Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-54843 2026-06-25 CRITICAL 9.3 Unauthenticated SQL Injection in MDTF
CVE-2026-54842 2026-06-25 HIGH 8.1 Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.
CVE-2026-54829 2026-06-25 HIGH 7.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects…
CVE-2026-55570 2026-06-24 CRITICAL 9.0 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the…
CVE-2026-54828 2026-06-25 HIGH 7.5 Unauthenticated Broken Access Control in Motors
CVE-2026-54069 2026-06-24 N/A 0.0 SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser…
CVE-2026-2815 2026-06-25 N/A 0.0 Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
CVE-2026-39955 2026-06-24 CRITICAL 9.8 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed…
CVE-2026-39938 2026-06-24 CRITICAL 9.8 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been…
CVE-2026-39893 2026-06-24 CRITICAL 9.8 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization.…
CVE-2026-13035 2026-06-24 HIGH 8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity:…
CVE-2026-13036 2026-06-24 HIGH 8.8 Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium…
CVE-2026-13037 2026-06-24 HIGH 7.8 Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML…
CVE-2026-13038 2026-06-24 HIGH 8.8 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security…
CVE-2026-39948 2026-06-24 CRITICAL 9.8 Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than…
CVE-2026-39951 2026-06-25 HIGH 7.6 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue…
CVE-2026-40079 2026-06-25 CRITICAL 9.8 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function.…
CVE-2026-39897 2026-06-24 MEDIUM 6.1 Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in…
CVE-2026-39899 2026-06-24 MEDIUM 5.3 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been…
CVE-2026-39900 2026-06-24 MEDIUM 6.1 Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This…
CVE-2026-56051 2026-06-25 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in TablePress
CVE-2026-56013 2026-06-25 MEDIUM 6.5 Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce
CVE-2026-54844 2026-06-25 HIGH 7.5 Unauthenticated Broken Access Control in CheckView Automated Testing
CVE-2026-54830 2026-06-25 HIGH 7.5 Unauthenticated Broken Access Control in Five Star Restaurant Reservations
CVE-2026-27366 2026-06-25 HIGH 7.5 Unauthenticated Broken Access Control in MainWP Child
CVE-2026-54699 2026-06-24 HIGH 7.7 Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL…
CVE-2026-54686 2026-06-24 MEDIUM 4.3 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepted certain state-mutating terminal lifecycle hooks from the PTY stream without verifying that the hooks were emitted…
CVE-2026-48732 2026-06-24 HIGH 8.8 Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working…
CVE-2026-48731 2026-06-24 HIGH 7.8 Warp is an agentic development environment. From 0.2024.02.20.08.01.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates…
CVE-2026-48725 2026-06-24 HIGH 8.1 Warp is an agentic development environment. From 0.2021.04.25.23.05.stable_00 until 0.2026.05.06.15.42.stable_01, Warp allows terminal output to request access to the local system clipboard. A malicious remote host, remote program,…
CVE-2026-48721 2026-06-24 HIGH 8.6 Warp is an agentic development environment. From 0.2025.10.08.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution permission-check bypass in the default unsandboxed CLI agent profile. The CLI profile is…
CVE-2026-48720 2026-06-24 HIGH 8.8 Warp is an agentic development environment. From 0.2025.03.05.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp accepts non-inline `OSC 1337;File` payloads from terminal output and materialize the decoded payload as a local file…
CVE-2026-48719 2026-06-24 HIGH 8.0 Warp is an agentic development environment. From 0.2025.08.06.08.12.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection in the prompt branch selector. A user who can publish a branch to…
CVE-2026-48704 2026-06-24 HIGH 8.8 Warp is an agentic development environment. From 0.2023.10.24.08.03.stable_00 until 0.2026.05.06.15.42.stable_01, Warp may open executable local files through the operating system default file handler. A malicious Markdown document or…
CVE-2026-48703 2026-06-24 HIGH 7.8 Warp is an agentic development environment. From 0.2025.04.09.08.11.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command execution policy bypass in Agent code search tools. The affected Grep and FileGlob actions…
CVE-2026-9787 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9786 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9785 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9784 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9783 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9782 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9781 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9780 2026-06-25 HIGH 8.8 Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required…
CVE-2026-7570 2026-06-25 HIGH 8.8 Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication…
CVE-2026-9779 2026-06-24 HIGH 7.2 ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication…
CVE-2026-9778 2026-06-24 HIGH 7.2 ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to…
CVE-2026-9777 2026-06-24 HIGH 7.2 ATEN Unizon restoreDB Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to…
CVE-2026-9776 2026-06-24 HIGH 7.5 ATEN Unizon writeFileToHttpServletResponse Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ATEN Unizon. Authentication is not required to…
CVE-2026-9775 2026-06-24 MEDIUM 5.5 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to…
CVE-2026-9774 2026-06-24 MEDIUM 5.5 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to…
« Anterior Página 16 de 4503 Siguiente »