Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-24514 2026-02-03 MEDIUM 6.5 A security issue was discovered in ingress-nginx where the validating admission controller feature is subject to a denial of service condition. By sending large requests to the validating admission…
CVE-2026-24513 2026-02-03 LOW 3.1 A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the…
CVE-2026-24512 2026-02-03 HIGH 8.8 A security issue was discovered in ingress-nginx cthe `rules.http.paths.path` Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the…
CVE-2026-1812 2026-02-03 MEDIUM 6.3 A vulnerability has been found in bolo-blog bolo-solo up to 2.6.4. This impacts the function importFromCnblogs of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. The manipulation of…
CVE-2026-1755 2026-02-03 MEDIUM 6.4 The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_wp_attachment_image_alt’ post meta in all versions up to, and including, 0.13.20 due…
CVE-2026-1632 2026-02-03 CRITICAL 9.1 MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data…
CVE-2026-1580 2026-02-03 HIGH 8.8 A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-method` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the…
CVE-2025-36094 2026-02-03 MEDIUM 5.4 IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 could allow an…
CVE-2025-36033 2026-02-03 MEDIUM 5.4 IBM Engineering Lifecycle Management - Global Configuration Management 7.0.3 through 7.0.3 Interim Fix 017, and 7.1.0 through 7.1.0 Interim Fix 004 IBM Global Configuration Management is vulnerable to…
CVE-2025-33081 2026-02-03 MEDIUM 4.3 IBM Concert 1.0.0 through 2.1.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2020-37087 2026-02-03 N/A 0.0 Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path…
CVE-2020-37084 2026-02-03 N/A 0.0 School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks.…
CVE-2026-25510 2026-02-03 CRITICAL 9.9 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file…
CVE-2026-25509 2026-02-03 MEDIUM 5.3 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS…
CVE-2026-25224 2026-02-03 LOW 3.7 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.3, a denial-of-service vulnerability in Fastify’s Web Streams response handling can allow a remote…
CVE-2026-25223 2026-02-03 HIGH 7.5 Fastify is a fast and low overhead web framework, for Node.js. Prior to version 5.7.2, a validation bypass vulnerability exists in Fastify where request body validation schemas specified…
CVE-2026-25155 2026-02-03 MEDIUM 5.9 Qwik is a performance focused javascript framework. Prior to version 1.12.0, a typo in the regular expression within isContentType causes incorrect parsing of certain Content-Type headers. This issue…
CVE-2026-25151 2026-02-03 MEDIUM 5.9 Qwik is a performance focused javascript framework. Prior to version 1.19.0, Qwik City’s server-side request handler inconsistently interprets HTTP request headers, which can be abused by a remote…
CVE-2026-25150 2026-02-03 CRITICAL 9.3 Qwik is a performance focused javascript framework. Prior to version 1.19.0, a prototype pollution vulnerability exists in the formToObj() function within @builder.io/qwik-city middleware. The function processes form field…
CVE-2026-25149 2026-02-03 N/A 0.0 Qwik is a performance focused javascript framework. Prior to version 1.19.0, an Open Redirect vulnerability in Qwik City's default request handler middleware allows a remote attacker to redirect…
CVE-2026-25148 2026-02-03 N/A 0.0 Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject…
CVE-2026-1811 2026-02-03 MEDIUM 6.3 A flaw has been found in bolo-blog bolo-solo up to 2.6.4. This affects the function importFromMarkdown of the file src/main/java/org/b3log/solo/bolo/prop/BackupService.java of the component Filename Handler. Executing a manipulation…
CVE-2026-1341 2026-02-03 N/A 0.0 Avation Light Engine Pro exposes its configuration and control interface without any authentication or access control.
