Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-23263 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage…
CVE-2026-23262 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: gve: Fix stats report corruption on queue count change The driver and the NIC share a region in…
CVE-2026-23260 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on mas_store_gfp() failure regcache_maple_write() allocates a new block ('entry') to merge adjacent ranges and…
CVE-2026-23259 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has…
CVE-2026-23258 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_mq(). However, the…
CVE-2026-23257 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label…
CVE-2026-23256 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to the label…
CVE-2026-23255 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a…
CVE-2026-23254 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the…
CVE-2026-23253 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader opens the…
CVE-2026-23252 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory…
CVE-2026-23251 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if…
CVE-2026-23250 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk_scrub_create_subord Fix this function to return NULL instead of a mangled ENOMEM, then…
CVE-2026-23249 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will…
CVE-2025-71269 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not free data reservation in fallback from inline due to -ENOSPC If we fail to create…
CVE-2025-71268 2026-03-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a…
CVE-2026-32610 2026-03-18 HIGH 8.1 Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, the Glances REST API web server ships with a default CORS configuration that sets `allow_origins=["*"]` combined…
CVE-2026-30695 2026-03-18 N/A 0.0 A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+.…
CVE-2026-30345 2026-03-18 N/A 0.0 A zip slip vulnerability in the Admin import functionality of CTFd v3.8.1-18-gdb5a18c4 allows attackers to write arbitrary files outside the intended directories via supplying a crafted import.
CVE-2026-1463 2026-03-18 HIGH 8.8 The Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.3 via…
CVE-2025-67830 2026-03-18 N/A 0.0 Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection.
CVE-2026-3090 2026-03-18 HIGH 7.2 The Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting…
CVE-2026-33004 2026-03-18 N/A 0.0 Jenkins LoadNinja Plugin 2.1 and earlier does not mask LoadNinja API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2026-33003 2026-03-18 MEDIUM 4.3 Jenkins LoadNinja Plugin 2.1 and earlier stores LoadNinja API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended…
CVE-2026-33002 2026-03-18 N/A 0.0 Jenkins 2.442 through 2.554 (both inclusive), LTS 2.426.3 through LTS 2.541.2 (both inclusive) performs origin validation of requests made through the CLI WebSocket endpoint by computing the expected…
CVE-2026-2992 2026-03-18 HIGH 8.2 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in…
CVE-2026-2991 2026-03-18 CRITICAL 9.8 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due…
CVE-2026-2559 2026-03-18 MEDIUM 5.3 The Post SMTP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `handle_office365_oauth_redirect()` function in all versions up to,…
CVE-2026-2512 2026-03-18 MEDIUM 6.4 The Code Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom field meta values in all versions up to, and including, 2.5.1. This is due…
CVE-2026-24063 2026-03-18 HIGH 8.2 When a plugin is installed using the Arturia Software Center (MacOS), it also installs an uninstall.sh bash script in a root owned path. This script is written to…
CVE-2026-24062 2026-03-18 HIGH 7.8 The "Privileged Helper" component of the Arturia Software Center (MacOS) does not perform sufficient client code signature validation when a client connects. This leads to an attacker being able…
CVE-2025-67829 2026-03-18 N/A 0.0 Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection.
CVE-2025-55046 2026-03-18 N/A 0.0 MuraCMS through 10.1.10 contains a CSRF vulnerability that allows attackers to permanently destroy all deleted content stored in the trash system through a simple CSRF attack. The vulnerable…
CVE-2025-55045 2026-03-18 N/A 0.0 The update address CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to manipulate user address information through CSRF. The vulnerable cUsers.updateAddress function lacks CSRF token validation, enabling malicious…
CVE-2025-55044 2026-03-18 N/A 0.0 The Trash Restore CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to restore deleted content from the trash to unauthorized locations through CSRF. The vulnerable cTrash.restore function lacks…
CVE-2025-55040 2026-03-18 HIGH 8.8 The import form CSRF vulnerability in MuraCMS through 10.1.10 allows attackers to upload and install malicious form definitions through a CSRF attack. The vulnerable cForm.importform function lacks CSRF…
CVE-2026-3181 2026-03-18 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-0866 2026-03-18 N/A 0.0 Rejected reason: After the publication of the PoC by the researcher and further analysis, we have determined that this issue does not constitute a valid vulnerability. The technique…
CVE-2026-22217 2026-03-18 MEDIUM 5.3 OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the…
CVE-2026-20643 2026-03-17 MEDIUM 5.4 A cross-origin issue in the Navigation API was addressed with improved input validation. This issue is fixed in Background Security Improvements for iOS 26.3.1, iPadOS 26.3.1, macOS 26.3.1,…
CVE-2026-27977 2026-03-18 MEDIUM 5.4 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, in `next dev`, cross-site protection for internal websocket endpoints…
CVE-2026-27522 2026-03-18 MEDIUM 6.5 OpenClaw versions prior to 2026.2.24 contain a local media root bypass vulnerability in sendAttachment and setGroupIcon message actions when sandboxRoot is unset. Attackers can hydrate media from local…
CVE-2026-27978 2026-03-18 MEDIUM 4.3 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, `origin: null` was treated as a "missing" origin during…
CVE-2026-27523 2026-03-18 MEDIUM 6.1 OpenClaw versions prior to 2026.2.24 contain a sandbox bind validation vulnerability allowing attackers to bypass allowed-root and blocked-path checks via symlinked parent directories with non-existent leaf paths. Attackers…
CVE-2026-27979 2026-03-18 HIGH 7.5 Next.js is a React framework for building full-stack web applications. Starting in version 16.0.1 and prior to version 16.1.7, a request containing the `next-resume: 1` header (corresponding with…
CVE-2026-27980 2026-03-18 HIGH 7.5 Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache (`/_next/image`) did…
CVE-2026-27524 2026-03-18 LOW 3.1 OpenClaw versions prior to 2026.2.21 accept prototype-reserved keys in runtime /debug set override object values, allowing prototype pollution attacks. Authorized /debug set callers can inject __proto__, constructor, or…
CVE-2026-27545 2026-03-18 MEDIUM 6.1 OpenClaw versions prior to 2026.2.26 contain an approval bypass vulnerability in system.run execution that allows attackers to execute commands from unintended filesystem locations by rebinding writable parent symlinks…
CVE-2026-29057 2026-03-18 MEDIUM 6.5 Next.js is a React framework for building full-stack web applications. Starting in version 9.5.0 and prior to versions 15.5.13 and 16.1.7, when Next.js rewrites proxy traffic to an…
CVE-2026-28499 2026-03-18 MEDIUM 6.1 LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`.…
« Anterior Página 166 de 4214 Siguiente »