Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-48131 2026-05-26 HIGH 8.1 The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the…
CVE-2026-9560 2026-05-26 N/A 0.0 Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
CVE-2026-44749 2026-05-26 MEDIUM 4.3 The SAP Gateway allows attackers to inject content into error messages, potentially leading to disclosure of request artefacts (e.g., regex patterns) and revealing underlying URI parsing logic. Leading…
CVE-2026-24201 2026-05-26 MEDIUM 5.8 NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to…
CVE-2026-24200 2026-05-26 HIGH 7.0 NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might…
CVE-2026-24199 2026-05-26 MEDIUM 4.7 NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where a user could cause a race condition by reordering compiler or processor memory instructions. A…
CVE-2026-24198 2026-05-26 MEDIUM 5.6 NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of…
CVE-2026-24197 2026-05-26 MEDIUM 6.5 NVIDIA Display Driver for Linux contains a vulnerability in the Multi-Instance GPU (MIG) partition management, where an insecure default initialization of memory subsystem routing resources could lead to…
CVE-2026-24196 2026-05-26 HIGH 7.1 NVIDIA Display Driver for Linux contains a vulnerability where a user could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to denial of service…
CVE-2026-24195 2026-05-26 HIGH 7.1 NVIDIA Display Driver for Linux contains a vulnerability in UVM, where a user could cause improper input validation. A successful exploit of this vulnerability might lead to denial…
CVE-2026-24194 2026-05-26 HIGH 7.8 NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability…
CVE-2026-24193 2026-05-26 HIGH 7.8 NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial…
CVE-2026-24192 2026-05-26 HIGH 7.8 NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit…
CVE-2026-24191 2026-05-26 HIGH 7.8 NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of…
CVE-2026-24190 2026-05-26 HIGH 7.8 NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit…
CVE-2026-24187 2026-05-26 HIGH 8.8 NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause a use-after-free. A successful exploit of this vulnerability might lead to denial of service, escalation…
CVE-2026-24182 2026-05-26 MEDIUM 6.5 NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could leak held driver locks. A successful exploit of this vulnerability might lead to denial…
CVE-2025-33221 2026-05-26 MEDIUM 4.4 NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A…
CVE-2026-48864 2026-05-26 HIGH 7.8 A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker…
CVE-2026-24162 2026-05-26 HIGH 7.8 NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution,…
CVE-2026-4480 2026-05-26 HIGH 8.5 A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J"…
CVE-2026-48902 2026-05-26 N/A 0.0 The password and username reset features created plain http links for https connections if the "Force SSL" flag wasn't explicitly set.
CVE-2026-48901 2026-05-26 N/A 0.0 The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.
CVE-2026-48897 2026-05-26 N/A 0.0 Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-48896 2026-05-26 N/A 0.0 Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2026-40384 2026-05-26 N/A 0.0 An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability.
CVE-2026-35223 2026-05-26 N/A 0.0 An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2026-8174 2026-05-26 MEDIUM 5.7 Zohocorp Zoho Mail wordpress plugin is vulnerable to Cross-Site request forgery (CSRF). This issue affects Zoho Mail wordpress plugin versions before 1.6.2.
CVE-2026-8633 2026-05-26 CRITICAL 9.8 IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution…
CVE-2026-8620 2026-05-26 HIGH 7.5 IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling…
CVE-2026-7251 2026-05-26 CRITICAL 9.8 Eppendorf BioFlo 320 is vulnerable to due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote…
CVE-2025-36221 2026-05-26 MEDIUM 5.3 IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process…
CVE-2025-36220 2026-05-26 MEDIUM 4.3 IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could…
CVE-2025-36148 2026-05-26 MEDIUM 5.4 IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker…
CVE-2025-36145 2026-05-26 MEDIUM 5.4 IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.
CVE-2025-36126 2026-05-26 MEDIUM 6.4 IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…
CVE-2025-14290 2026-05-26 MEDIUM 5.4 IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2026-40564 2026-05-26 N/A 0.0 Files or Directories Accessible to External Parties, Server-Side Request Forgery (SSRF) vulnerability in Apache Flink Kubernetes Operator. The FlinkSessionJob jarURI is currently not validated so that it points…
CVE-2025-11482 2026-05-26 HIGH 7.5 An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based…
CVE-2026-9534 2026-05-26 MEDIUM 6.3 A flaw has been found in Totolink CA750-PoE 6.2c.510. This affects the function setWiFiWpsConfig of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of the…
CVE-2026-9533 2026-05-26 MEDIUM 6.3 A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The impacted element is the function recvUpgradeNewFw of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation of…
CVE-2026-9532 2026-05-26 MEDIUM 6.3 A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUploadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation…
CVE-2026-9531 2026-05-26 MEDIUM 6.3 A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument…
CVE-2026-9515 2026-05-26 MEDIUM 6.3 A vulnerability was detected in Totolink CA750-PoE 6.2c.510. The affected element is the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the…
CVE-2026-9514 2026-05-25 MEDIUM 6.3 A security vulnerability has been detected in Totolink CA750-PoE 6.2c.510. Impacted is the function setNetworkDiag of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the…
CVE-2026-9513 2026-05-25 MEDIUM 6.3 A weakness has been identified in Totolink CA750-PoE 6.2c.510. This issue affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Executing a manipulation of…
CVE-2026-9512 2026-05-25 MEDIUM 6.3 A security flaw has been discovered in Totolink CA750-PoE 6.2c.510. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Performing a manipulation…
CVE-2026-9511 2026-05-25 MEDIUM 6.3 A vulnerability was identified in Totolink CA750-PoE 6.2c.510. This affects the function setWebWlanIdx of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. Such manipulation of the argument webWlanIdx…
CVE-2026-48091 2026-05-26 N/A 0.0 Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2026-43919 2026-05-26 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-43918. Reason: This candidate is a duplicate of CVE-2026-43918. Notes: All CVE users should reference CVE-2026-43918…
« Anterior Página 180 de 4502 Siguiente »