Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-8631 2026-05-20 CRITICAL 9.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via…
CVE-2026-2812 2026-05-20 MEDIUM 5.3 ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful…
CVE-2026-2813 2026-05-20 MEDIUM 4.7 ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may…
CVE-2026-48172 2026-05-21 N/A 0.0 LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation (possibly to root), as exploited in the wild in May 2026. Detection is best done via a command line…
CVE-2026-9110 2026-05-20 MEDIUM 4.2 Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a…
CVE-2026-9111 2026-05-20 HIGH 8.8 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security…
CVE-2026-9112 2026-05-20 HIGH 8.8 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML…
CVE-2026-9113 2026-05-20 MEDIUM 4.3 Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a…
CVE-2026-9114 2026-05-20 HIGH 8.8 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium…
CVE-2026-9115 2026-05-20 MEDIUM 4.3 Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium…
CVE-2026-9116 2026-05-20 MEDIUM 4.3 Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:…
CVE-2026-40102 2026-05-20 MEDIUM 6.5 Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without validation (unlike…
CVE-2026-9117 2026-05-20 HIGH 7.5 Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-9118 2026-05-20 HIGH 8.8 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security…
CVE-2026-9119 2026-05-20 HIGH 8.8 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.…
CVE-2026-9120 2026-05-20 HIGH 8.8 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVE-2026-9121 2026-05-20 HIGH 8.8 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium…
CVE-2026-9122 2026-05-20 MEDIUM 6.5 Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a…
CVE-2026-9123 2026-05-20 HIGH 7.5 Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious…
CVE-2026-9124 2026-05-20 MEDIUM 5.3 Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data…
CVE-2026-9126 2026-05-20 HIGH 8.8 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.…
CVE-2026-43494 2026-05-21 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released…
CVE-2026-36189 2026-05-21 MEDIUM 6.2 Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check_template.cpp, check_template function,…
CVE-2026-2734 2026-05-21 MEDIUM 6.5 In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authentication is enabled. This allows…
CVE-2026-47782 2026-05-20 LOW 3.3 Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web…
CVE-2026-47372 2026-05-20 CRITICAL 9.1 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.
CVE-2026-40094 2026-05-20 MEDIUM 4.3 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a…
CVE-2026-40092 2026-05-20 HIGH 7.5 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network peer can crash any Nimiq full node by publishing a crafted…
CVE-2026-39960 2026-05-20 MEDIUM 5.4 Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and below contain flawed logic that causes improper escaping of a textarea custom field's contents in…
CVE-2026-47373 2026-05-20 HIGH 7.5 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying…
CVE-2026-33137 2026-05-20 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to…
CVE-2026-26028 2026-05-20 MEDIUM 6.1 CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted…
CVE-2026-23734 2026-05-20 N/A 0.0 XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=/../../WEB-INF/xwiki.cfg&minify=false, leading…
CVE-2026-6841 2026-05-21 N/A 0.0 Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results…
CVE-2026-0393 2026-05-21 N/A 0.0 The affected product may expose credentials remotely between low privileged visualization users during concurrent login operations due to insufficient isolation of authentication data. The vulnerability affects only login…
CVE-2026-9137 2026-05-20 N/A 0.0 The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint…
CVE-2026-9136 2026-05-20 N/A 0.0 A vulnerability was identified in the ShadowAttribute proposal creation workflow. The add action accepted user-controlled ShadowAttribute request data without removing the id field before saving the record. Because…
CVE-2026-42396 2026-05-21 MEDIUM 4.9 Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail
CVE-2026-42002 2026-05-21 MEDIUM 5.9 Concurrency and locking defects in GSS-TSIG
CVE-2026-42001 2026-05-21 HIGH 7.5 Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42000 2026-05-21 MEDIUM 6.8 Insufficient Validation of Names During AXFR
CVE-2026-41999 2026-05-21 MEDIUM 4.8 Incorrect Behaviour of Views with TCP PROXY Requests
CVE-2026-2740 2026-05-21 HIGH 8.4 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are vulnerable to Authenticated Remote code execution in the agent machines due…
CVE-2026-5434 2026-05-21 MEDIUM 5.9 Honeywell Control Network Module (CNM) contains insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing system files, potentially resulting in unintended access…
CVE-2026-5433 2026-05-21 CRITICAL 9.1 Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this vulnerability via command delimiters, potentially resulting in Remote Code Execution (RCE).
CVE-2026-22880 2026-05-21 MEDIUM 6.1 Mattermost Mobile Apps versions
CVE-2026-9149 2026-05-21 MEDIUM 6.5 A flaw was found in libsolv. This heap buffer overflow vulnerability occurs when a victim processes a specially crafted `.solv` file containing negative size values in the `repo_add_solv`…
CVE-2026-9150 2026-05-20 MEDIUM 6.5 A flaw was found in libsolv. This stack-based buffer overflow vulnerability occurs in libsolv's Debian metadata parser when processing specially crafted Debian repository metadata. An attacker could exploit…
CVE-2026-24218 2026-05-20 HIGH 8.1 NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH host keys to be deployed across multiple…
CVE-2026-24217 2026-05-20 HIGH 8.8 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A successful exploit of this vulnerability might…
« Anterior Página 185 de 4502 Siguiente »