Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-44988 2026-05-27 HIGH 8.8 LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter,…
CVE-2026-44972 2026-05-27 MEDIUM 5.0 GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable…
CVE-2026-44902 2026-05-27 HIGH 7.5 opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics endpoint (default…
CVE-2026-44839 2026-05-27 N/A 0.0 RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
CVE-2026-44838 2026-05-27 N/A 0.0 RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create…
CVE-2026-44830 2026-05-27 N/A 0.0 Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authentication for…
CVE-2026-44708 2026-05-26 MEDIUM 6.1 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the…
CVE-2026-44668 2026-05-26 CRITICAL 9.8 FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, AccessControlInterceptor, the authentication gate for all Struts2 actions, unconditionally calls invocation.invoke() without checking for a valid…
CVE-2026-42280 2026-05-27 HIGH 7.1 Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access…
CVE-2026-44444 2026-05-26 CRITICAL 9.1 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the Spindle extension build pipeline calls bun install without the --ignore-scripts flag before running the static backend safety…
CVE-2026-44450 2026-05-26 CRITICAL 9.9 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the…
CVE-2026-44449 2026-05-26 CRITICAL 9.1 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPath(fullPath) call throws, the method falls back to a dirname/basename split and only validates the…
CVE-2026-44443 2026-05-26 MEDIUM 4.8 Lumiverse is a full-featured AI chat application. Prior to 0.9.7, consumeNonce() only checks that the module-level variable is set and unexpired. It does not validate any value from…
CVE-2026-6268 2026-05-27 HIGH 7.1 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the eventpress_customizer_notify_dismiss_action AJAX handler before outputting it back in the response, allowing unauthenticated…
CVE-2026-9704 2026-05-27 MEDIUM 6.8 A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint.…
CVE-2026-9617 2026-05-27 MEDIUM 6.8 PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser…
CVE-2026-2340 2026-05-27 MEDIUM 6.5 A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period.…
CVE-2026-1933 2026-05-27 HIGH 7.1 A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with…
CVE-2026-9689 2026-05-27 MEDIUM 4.2 A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a…
CVE-2026-3012 2026-05-27 HIGH 8.0 A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and…
CVE-2026-2237 2026-05-27 MEDIUM 6.2 A use of get request method with sensitive query strings vulnerability in volume encryption of Synology Storage Manager package before 1.0.1-1100 allows local attackers to obtain sensitive information.
CVE-2025-66593 2026-05-27 MEDIUM 6.1 An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content during installation.
CVE-2025-66592 2026-05-27 MEDIUM 6.1 An origin validation error vulnerability in Synology Active Backup for Business Agent before 3.1.0-4967 allows local users to write arbitrary files with restricted content during installation.
CVE-2025-30028 2026-05-27 HIGH 8.6 A vulnerability in Active Backup for Business allows unauthorized remote attackers to read arbitrary files.
CVE-2025-14713 2026-05-27 HIGH 7.5 An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge…
CVE-2025-13593 2026-05-27 MEDIUM 6.1 Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content when installing.
CVE-2025-13392 2026-05-27 HIGH 8.1 Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote attackers to bypass…
CVE-2025-13167 2026-05-27 MEDIUM 5.4 Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in contact functionality in Synology Contacts before 1.0.10-20659 allows remote authenticated users to read or write specific…
CVE-2025-10466 2026-05-27 MEDIUM 5.9 Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Safe Access in Synology Safe Access before 1.3.1-0329 allows remote authenticated users with administrator privileges to…
CVE-2024-47272 2026-05-27 LOW 2.7 Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified…
CVE-2024-47271 2026-05-27 MEDIUM 4.9 Insufficiently protected credentials vulnerability in IPSpeaker component in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified…
CVE-2024-47270 2026-05-27 LOW 2.7 Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write…
CVE-2024-47269 2026-05-27 MEDIUM 4.9 Cleartext transmission of sensitive information vulnerability in Export Key functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive…
CVE-2024-47268 2026-05-27 MEDIUM 4.9 Missing authorization vulnerability in AddOns functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to obtain sensitive information via unspecified vectors.
CVE-2024-47267 2026-05-27 LOW 2.7 Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Archiving Pull functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users…
CVE-2024-11399 2026-05-27 MEDIUM 6.8 Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors.
CVE-2023-52945 2026-05-27 HIGH 7.8 Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors.
CVE-2026-41704 2026-05-27 MEDIUM 5.0 AgentClient#handle_method (lines 264-303) processes every NATS reply. It calls inject_compile_log (line 273) on every response, which reads response['value']['result']['compile_log_id'] (line 332-338) and passes it to download_and_delete_blob. Separately, any response…
CVE-2026-41009 2026-05-27 MEDIUM 5.8 When the director sends a long-running request (e.g. compile_package), the agent's reply JSON is consumed by AgentClient. inject_compile_log (line 332-339) reads response['value']['result']['compile_log_id'] and format_exception (line 318-325) reads exception['blobstore_id'];…
CVE-2026-9207 2026-05-27 HIGH 8.8 Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-9156 2026-05-27 MEDIUM 6.5 Tanium addressed a denial of service vulnerability in Tanium Server.
CVE-2026-5260 2026-05-26 HIGH 8.2 A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key…
CVE-2026-42015 2026-05-26 MEDIUM 5.3 A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal…
CVE-2026-42013 2026-05-26 HIGH 8.2 A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common…
CVE-2026-42012 2026-05-26 HIGH 7.1 A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV)…
CVE-2026-9642 2026-05-26 CRITICAL 9.8 There is a mitigation bypass / (incomplete fix) for CVE-2025-62582 (Unauthenticated Remote Database Access) An unauthenticated remote attacker can access configured databases in a DIAView project.
CVE-2026-8676 2026-05-26 HIGH 8.8 An attacker is able to downgrade the security of a Bluetooth LE connection by deleting an existing bond, spoofing the bonded device and creating a new bond.
CVE-2026-9035 2026-05-27 MEDIUM 6.5 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer…
CVE-2026-8405 2026-05-27 MEDIUM 6.5 IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
CVE-2026-8180 2026-05-27 HIGH 7.5 IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer…
« Anterior Página 166 de 4502 Siguiente »