Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-44847 2026-05-26 HIGH 7.5 MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth class unconditionally returns (None, {}), which…
CVE-2026-44843 2026-05-26 HIGH 8.2 LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or…
CVE-2026-44837 2026-05-26 MEDIUM 5.9 view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file…
CVE-2026-44209 2026-05-26 HIGH 7.5 Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings…
CVE-2026-42337 2026-05-26 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API…
CVE-2026-42336 2026-05-26 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch…
CVE-2026-42335 2026-05-26 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file…
CVE-2025-68711 2026-05-26 N/A 0.0 AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an…
CVE-2026-3660 2026-05-26 CRITICAL 9.8 IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to…
CVE-2026-38587 2026-05-26 MEDIUM 4.3 An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-level…
CVE-2025-68708 2026-05-26 N/A 0.0 SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than…
CVE-2026-48898 2026-05-26 CRITICAL 9.8 An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48899 2026-05-26 CRITICAL 9.8 An improper access check allows privilege escalation through the com_users batch task.
CVE-2026-48900 2026-05-26 MEDIUM 4.3 An improper access check allowed low privileged users to edit the task types of existing scheduler tasks.
CVE-2026-48903 2026-05-26 MEDIUM 6.1 Inadequate content filtering within the checkAttribute methods leads to XSS vulnerabilities in various components.
CVE-2026-48904 2026-05-26 CRITICAL 9.8 An improper access check allows privelege escalation through the com_users group editing webservice endpoint.
CVE-2026-48905 2026-05-26 MEDIUM 6.1 Lack of input filtering leads to an XSS vector in the HTML filter code.
CVE-2026-8850 2026-05-26 HIGH 7.5 IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
CVE-2026-8852 2026-05-26 MEDIUM 6.2 IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
CVE-2026-7450 2026-05-26 MEDIUM 5.3 A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to…
CVE-2026-7451 2026-05-26 HIGH 7.8 A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash,…
CVE-2026-7452 2026-05-26 HIGH 7.8 A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code…
CVE-2026-7453 2026-05-26 MEDIUM 5.3 A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition.
CVE-2026-7454 2026-05-26 HIGH 7.8 A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code…
CVE-2026-44831 2026-05-26 MEDIUM 4.8 Snipe-IT is an IT asset/license management system. Prior to 8.4.1, users with component view access could be impacted by an unescaped notes column, resulting in cross-site scripting (XSS).…
CVE-2026-44832 2026-05-26 HIGH 8.8 Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH…
CVE-2026-44833 2026-05-26 MEDIUM 5.9 Snipe-IT is an IT asset/license management system. Prior to 8.4.1, an open redirect vulnerability in Snipe-IT allows attackers to redirect users to malicious sites via unvalidated HTTP Referer…
CVE-2026-8834 2026-05-26 HIGH 8.0 IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or…
CVE-2026-8835 2026-05-26 HIGH 7.3 IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information…
CVE-2026-8854 2026-05-26 HIGH 7.5 IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache.
CVE-2026-44728 2026-05-26 HIGH 8.2 Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker…
CVE-2026-2264 2026-05-26 N/A 0.0 A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must…
CVE-2026-42448 2026-05-26 LOW 3.5 Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who…
CVE-2026-8855 2026-05-26 HIGH 8.1 IBM HTTP Server 8.5, and 9.0 is vulnerable to remote code execution and denial of service in configurations with TLS mutual authentication (client authentication).
CVE-2026-44723 2026-05-26 MEDIUM 5.0 Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing…
CVE-2026-25112 2026-05-26 HIGH 7.8 A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack.
CVE-2026-41164 2026-05-26 MEDIUM 4.4 nuts-node is the reference implementation of the Nuts specification. Prior to 6.2.3 and 5.4.31, the v1 access token introspection endpoint (/auth/v1/introspect_access_token) accepts any JWT signed by a key…
CVE-2026-44680 2026-05-26 HIGH 7.6 MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to @mikro-orm/knex 6.6.14 and @mikro-orm/sql 7.0.14, MikroORM's identifier-quoting helper…
CVE-2026-45082 2026-05-26 HIGH 7.6 Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application…
CVE-2026-8856 2026-05-26 HIGH 7.7 IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service in configurations where an attacker has write access to parts of the server configuration.
CVE-2026-9575 2026-05-26 HIGH 7.3 A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID…
CVE-2026-9574 2026-05-26 HIGH 7.3 A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid…
CVE-2026-27331 2026-05-26 MEDIUM 6.3 Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
CVE-2026-25444 2026-05-26 MEDIUM 4.3 Missing Authorization vulnerability in Magepeople inc. WpBookingly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpBookingly: from n/a through 1.2.9.
CVE-2026-25426 2026-05-26 MEDIUM 5.3 Missing Authorization vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Taxi Booking Manager for WooCommerce: from…
CVE-2026-24520 2026-05-26 MEDIUM 4.3 Missing Authorization vulnerability in bPlugins Tiktok Feed allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tiktok Feed: from n/a through 1.0.24.
CVE-2025-68710 2026-05-26 N/A 0.0 Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an…
CVE-2026-9550 2026-05-26 HIGH 7.3 A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by this issue is some unknown functionality of the file /SubstationWEBV2/app/..;/main/upfile.…
CVE-2026-9572 2026-05-26 LOW 3.3 A security vulnerability has been detected in GPAC up to 2.4.0. Affected by this issue is the function Media_GetSample of the file src/isomedia/media.c of the component MP4Box. Such…
CVE-2026-40033 2026-05-26 HIGH 8.8 FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX…
« Anterior Página 177 de 4502 Siguiente »