Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57543 2026-03-16 MEDIUM 6.1 Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when…
CVE-2026-4243 2026-03-16 LOW 2.5 A weakness has been identified in La Nacion App 10.2.25 on Android. This impacts an unknown function of the file source/app/lanacion/clublanacion/BuildConfig.java of the component app.lanacion.activity. Executing a manipulation…
CVE-2026-4242 2026-03-16 LOW 2.5 A security flaw has been discovered in BabyChakra Pregnancy & Parenting App up to 5.4.3.0 on Android. This affects an unknown function of the file file app/babychakra/babychakra/Configuration.java of the…
CVE-2026-2455 2026-03-16 MEDIUM 4.3 Mattermost versions 11.3.x
CVE-2026-25369 2026-03-16 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Flexmls Flexmls® IDX allows Reflected XSS.This issue affects Flexmls® IDX: from n/a through 3.15.9.
CVE-2026-24692 2026-03-16 MEDIUM 4.3 Mattermost versions 11.3.x
CVE-2026-22545 2026-03-16 LOW 3.1 Mattermost versions 10.11.x
CVE-2026-21386 2026-03-16 MEDIUM 4.3 Mattermost versions 11.3.x
CVE-2025-52649 2026-03-16 LOW 1.8 HCL AION is affected by a vulnerability where certain identifiers may be predictable in nature. Predictable identifiers may allow an attacker to infer or guess system-generated values, potentially…
CVE-2025-52646 2026-03-16 LOW 2.2 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose…
CVE-2025-52645 2026-03-16 LOW 1.9 HCL AION is affected by a vulnerability where model packaging and distribution mechanisms may not include sufficient authenticity verification. This may allow the possibility of unverified or modified…
CVE-2025-52644 2026-03-16 MEDIUM 5.8 HCL AION is affected by a vulnerability where certain user actions are not adequately audited or logged. The absence of proper auditing mechanisms may reduce traceability of user…
CVE-2025-52643 2026-03-16 MEDIUM 4.7 HCL AION is affected by a vulnerability where untrusted file parsing operations are not executed within a properly isolated sandbox environment. This may expose the application to potential…
CVE-2025-52642 2026-03-16 LOW 3.3 HCL AION is affected by a vulnerability where internal filesystem paths may be exposed through application responses or system behaviour. Exposure of internal paths may reveal environment structure…
CVE-2025-52636 2026-03-16 LOW 1.8 HCL AION is affected by a vulnerability related to the handling of upload size limits. Improper control or validation of upload sizes may allow excessive resource consumption, which…
CVE-2025-2274 2026-03-16 N/A 0.0 Improper Neutralization of Input During Web Page Generation in Forcepoint Web Security (On-Prem) on Windows allows Stored XSS.This issue affects Web Security through 8.5.6.
CVE-2025-52638 2026-03-16 MEDIUM 5.6 HCL AION is affected by a vulnerability where generated containers may execute binaries with root-level privileges. Running containers with root privileges may increase the potential security risk, as…
CVE-2026-32617 2026-03-16 HIGH 7.1 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where…
CVE-2026-32626 2026-03-16 CRITICAL 9.6 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a…
CVE-2026-32628 2026-03-16 HIGH 8.8 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability…
CVE-2026-32717 2026-03-16 LOW 2.7 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM…
CVE-2026-32719 2026-03-16 MEDIUM 4.2 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in…
CVE-2026-4179 2026-03-16 MEDIUM 6.1 Issues in stm32 USB device driver (drivers/usb/device/usb_dc_stm32.c) can lead to an infinite while loop.
CVE-2026-32706 2026-03-16 HIGH 7.1 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsf_rc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte…
CVE-2026-32705 2026-03-16 MEDIUM 6.8 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious…
CVE-2026-32707 2026-03-16 MEDIUM 5.2 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, tattu_can contains an unbounded memcpy in its multi-frame assembly loop, allowing stack memory overwrite when crafted…
CVE-2026-32708 2026-03-16 HIGH 7.8 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the Zenoh uORB subscriber allocates a stack VLA directly from the incoming payload length without bounds.…
CVE-2026-32715 2026-03-16 LOW 3.8 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences…
CVE-2025-69236 2026-03-16 MEDIUM 5.4 Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website,…
CVE-2025-69237 2026-03-16 MEDIUM 5.4 Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website,…
CVE-2025-69238 2026-03-16 MEDIUM 4.3 Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request…
CVE-2025-69239 2026-03-16 LOW 2.7 Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side…
CVE-2025-69240 2026-03-16 HIGH 8.8 Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send…
CVE-2025-69241 2026-03-16 MEDIUM 5.4 Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authenticated attacker can inject arbitrary HTML and JS into website, which will be rendered/executed…
CVE-2025-69242 2026-03-16 MEDIUM 6.1 Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which, when opened by authenticated victim, results in arbitrary JavaScript execution…
CVE-2025-69243 2026-03-16 MEDIUM 5.3 Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling…
CVE-2025-69245 2026-03-16 MEDIUM 6.1 Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in…
CVE-2025-69246 2026-03-16 CRITICAL 9.8 Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.…
CVE-2026-32709 2026-03-16 MEDIUM 5.4 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, An unauthenticated path traversal vulnerability in the PX4 Autopilot MAVLink FTP implementation allows any MAVLink peer…
CVE-2026-32713 2026-03-16 MEDIUM 4.3 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, A logic error in the PX4 Autopilot MAVLink FTP session validation uses incorrect boolean logic (&&…
CVE-2026-32724 2026-03-16 MEDIUM 5.3 PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available() function. The issue is caused by a race condition…
CVE-2026-32772 2026-03-16 LOW 3.4 telnet in GNU inetutils through 2.7 allows servers to read arbitrary environment variables from clients via NEW_ENVIRON SEND USERVAR.
CVE-2026-32702 2026-03-16 N/A 0.0 Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. From 2.7.0 to 2.8.0, the /api/auth/login…
CVE-2026-32630 2026-03-16 MEDIUM 5.3 file-type detects the file type of a file, stream, or data. From 20.0.0 to 21.3.1, a crafted ZIP file can trigger excessive memory growth during type detection in…
CVE-2026-32704 2026-03-16 MEDIUM 6.5 SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database…
CVE-2025-54758 2026-03-16 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any…
CVE-2025-53815 2026-03-16 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any…
CVE-2025-53517 2026-03-16 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any…
CVE-2026-4219 2026-03-16 LOW 3.3 A flaw has been found in INDEX Conferences & Exhibitions Organization YWF BPOF APGCS App up to 1.0.2 on Android. Affected by this vulnerability is an unknown functionality…
CVE-2026-3476 2026-03-16 HIGH 7.8 A Code Injection vulnerability affecting SOLIDWORKS Desktop from Release 2025 through Release 2026 could allow an attacker to execute arbitrary code on the user's machine while opening a…
« Anterior Página 173 de 4215 Siguiente »