Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-4041 2026-03-12 HIGH 8.8 A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based…
CVE-2026-28384 2026-03-12 N/A 0.0 An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API…
CVE-2026-21671 2026-03-12 CRITICAL 9.1 A vulnerability allowing an authenticated user with the Backup Administrator role to perform remote code execution (RCE) in high availability (HA) deployments of Veeam Backup & Replication.
CVE-2026-21670 2026-03-12 HIGH 7.7 A vulnerability allowing a low-privileged user to extract saved SSH credentials.
CVE-2026-21669 2026-03-12 CRITICAL 9.9 A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-21668 2026-03-12 HIGH 8.8 A vulnerability allowing an authenticated domain user to bypass restrictions and manipulate arbitrary files on a Backup Repository.
CVE-2026-21667 2026-03-12 CRITICAL 9.9 A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-21666 2026-03-12 CRITICAL 9.9 A vulnerability allowing an authenticated domain user to perform remote code execution (RCE) on the Backup Server.
CVE-2026-3099 2026-03-12 MEDIUM 5.8 A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc)…
CVE-2026-2987 2026-03-12 MEDIUM 6.1 The Simple Ajax Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'c' parameter in versions up to, and including, 20260217 due to insufficient input…
CVE-2026-2514 2026-03-12 N/A 0.0 In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that,…
CVE-2026-2513 2026-03-12 N/A 0.0 A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger…
CVE-2026-0809 2026-03-12 N/A 0.0 Use of a custom token encoding algorithm in Streamsoft Prestiż software allows the value of the KSeF (Krajowy System e-Faktur) token to be guessed after analyzing how tokens with know values…
CVE-2026-4040 2026-03-12 LOW 3.3 A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through…
CVE-2026-4039 2026-03-12 MEDIUM 6.3 A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It…
CVE-2026-3989 2026-03-12 N/A 0.0 SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the…
CVE-2026-3060 2026-03-12 CRITICAL 9.8 SGLang' encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication.
CVE-2026-3059 2026-03-12 CRITICAL 9.8 SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication.
CVE-2026-3234 2026-03-12 MEDIUM 4.3 A flaw was found in mod_proxy_cluster. This vulnerability, a Carriage Return Line Feed (CRLF) injection in the decodeenc() function, allows a remote attacker to bypass input validation. By…
CVE-2026-2366 2026-03-12 LOW 3.1 A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization…
CVE-2026-4016 2026-03-12 MEDIUM 5.3 A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation…
CVE-2026-4015 2026-03-12 MEDIUM 5.3 A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead…
CVE-2026-4014 2026-03-12 HIGH 7.3 A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation…
CVE-2026-4013 2026-03-12 MEDIUM 6.3 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The…
CVE-2026-4012 2026-03-12 LOW 3.3 A vulnerability was determined in rxi fe up to ed4cda96bd582cbb08520964ba627efb40f3dd91. The impacted element is the function read_ of the file src/fe.c. This manipulation with the input 1 causes…
CVE-2026-4010 2026-03-12 LOW 3.3 A vulnerability was found in ThakeeNathees pocketlang up to cc73ca61b113d48ee130d837a7a8b145e41de5ce. The affected element is the function pkByteBufferAddString. The manipulation of the argument length with the input 4294967290 results…
CVE-2026-4009 2026-03-12 LOW 3.3 A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation…
CVE-2026-4008 2026-03-12 HIGH 8.8 A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation…
CVE-2026-4007 2026-03-12 HIGH 8.8 A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the…
CVE-2026-3994 2026-03-12 MEDIUM 5.3 A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a…
CVE-2026-3993 2026-03-12 MEDIUM 4.3 A security vulnerability has been detected in itsourcecode Payroll Management System 1.0. This vulnerability affects unknown code of the file /manage_employee_deductions.php. Such manipulation of the argument ID leads…
CVE-2026-3992 2026-03-12 MEDIUM 6.3 A weakness has been identified in CodeGenieApp serverless-express up to 4.17.1. This affects an unknown part of the file utils/dynamodb.ts of the component Users Endpoint. This manipulation of…
CVE-2026-3990 2026-03-12 MEDIUM 4.3 A security flaw has been discovered in CesiumGS CesiumJS up to 1.137.0. Affected by this issue is some unknown functionality of the file Apps/Sandcastle/standalone.html. The manipulation of the…
CVE-2026-3984 2026-03-12 LOW 3.5 A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. This manipulation of…
CVE-2026-3983 2026-03-12 LOW 3.5 A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. The manipulation…
CVE-2026-2687 2026-03-12 MEDIUM 4.3 The Reading progressbar WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-15473 2026-03-12 MEDIUM 4.3 The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for…
CVE-2026-3982 2026-03-12 MEDIUM 4.3 A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_result.php. Executing a manipulation of the argument…
CVE-2026-3981 2026-03-12 HIGH 7.3 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results…
CVE-2026-3980 2026-03-12 HIGH 7.3 A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads…
CVE-2026-3979 2026-03-12 MEDIUM 5.3 A flaw has been found in quickjs-ng quickjs up to 0.12.1. This affects the function js_iterator_concat_return of the file quickjs.c. This manipulation causes use after free. The attack…
CVE-2026-3978 2026-03-12 HIGH 8.8 A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3. The manipulation of the argument wan_connected results in stack-based…
CVE-2026-3977 2026-03-12 MEDIUM 6.3 A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing…
CVE-2026-3976 2026-03-12 HIGH 8.8 A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of…
CVE-2026-3975 2026-03-12 HIGH 8.8 A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a…
CVE-2026-3974 2026-03-12 HIGH 8.8 A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument…
CVE-2026-3657 2026-03-12 HIGH 7.5 The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the `stickymenu_contact_lead_form` AJAX action in all versions up to, and including, 2.8.6. This is due…
CVE-2026-3226 2026-03-12 MEDIUM 4.3 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax…
CVE-2026-1878 2026-03-12 N/A 0.0 An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the…
CVE-2025-15038 2026-03-12 N/A 0.0 An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL…
« Anterior Página 189 de 4218 Siguiente »