Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25608 2026-05-22 N/A 0.0 STER uses unencrypted TCP traffic to transmit data over the network. It allows an attacker to conduct a Man-In-The-Middle attack and obtain sensitive data such as passwords, personal data,…
CVE-2026-25607 2026-05-22 N/A 0.0 Use of a weak password encoding algorithm in STER software allows the value of the password to be guessed after analyzing how passwords with known values are encoded.…
CVE-2026-25606 2026-05-22 N/A 0.0 A SQL injection vulnerability has been identified in STER. Improper neutralization of input provided by user into multiple Search Filters allows for SQL Injection attacks. It allows an…
CVE-2026-9011 2026-05-22 HIGH 7.5 The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due…
CVE-2026-8692 2026-05-22 MEDIUM 4.3 The Vedrixa Forms – User Registration Form, Signup Form & Drag & Drop Form Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to,…
CVE-2026-8684 2026-05-22 MEDIUM 5.3 The MotoPress Hotel Booking plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.1. This is due to the plugin not properly…
CVE-2026-8679 2026-05-22 HIGH 7.5 The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to…
CVE-2026-8381 2026-05-22 MEDIUM 5.4 A broken access control vulnerability exists in the TeamViewer DEX Platform (On‑Premises) prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated…
CVE-2026-7798 2026-05-22 MEDIUM 5.4 The FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions…
CVE-2026-7636 2026-05-22 MEDIUM 4.3 The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via…
CVE-2026-7615 2026-05-22 MEDIUM 4.3 The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce…
CVE-2026-5072 2026-05-22 N/A 0.0 A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTP_MSG_MANAGEMENT message to…
CVE-2026-9104 2026-05-22 MEDIUM 6.4 The Draft List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Draft Post Title in all versions up to, and including, 2.6.3 due to insufficient input…
CVE-2026-9018 2026-05-22 HIGH 8.8 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.4.5 via the…
CVE-2026-7509 2026-05-22 MEDIUM 6.4 The KIA Subtitle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `the-subtitle` shortcode `before` and `after` attributes in all versions up to, and including,…
CVE-2026-7249 2026-05-22 MEDIUM 4.3 The Location Weather plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the `splw_update_block_options()` and `lwp_clean_weather_transients()` functions in all versions up…
CVE-2026-6864 2026-05-22 MEDIUM 6.1 The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7…
CVE-2026-4070 2026-05-22 MEDIUM 4.3 The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce…
CVE-2026-44409 2026-05-22 MEDIUM 5.7 There is an an information disclosure vulnerability in ZTE MU5250. Due to improper configuration of the access control mechanism, attackers can obtain information without authorization, causing the risk…
CVE-2026-3481 2026-05-22 MEDIUM 6.1 The WP Blockade plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shortcode' parameter in all versions up to and including 0.9.14. This is due to…
CVE-2026-2518 2026-05-22 MEDIUM 4.3 The FastX theme for WordPress is vulnerable to unauthorized limited plugin installation and activation due to missing capability checks on the 'ultp_install_callback' and 'ultp_activate_callback' functions in all versions…
CVE-2026-9054 2026-05-22 N/A 0.0 An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic.
CVE-2026-9053 2026-05-22 N/A 0.0 Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and…
CVE-2026-4834 2026-05-22 HIGH 7.5 The WP ERP Pro plugin for WordPress is vulnerable to SQL Injection via the 'search_key' parameter in all versions up to, and including, 1.5.1. This is due to…
CVE-2026-46598 2026-05-22 N/A 0.0 For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.
CVE-2026-46597 2026-05-22 N/A 0.0 An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
CVE-2026-46595 2026-05-22 N/A 0.0 Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would…
CVE-2026-42508 2026-05-22 N/A 0.0 Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.
CVE-2026-39835 2026-05-22 N/A 0.0 SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now…
CVE-2026-39834 2026-05-22 N/A 0.0 When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop…
CVE-2026-39833 2026-05-22 N/A 0.0 The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication…
CVE-2026-39832 2026-05-22 N/A 0.0 When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing…
CVE-2026-39831 2026-05-22 N/A 0.0 The Verify() method for FIDO/U2F security key types ([email protected], [email protected]) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of…
CVE-2026-39830 2026-05-22 N/A 0.0 A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by…
CVE-2026-39829 2026-05-22 N/A 0.0 The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could…
CVE-2026-39828 2026-05-22 N/A 0.0 When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded.…
CVE-2026-39827 2026-05-22 N/A 0.0 An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users.…
CVE-2026-9264 2026-05-22 N/A 0.0 A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from…
CVE-2026-34911 2026-05-22 HIGH 7.7 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying…
CVE-2026-34910 2026-05-22 CRITICAL 10.0 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-34909 2026-05-22 CRITICAL 10.0 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could…
CVE-2026-34908 2026-05-22 CRITICAL 10.0 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVE-2026-5091 2026-05-21 N/A 0.0 Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying…
CVE-2026-45250 2026-05-21 HIGH 7.8 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied…
CVE-2026-33000 2026-05-22 CRITICAL 9.1 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-5297 2026-05-21 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-8435 2026-05-21 N/A 0.0 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of…
CVE-2026-8434 2026-05-21 N/A 0.0 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…
CVE-2026-8433 2026-05-21 N/A 0.0 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…
CVE-2026-8432 2026-05-21 N/A 0.0 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…
« Anterior Página 182 de 4502 Siguiente »