Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-8179	2026-05-27	HIGH	8.8	IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer…
CVE-2026-8175	2026-05-27	CRITICAL	9.8	IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer…
CVE-2026-7876	2026-05-27	N/A	0.0	IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
CVE-2026-7528	2026-05-27	HIGH	7.1	IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
CVE-2026-7524	2026-05-27	CRITICAL	9.8	IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
CVE-2026-7365	2026-05-27	HIGH	8.4	IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process,…
CVE-2026-6938	2026-05-27	MEDIUM	6.5	IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVE-2026-6936	2026-05-27	MEDIUM	6.5	IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could…
CVE-2026-6053	2026-05-27	MEDIUM	5.5	IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
CVE-2026-6051	2026-05-27	MEDIUM	5.5	IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
CVE-2026-5516	2026-05-27	MEDIUM	4.4	IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting a…
CVE-2026-5515	2026-05-27	MEDIUM	5.5	IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-5065	2026-05-27	HIGH	8.8	IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to…
CVE-2026-3676	2026-05-27	MEDIUM	6.5	IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated…
CVE-2026-3623	2026-05-27	HIGH	7.8	IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker can…
CVE-2026-3366	2026-05-27	HIGH	7.5	IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4, 1.0.2.5, 1.0.2.6, 1.0.2.7 could allow a remote attacker to traverse directories on the system. An…
CVE-2026-2607	2026-05-27	MEDIUM	5.1	IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and…
CVE-2026-1718	2026-05-27	HIGH	7.1	IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
CVE-2025-3633	2026-05-27	MEDIUM	5.4	IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker…
CVE-2024-56462	2026-05-27	HIGH	7.2	IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain…
CVE-2024-40684	2026-05-27	MEDIUM	5.9	IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does…
CVE-2024-28765	2026-05-27	MEDIUM	5.3	IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message…
CVE-2026-40852	2026-05-27	HIGH	7.2	A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it…
CVE-2026-40851	2026-05-27	HIGH	8.4	A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in…
CVE-2026-40850	2026-05-27	HIGH	7.5	An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This…
CVE-2026-40849	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the user_alarmprofile view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40848	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the tag view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40847	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system_tag view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40846	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the system view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40845	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devices_configuration view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40844	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dashboard view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40843	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the alarming view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40842	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getWidgetTags function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40841	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectTags function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40840	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the VerifyCreateLicences function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40839	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getComponentScalings function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40838	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40837	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getProjectScalings function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40836	2026-05-27	HIGH	7.1	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command…
CVE-2026-40835	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the saveObjectFromData function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40834	2026-05-27	HIGH	7.1	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash_layout.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL…
CVE-2026-40833	2026-05-27	HIGH	7.1	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL…
CVE-2026-40832	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDevicegroups function due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40831	2026-05-27	MEDIUM	6.5	An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the Easy View due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40830	2026-05-27	MEDIUM	5.5	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL…
CVE-2026-40829	2026-05-27	MEDIUM	5.5	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL…
CVE-2026-40828	2026-05-27	MEDIUM	5.5	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the DeleteSysLogEntry function due to improper neutralization of special elements in a SQL DELETE command…
CVE-2026-40827	2026-05-27	MEDIUM	5.5	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _RemoveRequest function due to improper neutralization of special elements in a SQL DELETE command…
CVE-2026-40826	2026-05-27	MEDIUM	4.9	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dsgvo_contracts view due to improper neutralization of special elements in a SQL SELECT command.…
CVE-2026-40825	2026-05-27	MEDIUM	5.5	A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL…

« Anterior Página 167 de 4502 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte