Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-48684 2026-05-26 MEDIUM 6.5 FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.cpp), the scope parsing loop (lines 224-229) iterates until scopes_offset…
CVE-2026-48685 2026-05-26 MEDIUM 6.5 FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_bgp_attribute() function correctly…
CVE-2026-48686 2026-05-26 CRITICAL 9.8 FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() in src/bgp_protocol.cpp reads prefix_bit_length directly from…
CVE-2026-9170 2026-05-26 HIGH 7.5 IBM HTTP Server 8.5, and 9.0
CVE-2026-49014 2026-05-27 HIGH 7.4 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer…
CVE-2026-44983 2026-05-26 HIGH 7.3 smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an…
CVE-2026-44905 2026-05-26 HIGH 7.5 Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When…
CVE-2026-44899 2026-05-26 MEDIUM 4.7 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as…
CVE-2026-44895 2026-05-26 N/A 0.0 GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a…
CVE-2026-44788 2026-05-26 MEDIUM 5.9 SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious…
CVE-2026-44844 2026-05-26 N/A 0.0 eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurses…
CVE-2026-44836 2026-05-26 MEDIUM 6.5 view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from…
CVE-2026-44214 2026-05-26 MEDIUM 5.8 eventsource-encoder encodes events as well-formed EventSource/Server Sent Event (SSE) messages. Prior to 1.0.2, eventsource-encoder does not sanitize the event or id fields of an EventSourceMessage before serializing them.…
CVE-2026-3603 2026-05-26 HIGH 7.1 IBM Engineering Lifecycle Management 7.0.3 Interim Fix 001 through  Interim Fix 021, 7.1.0  Interim Fix 001 through  Interim Fix 009, and 7.2.0 and 7.2.0 Interim Fix 001 is…
CVE-2026-36045 2026-05-27 N/A 0.0 picoclaw
CVE-2026-36044 2026-05-27 HIGH 8.8 @pensar/apex
CVE-2026-48687 2026-05-26 CRITICAL 9.8 FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The _log() function in src/juniper_plugin/fastnetmon_juniper.php (lines 117-118) constructs shell commands by…
CVE-2026-44314 2026-05-26 MEDIUM 4.3 Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.Permission(User.class, getUserId(), Device.class) and then immediately streams the uploaded body…
CVE-2025-13755 2026-05-26 MEDIUM 5.5 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be…
CVE-2026-24212 2026-05-26 HIGH 7.5 NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation…
CVE-2026-25900 2026-05-26 MEDIUM 6.1 Lack of output escaping leads to a XSS vector in the feed modules.
CVE-2026-25901 2026-05-26 MEDIUM 6.1 Lack of output escaping leads to a XSS vector in the multilingual associations component.
CVE-2026-30894 2026-05-26 MEDIUM 6.1 Lack of output escaping leads to a XSS vector in the content history component.
CVE-2026-30895 2026-05-26 MEDIUM 6.1 Lack of output escaping leads to a XSS vector in the readmore links for com_content.
CVE-2026-35220 2026-05-26 MEDIUM 4.3 Lack of CSRF token validation lead to a CSRF attack vector in the admin activation endpoint of com_users.
CVE-2026-35221 2026-05-26 CRITICAL 9.8 Improperly built filter clauses lead to a SQL injection vulnerability in the search query for com_finder.
CVE-2026-35222 2026-05-26 CRITICAL 9.8 Improperly validated order clauses lead to a SQL injection vulnerability in com_tags.
CVE-2026-40383 2026-05-26 CRITICAL 9.8 An improper validation of user-supplied input leads to a local file inclusion vulnerability.
CVE-2026-48906 2026-05-27 N/A 0.0 The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
CVE-2026-7374 2026-05-26 CRITICAL 9.9 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when…
CVE-2026-48689 2026-05-26 CRITICAL 9.8 FastNetMon Community Edition through 1.2.9 contains an off-by-one heap-based buffer overflow in the dynamic_binary_buffer_t class (src/dynamic_binary_buffer.hpp). Five methods (append_dynamic_buffer, append_data_as_pointer, append_data_as_object_ptr, memcpy_from_ptr, memcpy_from_object_ptr) use an incorrect bounds check…
CVE-2026-9312 2026-05-27 N/A 0.0 A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insufficient input…
CVE-2026-8606 2026-05-27 N/A 0.0 A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via…
CVE-2026-8680 2026-05-26 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-48710 2026-05-26 MEDIUM 6.5 Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm…
CVE-2026-44985 2026-05-26 N/A 0.0 Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return…
CVE-2026-44966 2026-05-26 HIGH 8.3 Velocity.js is a JavaScript implementation of the Apache Velocity template engine. In 2.1.5 and earlier, a prototype pollution vulnerability was discovered in velocityjs. This issue occurs during the…
CVE-2026-44903 2026-05-26 N/A 0.0 Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line…
CVE-2026-48692 2026-05-26 HIGH 8.1 FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is initialized with grpc::InsecureServerCredentials() (src/fastnetmon.cpp line 477) and a…
CVE-2026-48688 2026-05-26 HIGH 7.5 FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The function decode_mp_reach_ipv6() in src/bgp_protocol.cpp contains a TODO comment at line 156…
CVE-2026-48683 2026-05-26 MEDIUM 6.5 FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template branch (lines 1695-1702) iterates over flow…
CVE-2026-48593 2026-05-26 N/A 0.0 Uncontrolled Resource Consumption vulnerability in oban-bg oban_web ('Elixir.Oban.Web.CronExpr' modules) allows memory exhaustion via unbounded cron range expansion. An attacker with access to schedule cron jobs can submit a…
CVE-2026-48592 2026-05-26 N/A 0.0 Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban.Web.Jobs.DetailComponent' modules) allows unauthorized job worker substitution. The handle_event("save-job", ...) handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does not perform an authorization check, unlike the sibling…
CVE-2026-47672 2026-05-26 MEDIUM 6.5 epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's…
CVE-2026-45575 2026-05-26 HIGH 7.4 epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client…
CVE-2026-45413 2026-05-26 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated…
CVE-2026-45412 2026-05-26 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetched server-side without…
CVE-2026-44898 2026-05-26 MEDIUM 6.1 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a table-of-contents tree from a list of (level, id, text) tuples. Both the…
CVE-2026-44897 2026-05-26 MEDIUM 6.1 Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening tag by string-concatenating the id attribute value directly into the HTML…
CVE-2026-44896 2026-05-26 N/A 0.0 Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes…
« Anterior Página 176 de 4502 Siguiente »