Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33117 2026-05-12 CRITICAL 9.1 Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-33112 2026-05-12 HIGH 8.8 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33110 2026-05-12 HIGH 8.8 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-32209 2026-05-12 MEDIUM 4.4 Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
CVE-2026-32204 2026-05-12 HIGH 7.8 External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32185 2026-05-12 MEDIUM 5.5 Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
CVE-2026-32177 2026-05-12 HIGH 7.3 Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-32175 2026-05-12 MEDIUM 4.3 A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations…
CVE-2026-32170 2026-05-12 MEDIUM 6.7 Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
CVE-2026-32161 2026-05-12 HIGH 7.5 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21530 2026-05-12 MEDIUM 6.7 Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
CVE-2026-8336 2026-05-13 HIGH 7.5 After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when…
CVE-2026-8202 2026-05-13 MEDIUM 4.3 Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin…
CVE-2026-8200 2026-05-13 LOW 2.7 When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all…
CVE-2026-8053 2026-05-13 HIGH 8.8 An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue…
CVE-2026-8431 2026-05-12 HIGH 7.2 An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax.  This issue affects all MongoDB…
CVE-2026-21024 2026-05-13 N/A 0.0 Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
CVE-2026-21019 2026-05-13 N/A 0.0 Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege.
CVE-2026-44403 2026-05-12 HIGH 7.2 Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code through the…
CVE-2025-15463 2026-05-12 MEDIUM 6.5 The The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.9.2.3. This is due to the…
CVE-2026-45227 2026-05-12 HIGH 8.8 Heym before 0.0.21 contains a sandbox escape vulnerability in the custom Python tool executor that allows authenticated workflow authors to bypass sandbox restrictions by using object-graph introspection primitives.…
CVE-2026-45226 2026-05-12 HIGH 7.1 Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation.…
CVE-2026-45225 2026-05-12 HIGH 7.6 Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted…
CVE-2026-8430 2026-05-12 HIGH 8.1 SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the public space that is limited to certain nginx configurations, allowing attackers to execute arbitrary code…
CVE-2026-8429 2026-05-12 HIGH 8.8 SPIP versions prior to 4.4.14 contain a remote code execution vulnerability in the private space that allows attackers to execute arbitrary code in the context of the web…
CVE-2026-44012 2026-05-12 N/A 0.0 Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (including…
CVE-2026-43989 2026-05-12 HIGH 8.5 JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes…
CVE-2026-6429 2026-05-13 MEDIUM 5.3 When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, libcurl could leak the password used for the first host to the followed-to…
CVE-2025-62627 2026-05-13 N/A 0.0 An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM…
CVE-2025-62624 2026-05-13 N/A 0.0 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-62623 2026-05-13 N/A 0.0 A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-61972 2026-05-13 N/A 0.0 Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code execution in…
CVE-2025-61971 2026-05-13 N/A 0.0 Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity.
CVE-2024-36315 2026-05-13 N/A 0.0 Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confidentiality.
CVE-2026-43685 2026-05-12 HIGH 7.2 A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External…
CVE-2026-43680 2026-05-12 HIGH 7.2 A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute…
CVE-2026-34690 2026-05-12 HIGH 7.8 After Effects versions 26.0, 25.6.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-34688 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this…
CVE-2026-34685 2026-05-12 LOW 3.4 Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'.…
CVE-2026-34680 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit…
CVE-2026-34679 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this…
CVE-2026-34678 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability…
CVE-2026-34677 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability…
CVE-2026-34673 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability…
CVE-2026-34672 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could…
CVE-2026-34671 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit…
CVE-2026-34670 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this…
CVE-2026-34669 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this…
CVE-2026-34668 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this…
CVE-2026-34667 2026-05-12 MEDIUM 6.2 CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could…
« Anterior Página 19 de 4299 Siguiente »