Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-44650 2026-05-29 CRITICAL 9.1 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
CVE-2026-44649 2026-05-29 CRITICAL 9.8 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
CVE-2026-44648 2026-05-29 HIGH 7.5 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to 1.18.0,…
CVE-2026-6816 2026-05-28 N/A 0.0 An access bypass vulnerability in Drupal TFA Basic Plugins allows users with the administer users permission to view or generate recovery codes for other users. This issue affects…
CVE-2026-4387 2026-05-29 N/A 0.0 StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…
CVE-2026-5343 2026-05-28 HIGH 7.4 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0…
CVE-2026-46599 2026-05-29 N/A 0.0 The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms…
CVE-2026-45668 2026-05-29 N/A 0.0 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled…
CVE-2026-45403 2026-05-28 LOW 2.0 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy…
CVE-2026-45149 2026-05-29 MEDIUM 6.5 The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a…
CVE-2026-42500 2026-05-29 MEDIUM 5.3 Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.
CVE-2026-39276 2026-05-29 HIGH 7.2 The template upload feature in Emlog Pro v2.6.9 has a path traversal vulnerability, allowing authenticated administrators to execute arbitrary PHP code. By uploading a malicious ZIP archive containing…
CVE-2026-39229 2026-05-29 MEDIUM 6.5 Bolt CMS through 3.7.0 allows SQL Injection in the 'order' parameter of the content listing pages. An authenticated attacker with low-level privileges can exploit this through the OrderDirective…
CVE-2026-49386 2026-05-29 MEDIUM 6.5 In JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning Canvas
CVE-2026-49385 2026-05-29 MEDIUM 6.5 In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts
CVE-2026-49384 2026-05-29 MEDIUM 6.1 In JetBrains PyCharm before 2025.3.4 stored XSS in Jupyter notebook Markdown cells was possible
CVE-2026-49383 2026-05-29 LOW 3.3 In JetBrains IntelliJ IDEA before 2026.1 xXE in the UI Designer form parser was possible
CVE-2026-49382 2026-05-29 MEDIUM 4.5 In JetBrains IntelliJ IDEA before 2026.1 code execution was possible via template injection in the Copyright plugin
CVE-2026-49381 2026-05-29 LOW 3.4 In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible
CVE-2026-49380 2026-05-29 LOW 3.1 In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible
CVE-2026-49379 2026-05-29 MEDIUM 6.5 In JetBrains TeamCity before 2026.1 credentials could be exposed in thread names
CVE-2026-49378 2026-05-29 MEDIUM 4.3 In JetBrains TeamCity before 2026.1 credentials parameters were exposed via parameter autocompletion
CVE-2026-49377 2026-05-29 MEDIUM 4.3 In JetBrains TeamCity before 2025.11.2 exposure of sensitive data via default agent parameters
CVE-2026-49376 2026-05-29 MEDIUM 6.5 In JetBrains TeamCity before 2026.1 insufficient username validation in the SAML plugin
CVE-2026-49375 2026-05-29 MEDIUM 6.1 In JetBrains TeamCity before 2026.1, 2025.11.5 reflected XSS was possible on the repository download page
CVE-2026-49374 2026-05-29 HIGH 7.6 In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters
CVE-2026-49373 2026-05-29 HIGH 7.1 In JetBrains TeamCity before 2026.1 remote code execution was possible via Perforce connection settings
CVE-2026-49372 2026-05-29 HIGH 7.5 In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible
CVE-2026-49371 2026-05-29 HIGH 7.1 In JetBrains TeamCity before 2026.1.1 reflected XSS in the keyword filter was possible
CVE-2026-49370 2026-05-29 LOW 3.4 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests
CVE-2026-49369 2026-05-29 MEDIUM 4.3 In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pages
CVE-2026-49368 2026-05-29 HIGH 8.7 In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
CVE-2026-49367 2026-05-29 HIGH 8.0 In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account
CVE-2026-49366 2026-05-29 HIGH 7.8 In JetBrains IntelliJ IDEA before 2026.1.1 command injection was possible via filename completion
CVE-2026-10070 2026-05-29 MEDIUM 4.7 A vulnerability was found in macrozheng mall up to 1.0.3. This affects an unknown function of the file /admin/update/ of the component Super Admin Password Handler. Performing a…
CVE-2026-9990 2026-05-28 HIGH 7.5 Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2026-9989 2026-05-28 MEDIUM 6.3 Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
CVE-2026-9981 2026-05-28 MEDIUM 6.5 Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium…
CVE-2026-9980 2026-05-28 MEDIUM 5.0 Insufficient validation of untrusted input in Printing in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via…
CVE-2026-9979 2026-05-28 MEDIUM 5.0 Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via…
CVE-2026-9958 2026-05-28 HIGH 8.8 Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity:…
CVE-2026-9954 2026-05-28 HIGH 7.5 Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit…
CVE-2026-9940 2026-05-28 HIGH 8.8 Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2026-9930 2026-05-28 MEDIUM 4.3 Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a…
CVE-2026-9923 2026-05-28 HIGH 8.8 Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2026-9911 2026-05-28 MEDIUM 4.3 Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium…
CVE-2026-9903 2026-05-28 MEDIUM 5.0 Insufficient validation of untrusted input in Site Isolation in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation…
CVE-2026-9051 2026-05-29 CRITICAL 9.1 There is an authentication bypass vulnerability in the NI SystemLink Enterprise Dashboard application that may allow an unauthenticated remote attacker to bypass authentication controls leading to privilege escalation…
CVE-2026-46344 2026-05-29 MEDIUM 5.3 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful…
CVE-2026-44611 2026-05-29 MEDIUM 5.4 Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
« Anterior Página 148 de 4504 Siguiente »