Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-4460 2026-03-20 HIGH 8.8 Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…
CVE-2026-4462 2026-03-20 HIGH 8.8 Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…
CVE-2026-4463 2026-03-20 HIGH 8.8 Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2026-4464 2026-03-20 HIGH 8.8 Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-25744 2026-03-19 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the encounter vitals API accepts an `id` in the request…
CVE-2026-25928 2026-03-19 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the DICOM zip/export feature uses a user-supplied destination or path…
CVE-2026-4491 2026-03-20 HIGH 8.8 A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based…
CVE-2026-4490 2026-03-20 HIGH 8.8 A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation…
CVE-2026-29828 2026-03-20 N/A 0.0 DooTask v1.6.27 has a Cross-Site Scripting (XSS) vulnerability in the /manage/project/ page via the input field projectDesc.
CVE-2026-22902 2026-03-20 N/A 0.0 A command injection vulnerability has been reported to affect QuNetSwitch. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands.…
CVE-2026-22901 2026-03-20 N/A 0.0 A command injection vulnerability has been reported to affect QuNetSwitch. If a remote attacker gains a user account, they can then exploit the vulnerability to execute arbitrary commands.…
CVE-2026-22900 2026-03-20 N/A 0.0 A use of hard-coded credentials vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed…
CVE-2026-22898 2026-03-20 N/A 0.0 A missing authentication for critical function vulnerability has been reported to affect QVR Pro. The remote attackers can then exploit the vulnerability to gain access to the system.…
CVE-2026-22897 2026-03-20 N/A 0.0 A command injection vulnerability has been reported to affect QuNetSwitch. The remote attackers can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability…
CVE-2026-22895 2026-03-20 N/A 0.0 A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass…
CVE-2025-62846 2026-03-20 N/A 0.0 An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code…
CVE-2025-62845 2026-03-20 N/A 0.0 An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit…
CVE-2025-62844 2026-03-20 N/A 0.0 A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We…
CVE-2025-62843 2026-03-20 N/A 0.0 An improper restriction of communication channel to intended endpoints vulnerability has been reported to affect QHora. If an attacker gains physical access, they can then exploit the vulnerability…
CVE-2025-59383 2026-03-20 N/A 0.0 A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have…
CVE-2025-15608 2026-03-20 N/A 0.0 This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the…
CVE-2025-15607 2026-03-20 N/A 0.0 A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file…
CVE-2026-32119 2026-03-19 MEDIUM 4.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin (`library/js/SearchHighlight.js`) allows…
CVE-2026-32238 2026-03-19 CRITICAL 9.1 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 contain a Command injection vulnerability in the backup functionality…
CVE-2026-33299 2026-03-19 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill…
CVE-2026-33301 2026-03-19 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill…
CVE-2026-4489 2026-03-20 HIGH 8.8 A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack…
CVE-2026-4488 2026-03-20 HIGH 8.8 A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to…
CVE-2025-67260 2026-03-20 N/A 0.0 The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code.…
CVE-2025-46597 2026-03-20 N/A 0.0 Bitcoin Core 0.13.0 through 29.x has an integer overflow.
CVE-2026-33302 2026-03-19 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function `AclMain::zhAclCheck()` only checks for the presence…
CVE-2026-4487 2026-03-20 HIGH 8.8 A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible…
CVE-2026-33312 2026-03-20 N/A 0.0 Vikunja is an open-source self-hosted task management platform. Starting in version 0.20.2 and prior to version 2.2.0, the `DELETE /api/v1/projects/:project/background` endpoint checks `CanRead` permission instead of `CanUpdate`, allowing…
CVE-2026-32891 2026-03-20 CRITICAL 9.0 Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contain a…
CVE-2026-32880 2026-03-20 MEDIUM 6.4 ChurchCRM is an open-source church management system. Versions prior to 7.0.2 allow an admin user to edit JSON type system settings to store a JavaScript payload that can…
CVE-2026-32813 2026-03-20 HIGH 8.0 Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated…
CVE-2026-32767 2026-03-20 CRITICAL 9.8 SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2,…
CVE-2026-29794 2026-03-20 MEDIUM 5.3 Vikunja is an open-source self-hosted task management platform. Starting in version 0.8 and prior to version 2.2.0, unauthenticated users are able to bypass the application's built-in rate-limits by…
CVE-2026-22737 2026-03-20 MEDIUM 5.9 Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the…
CVE-2026-22172 2026-03-20 CRITICAL 9.9 OpenClaw versions prior to 2026.3.12 contain an authorization bypass vulnerability in the WebSocket connect path that allows shared-token or password-authenticated connections to self-declare elevated scopes without server-side binding.…
CVE-2025-46598 2026-03-20 N/A 0.0 Bitcoin Core through 29.0 allows a denial of service via a crafted transaction.
CVE-2026-22735 2026-03-20 LOW 2.6 Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from…
CVE-2026-22732 2026-03-19 CRITICAL 9.1 When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring…
CVE-2026-33303 2026-03-19 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.2 are vulnerable to stored cross-site scripting (XSS) via unescaped…
CVE-2026-33304 2026-03-19 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the dated reminders log allows any…
CVE-2026-33305 2026-03-19 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, an authorization bypass in the optional FaxSMS module (`oe-module-faxsms`) allows…
CVE-2026-33321 2026-03-19 HIGH 7.6 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the `Notes - my encounters` role can fill…
CVE-2026-4486 2026-03-20 HIGH 8.8 A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime…
CVE-2026-4485 2026-03-20 MEDIUM 6.3 A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/search_student.php. The manipulation of the argument Search…
CVE-2026-33372 2026-03-20 N/A 0.0 An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens.…
« Anterior Página 154 de 4211 Siguiente »