Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-24160 2026-05-20 MEDIUM 5.5 NVIDIA TRT-LLM for any platform contains a vulnerability where an attacker could cause an unchecked return value to a null pointer dereference. A successful exploit of this vulnerability…
CVE-2026-8399 2026-05-20 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-44608 2026-05-20 MEDIUM 5.9 NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a locking inconsistency vulnerability that when certain conditions are met (multi-threaded, RPZ XFR reload, RPZ zone with…
CVE-2026-44390 2026-05-20 MEDIUM 5.3 NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability when handling replies with very large RRsets that Unbound needs to perform name compression for. Malicious…
CVE-2026-42960 2026-05-20 CRITICAL 10.0 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section. Promiscuous RRSets that complement DNS replies in the…
CVE-2026-42959 2026-05-20 HIGH 7.5 NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream…
CVE-2026-42944 2026-05-20 HIGH 7.5 NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS…
CVE-2026-42923 2026-05-20 MEDIUM 5.3 NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the DNSSEC validator where the code path to consult the negative cache for DS records…
CVE-2026-42534 2026-05-20 MEDIUM 5.3 NLnet Labs Unbound up to and including version 1.25.0 has a vulnerability in the jostle logic that could defeat its purpose and degrade resolution performance. Retransmits of the…
CVE-2026-41292 2026-05-20 HIGH 7.5 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary…
CVE-2026-33278 2026-05-20 CRITICAL 9.8 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as…
CVE-2026-32792 2026-05-20 MEDIUM 5.3 NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support ('--enable-dnscrypt'). A bad DNSCrypt query could underflow…
CVE-2026-44926 2026-05-20 HIGH 8.8 InfoScale CmdServer before 7.4.2 mishandles access control.
CVE-2026-44925 2026-05-20 HIGH 8.8 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user with an active session into clicking a malicious HTML link,…
CVE-2026-44924 2026-05-20 MEDIUM 5.4 InfoScale VIOM 9.1.3 allows XSS.
CVE-2026-44923 2026-05-20 MEDIUM 6.5 SQL injection in InfoScale VIOM before v9.1.3 allows remote attackers to escalate privileges.
CVE-2026-30691 2026-05-20 MEDIUM 6.1 Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and…
CVE-2026-24163 2026-05-20 HIGH 7.5 NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to…
CVE-2025-31973 2026-05-20 MEDIUM 4.0 HCL BigFix Service Management (SM) is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially…
CVE-2025-31985 2026-05-20 LOW 3.7 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially…
CVE-2026-41091 2026-05-20 HIGH 7.8 Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
CVE-2026-45498 2026-05-20 MEDIUM 4.0 Microsoft Defender Denial of Service Vulnerability
CVE-2026-45584 2026-05-20 HIGH 8.1 Heap-based buffer overflow in Microsoft Defender allows an unauthorized attacker to execute code over a network.
CVE-2026-42834 2026-05-20 HIGH 7.8 Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-8495 2026-05-19 CRITICAL 9.8 Missing Authorization vulnerability in Drupal Date iCal allows Forceful Browsing. This issue affects Date iCal: from 0.0.0 before 4.0.15.
CVE-2026-8493 2026-05-19 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting (XSS). This issue affects Colorbox Inline: from 0.0.0 before 2.1.1.
CVE-2026-8492 2026-05-19 LOW 2.7 Modification of Assumed-Immutable Data (MAID) vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5.
CVE-2026-7385 2026-05-20 MEDIUM 5.8 The Decent Comments WordPress plugin before 3.0.2 does not restrict access to comment author email addresses and post author email addresses via its REST API endpoint, allowing unauthenticated…
CVE-2026-8491 2026-05-19 LOW 3.7 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Node View Permissions allows Forceful Browsing. This issue affects Node View Permissions: from 0.0.0 before 1.7.0, from 2.0.0…
CVE-2026-34246 2026-05-19 MEDIUM 4.8 CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php,…
CVE-2026-32882 2026-05-19 HIGH 7.1 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay…
CVE-2026-8485 2026-05-20 MEDIUM 5.9 Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVE-2026-7613 2026-05-20 HIGH 7.2 The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due to…
CVE-2023-7346 2026-05-20 MEDIUM 4.0 Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of…
CVE-2026-9101 2026-05-20 MEDIUM 4.3 Prototype pollution in csv parsing logic during import can lead to untrusted file paths (but not arguments) entering shell.openExternal after specific user behavior leading to "1-click" command execution.
CVE-2026-9100 2026-05-20 MEDIUM 5.9 The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that…
CVE-2026-9087 2026-05-20 MEDIUM 6.4 A flaw was found in Keycloak. The cross-session verification proof is keyed only by (local userId, idpAlias) and is not bound to the upstream identity that was actually…
CVE-2026-8488 2026-05-20 MEDIUM 4.3 Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVE-2026-8487 2026-05-20 MEDIUM 6.5 Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVE-2026-8486 2026-05-20 MEDIUM 5.3 Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7.
CVE-2026-9084 2026-05-20 N/A 0.0 MISP’s OIDC authentication plugin allowed automatic linking of an OIDC identity to an existing local user account based on the email claim when the local account had no…
CVE-2026-39047 2026-05-20 HIGH 7.5 Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service (JetDirect) on TCP port 9100
CVE-2026-24206 2026-05-20 HIGH 7.3 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial…
CVE-2026-5783 2026-05-20 HIGH 7.6 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design Industry and Trade Ltd. Co. CityPLus allows Reflected XSS. This issue affects…
CVE-2026-24207 2026-05-20 CRITICAL 9.8 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to code execution, escalation of…
CVE-2026-20223 2026-05-20 CRITICAL 10.0 A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site…
CVE-2026-20206 2026-05-20 MEDIUM 6.3 A vulnerability in the BrowserBot component of Cisco ThousandEyes Enterprise Agent could have allowed an authenticated, remote attacker to execute arbitrary commands on Agents on behalf of the…
CVE-2026-20199 2026-05-20 MEDIUM 4.7 A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the…
CVE-2026-20171 2026-05-20 MEDIUM 6.8 A vulnerability in the Border Gateway Protocol (BGP) enforce-first-as feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated,…
CVE-2026-8598 2026-05-20 CRITICAL 9.1 An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such…
« Anterior Página 188 de 4502 Siguiente »