845 2026-03-23 HIGH 8.4 cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted…
CVE-2026-4593 2026-03-23 MEDIUM 6.3 A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface.…
CVE-2026-33507 2026-03-23 HIGH 8.8 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files…
CVE-2026-33502 2026-03-23 CRITICAL 9.3 WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to…
CVE-2026-33501 2026-03-23 MEDIUM 5.3 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the endpoint `plugin/Permissions/View/Users_groups_permissions/list.json.php` lacks any authentication or authorization check, allowing unauthenticated users to…
CVE-2026-33500 2026-03-23 MEDIUM 5.4 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 (GHSA-rcqw-6466-3mv7) introduced a custom `ParsedownSafeWithLinks` class that sanitizes raw…
CVE-2026-33499 2026-03-23 MEDIUM 6.1 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `view/forbiddenPage.php` and `view/warningPage.php` templates reflect the `$_REQUEST['unlockPassword']` parameter directly into an HTML…
CVE-2026-30007 2026-03-23 MEDIUM 6.2 XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
CVE-2026-30006 2026-03-23 MEDIUM 6.2 XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.
CVE-2026-26829 2026-03-23 HIGH 7.5 A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of…
CVE-2026-26828 2026-03-23 HIGH 7.5 A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request…
CVE-2024-51226 2026-03-23 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2024-51225 2026-03-23 MEDIUM 4.8 A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2024-51224 2026-03-23 MEDIUM 4.8 Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a…
CVE-2024-51223 2026-03-23 MEDIUM 4.8 A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2024-51222 2026-03-23 MEDIUM 4.8 A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2026-4600 2026-03-23 HIGH 7.4 Versions of the package jsrsasign before 11.1.1 are vulnerable to Improper Verification of Cryptographic Signature via the DSA domain-parameter validation in KJUR.crypto.DSA.setPublic (and the related DSA/X509 verification flow…
CVE-2026-4598 2026-03-23 HIGH 7.5 Versions of the package jsrsasign before 11.1.1 are vulnerable to Infinite loop via the bnModInverse function in ext/jsbn2.js when the BigInteger.modInverse implementation receives zero or negative inputs, allowing…
CVE-2026-4599 2026-03-23 CRITICAL 9.1 Versions of the package jsrsasign from 7.0.0 and before 11.1.1 are vulnerable to Incomplete Comparison with Missing Factors via the getRandomBigIntegerZeroToMax and getRandomBigIntegerMinToMax functions in src/crypto-1.1.js; an attacker…
CVE-2026-4592 2026-03-23 MEDIUM 5.6 A security vulnerability has been detected in kalcaddle kodbox 1.64. This impacts the function loginAfter/tfaVerify of the file /workspace/source-code/plugins/client/controller/tfa/index.class.php of the component Password Login. The manipulation leads to…
« Anterior Página 143 de 4211 Siguiente »