CVE-2020-37097 2026-02-03 HIGH 7.5 Edimax EW-7438RPn 1.13 contains an information disclosure vulnerability that exposes WiFi network configuration details through the wlencrypt_wiz.asp file. Attackers can access the script to retrieve sensitive information including…
CVE-2020-37096 2026-02-03 MEDIUM 5.3 Edimax EW-7438RPn 1.13 contains a cross-site request forgery vulnerability in the MAC filtering configuration interface. Attackers can craft malicious web pages to trick users into adding unauthorized MAC…
CVE-2020-37094 2026-02-03 CRITICAL 9.8 EspoCRM 5.8.5 contains an authentication vulnerability that allows attackers to access other user accounts by manipulating authorization headers. Attackers can decode and modify Basic Authorization and Espo-Authorization tokens…
CVE-2020-37093 2026-02-03 HIGH 7.5 Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the…
CVE-2020-37092 2026-02-03 HIGH 7.5 Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account…
CVE-2020-37091 2026-02-03 MEDIUM 5.3 Maian Support Helpdesk 4.3 contains a cross-site request forgery vulnerability that allows attackers to create administrative accounts without authentication. Attackers can craft malicious HTML forms to add admin…
CVE-2020-37090 2026-02-03 CRITICAL 9.8 School ERP Pro 1.0 contains a file upload vulnerability that allows students to upload arbitrary PHP files to the messaging system. Attackers can upload malicious PHP scripts through…
CVE-2020-37089 2026-02-03 HIGH 8.2 School ERP Pro 1.0 contains a SQL injection vulnerability in the 'es_messagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable…
CVE-2020-37088 2026-02-03 HIGH 7.5 School ERP Pro 1.0 contains a file disclosure vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the 'document' parameter in download.php. Attackers can access sensitive…
CVE-2020-37086 2026-02-03 MEDIUM 6.2 Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability…
CVE-2020-37085 2026-02-03 HIGH 7.5 VirtualTablet Server 3.0.2 contains a denial of service vulnerability that allows attackers to crash the service by sending oversized string payloads through the Thrift protocol. Attackers can exploit…
CVE-2020-37083 2026-02-03 HIGH 8.2 PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements…
CVE-2020-37082 2026-02-03 CRITICAL 9.8 webERP 4.15.1 contains an unauthenticated file access vulnerability that allows remote attackers to download database backup files without authentication. Attackers can directly access generated backup files in the…
CVE-2020-37081 2026-02-03 HIGH 7.1 Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters…
CVE-2020-37080 2026-02-03 CRITICAL 9.8 webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the…
CVE-2020-37078 2026-02-03 HIGH 8.8 i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers…
CVE-2020-37077 2026-02-03 MEDIUM 6.5 Booked Scheduler 2.7.7 contains a directory traversal vulnerability in the manage_email_templates.php script that allows authenticated administrators to access unauthorized files. Attackers can exploit the vulnerable 'tn' parameter to…
CVE-2020-37076 2026-02-03 HIGH 8.2 Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability…
CVE-2020-37075 2026-02-03 CRITICAL 9.8 LanSend 3.2 contains a buffer overflow vulnerability in the Add Computers Wizard file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious…
CVE-2020-37074 2026-02-03 CRITICAL 9.8 Remote Desktop Audit 2.3.0.157 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code during the Add Computers Wizard file import process. Attackers can craft a…
CVE-2020-37073 2026-02-03 HIGH 8.8 Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious…
CVE-2020-37072 2026-02-03 HIGH 7.2 Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows attackers to inject malicious scripts. Attackers can submit crafted JavaScript payloads through…
CVE-2020-37071 2026-02-03 CRITICAL 9.8 CraftCMS 3 vCard Plugin 1.0.0 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary PHP code through a crafted payload. Attackers can generate a malicious serialized…
CVE-2020-37070 2026-02-03 CRITICAL 9.8 CloudMe 1.11.2 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code through crafted network packets. Attackers can exploit the vulnerability by sending a specially…
CVE-2020-37069 2026-02-03 CRITICAL 9.8 Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of…
CVE-2020-37068 2026-02-03 CRITICAL 9.8 Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of…
CVE-2020-37067 2026-02-03 CRITICAL 9.8 Filetto 1.0 FTP server contains a denial of service vulnerability in the FEAT command processing that allows attackers to crash the service. Attackers can send an oversized FEAT…
« Anterior Página 16 de 3911 Siguiente »