Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-29220 2026-05-19 MEDIUM 6.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to…
CVE-2026-29207 2026-05-19 MEDIUM 6.5 Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version…
CVE-2026-23557 2026-05-19 MEDIUM 6.5 Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined…
CVE-2026-23558 2026-05-19 HIGH 7.8 The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version…
CVE-2026-8946 2026-05-19 HIGH 7.5 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8947 2026-05-19 HIGH 7.3 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8953 2026-05-19 CRITICAL 9.6 Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird…
CVE-2026-8954 2026-05-19 HIGH 7.5 Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8975 2026-05-19 CRITICAL 9.8 Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2026-8974 2026-05-19 CRITICAL 9.8 Memory safety bugs present in Thunderbird 140.10 and Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2026-8973 2026-05-19 CRITICAL 9.8 Memory safety bugs present in Thunderbird 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
CVE-2026-8972 2026-05-19 MEDIUM 6.5 Privilege escalation in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8971 2026-05-19 MEDIUM 6.5 Same-origin policy bypass in the Networking: JAR component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8970 2026-05-19 HIGH 7.3 Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8969 2026-05-19 HIGH 8.1 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8968 2026-05-19 HIGH 7.5 Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8967 2026-05-19 N/A 0.0 Information disclosure in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8966 2026-05-19 N/A 0.0 Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8965 2026-05-19 N/A 0.0 Information disclosure in the DOM: Security component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8964 2026-05-19 HIGH 7.5 Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8963 2026-05-19 HIGH 7.5 Spoofing issue in the Web Speech component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8962 2026-05-19 N/A 0.0 Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8961 2026-05-19 N/A 0.0 Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8960 2026-05-19 HIGH 7.5 Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8959 2026-05-19 CRITICAL 9.6 Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8958 2026-05-19 HIGH 8.6 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8957 2026-05-19 MEDIUM 6.5 Privilege escalation in the Enterprise Policies component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8956 2026-05-19 CRITICAL 9.8 Integer overflow in the Networking: JAR component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8955 2026-05-19 MEDIUM 6.5 Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8952 2026-05-19 MEDIUM 6.5 Privilege escalation in the Application Update component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-8950 2026-05-19 CRITICAL 9.3 Same-origin policy bypass in the Networking: HTTP component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8949 2026-05-19 HIGH 7.5 Integer overflow in the Widget: Win32 component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11.
CVE-2026-8948 2026-05-19 CRITICAL 9.1 Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151.
CVE-2026-36829 2026-05-19 CRITICAL 9.8 An authentication bypass vulnerability exists in the embedded HTTP server of Panabit PAP-XM320 up to and including v7.7. The server validates session cookies using a filesystem existence check…
CVE-2026-34883 2026-05-19 MEDIUM 5.3 An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to…
CVE-2026-37281 2026-05-19 N/A 0.0 An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter.
CVE-2026-31072 2026-05-19 N/A 0.0 The JSONSerializer and CBORSerializer in APScheduler (all versions including 3.10.x and 4.0.0a5) are vulnerable to Remote Code Execution (RCE) via Insecure Deserialization. The unmarshal_object function allows for arbitrary…
CVE-2025-70950 2026-05-19 HIGH 7.3 An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request.
CVE-2025-51427 2026-05-19 HIGH 7.3 An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].
CVE-2026-5511 2026-05-19 N/A 0.0 In the web management interface of Archer AX72 (SG) v1, the network diagnostic feature improperly handles invalid user input, resulting in limited exposure of diagnostic command usage information. …
CVE-2026-47100 2026-05-19 HIGH 7.5 Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write…
CVE-2026-43634 2026-05-19 HIGH 7.5 HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the…
CVE-2026-5804 2026-05-19 HIGH 8.4 An improper authentication vulnerability was discovered in the Motorola Factory Test component (com.motorola.motocit). The application contained a reference to a writable file descriptor in external storage which could be used by third…
CVE-2026-8711 2026-05-19 HIGH 8.1 NGINX JavaScript has a vulnerability when the js_fetch_proxy directive is configured with at least one client-controlled NGINX variable (for example, $http_*, $arg_*, $cookie_*) and a location invoking the ngx.fetch()…
CVE-2026-45557 2026-05-19 MEDIUM 5.8 Technitium DNS Server aggressively tries to fetch missing RRSIG records or mismatched DNSKEY records. An attacker in control of a domain can cause a vulnerable system to generate…
CVE-2026-44159 2026-05-19 CRITICAL 9.8 Tyler Identity Local (TID-L) uses documented, default administrative credentials. Users are not required to change the credentials before deployment. TID-L has not been distributed since December 2020, and…
CVE-2026-2587 2026-05-19 CRITICAL 9.6 A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates…
CVE-2026-2586 2026-05-19 CRITICAL 9.1 An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution…
CVE-2025-40901 2026-05-19 MEDIUM 5.9 A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define…
CVE-2025-40902 2026-05-19 MEDIUM 5.9 A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a…
« Anterior Página 192 de 4501 Siguiente »