Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33386 2026-05-29 N/A 0.0 QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the opensolution.org server and…
CVE-2026-33384 2026-05-29 N/A 0.0 QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to…
CVE-2026-10069 2026-05-29 HIGH 7.5 A vulnerability has been found in Shibby Tomato 1.28. The impacted element is an unknown function of the file usr/sbin/miniupnpd. Such manipulation leads to resource consumption. The attack…
CVE-2026-10067 2026-05-29 HIGH 8.8 A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be…
CVE-2026-10066 2026-05-29 HIGH 8.8 A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The…
CVE-2018-25397 2026-05-29 MEDIUM 5.3 PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting…
CVE-2018-25395 2026-05-29 HIGH 8.2 Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of boards_buttons/update_feature.php. The…
CVE-2018-25394 2026-05-29 HIGH 8.2 Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of boards_buttons/update_release.php. The…
CVE-2018-25393 2026-05-29 MEDIUM 6.5 Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send…
CVE-2018-25392 2026-05-29 HIGH 7.1 MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity…
CVE-2018-25391 2026-05-29 HIGH 7.5 HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target…
CVE-2018-25390 2026-05-29 HIGH 8.2 HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to lap-peserta-perdesa-pdf.php.…
CVE-2018-25389 2026-05-29 HIGH 8.2 HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to lap-anggota-kelompok-pdf.php.…
CVE-2018-25388 2026-05-29 HIGH 8.8 HaPe PKH 1.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by bypassing file type validation. Attackers can upload PHP files through…
CVE-2018-25387 2026-05-29 MEDIUM 5.3 HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft…
CVE-2018-25386 2026-05-29 HIGH 8.2 HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker…
CVE-2018-25385 2026-05-29 HIGH 8.2 E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai parameter. Attackers can…
CVE-2018-25384 2026-05-29 MEDIUM 5.4 Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can post comments containing…
CVE-2018-25383 2026-05-29 HIGH 8.4 Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation.…
CVE-2018-25382 2026-05-29 HIGH 8.2 Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests…
CVE-2026-10042 2026-05-29 CRITICAL 9.8 manga-image-translator contains a remote code execution vulnerability in the shared API server mode due to unsafe deserialization of untrusted pickle data in the share.py module, where the /execute/{method_name}…
CVE-2026-48527 2026-05-29 HIGH 8.7 HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the…
CVE-2026-45551 2026-05-29 N/A 0.0 Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user_id…
CVE-2026-9947 2026-05-28 HIGH 8.8 Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium…
CVE-2026-9949 2026-05-28 HIGH 8.3 Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9951 2026-05-28 HIGH 8.3 Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…
CVE-2026-9952 2026-05-28 HIGH 8.8 Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium…
CVE-2026-41159 2026-05-29 N/A 0.0 Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that…
CVE-2026-44698 2026-05-29 HIGH 8.3 Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion…
CVE-2026-9956 2026-05-28 HIGH 7.5 Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2026-32847 2026-05-28 HIGH 7.5 DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in new_ui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path…
CVE-2026-42998 2026-05-28 MEDIUM 6.0 An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that the user supplied in the authentication request matches the…
CVE-2026-9957 2026-05-28 HIGH 8.8 Use after free in PDF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium…
CVE-2026-9960 2026-05-28 HIGH 7.5 Integer overflow in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via…
CVE-2026-9962 2026-05-28 HIGH 8.8 Use after free in WebRTC in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium…
CVE-2026-9982 2026-05-28 HIGH 8.3 Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9977 2026-05-28 HIGH 8.3 Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform…
CVE-2026-9974 2026-05-28 HIGH 8.3 Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9972 2026-05-28 HIGH 8.3 Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9967 2026-05-28 CRITICAL 9.6 Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium…
CVE-2026-9948 2026-05-28 HIGH 8.3 Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9932 2026-05-28 HIGH 8.3 Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9924 2026-05-28 HIGH 8.3 Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9918 2026-05-28 CRITICAL 9.6 Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2026-9916 2026-05-28 HIGH 8.3 Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9915 2026-05-28 HIGH 8.3 Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
CVE-2026-9914 2026-05-28 HIGH 8.3 Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9906 2026-05-28 HIGH 8.3 Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
CVE-2026-9905 2026-05-28 HIGH 8.3 Use after free in Accessibility in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9904 2026-05-28 HIGH 8.3 Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…
« Anterior Página 151 de 4504 Siguiente »