Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-4883 2026-05-19 CRITICAL 9.8 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and…
CVE-2026-4885 2026-05-19 CRITICAL 9.8 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions…
CVE-2025-15609 2026-05-19 HIGH 7.5 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…
CVE-2025-40900 2026-05-19 MEDIUM 4.6 An Angular template injection vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a…
CVE-2026-7571 2026-05-19 HIGH 7.1 A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control intended to disable the implicit flow…
CVE-2026-7507 2026-05-19 HIGH 7.5 A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by pre-creating an authentication session and tricking a victim into visiting…
CVE-2026-7504 2026-05-19 HIGH 8.1 A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could bypass validation to redirect users to unauthorized URLs,…
CVE-2026-7307 2026-05-19 HIGH 7.5 A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language (SAML) endpoint. This malicious input…
CVE-2026-4630 2026-05-19 MEDIUM 6.8 A flaw was found in Keycloak. An authenticated client could exploit an Insecure Direct Object Reference (IDOR) vulnerability in the Authorization Services Protection API endpoint. By knowing or…
CVE-2026-37981 2026-05-19 MEDIUM 4.3 A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one…
CVE-2026-37978 2026-05-19 MEDIUM 4.9 A flaw was found in Keycloak. A low-privilege administrator with the 'view-clients' role can exploit this by invoking the 'evaluate-scopes' Admin API endpoints with an arbitrary user ID…
CVE-2026-8922 2026-05-19 MEDIUM 5.4 A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the realm-level…
CVE-2026-47317 2026-05-19 MEDIUM 5.5 Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47316 2026-05-19 MEDIUM 5.5 Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47315 2026-05-19 MEDIUM 5.5 Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47314 2026-05-19 HIGH 7.8 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47313 2026-05-19 MEDIUM 5.5 Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47312 2026-05-19 MEDIUM 5.5 Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-8830 2026-05-19 MEDIUM 4.3 A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails…
CVE-2026-47311 2026-05-19 HIGH 7.8 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47310 2026-05-19 HIGH 7.8 Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47309 2026-05-19 MEDIUM 5.5 Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
CVE-2026-47308 2026-05-19 MEDIUM 5.5 NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
CVE-2026-47307 2026-05-19 MEDIUM 5.5 NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This…
CVE-2026-33565 2026-05-19 LOW 3.3 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28751 2026-05-19 LOW 3.3 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-28733 2026-05-19 MEDIUM 6.5 in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.
CVE-2026-27781 2026-05-19 LOW 3.3 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-27766 2026-05-19 MEDIUM 5.5 in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.
CVE-2026-27648 2026-05-19 HIGH 8.8 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
CVE-2026-25850 2026-05-19 MEDIUM 5.5 in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
CVE-2026-25781 2026-05-19 HIGH 8.4 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.
CVE-2026-25110 2026-05-19 LOW 3.3 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.
CVE-2026-24792 2026-05-19 HIGH 8.1 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.
CVE-2026-8838 2026-05-18 CRITICAL 9.8 Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows a rogue server or man-in-the-middle actor to execute arbitrary code on…
CVE-2026-47323 2026-05-19 N/A 0.0 Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations (CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http) only filter…
CVE-2026-6354 2026-05-19 N/A 0.0 Rejected reason: Voluntarily withdrawn
CVE-2026-45829 2026-05-18 N/A 0.0 A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending…
CVE-2026-36438 2026-05-18 MEDIUM 5.3 An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd
CVE-2026-43493 2026-05-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG requests can return EBUSY. Handle them by checking for…
CVE-2026-43492 2026-05-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() when subtracting "lzeros" from…
CVE-2026-43491 2026-05-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the…
CVE-2026-45246 2026-05-18 MEDIUM 5.5 Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem…
CVE-2026-45244 2026-05-18 MEDIUM 5.4 Summarize prior to 0.15.1 contains a missing authorization vulnerability that allows attackers to execute browser automation actions without per-call user approval when the extension automation feature is enabled.…
CVE-2026-45242 2026-05-18 HIGH 7.1 Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolute…
CVE-2026-45243 2026-05-18 MEDIUM 6.1 Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation artifacts. Attackers can…
CVE-2026-45245 2026-05-18 HIGH 7.4 Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extension to…
CVE-2026-29965 2026-05-18 MEDIUM 6.1 HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax.
CVE-2026-29964 2026-05-18 MEDIUM 6.1 HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint…
CVE-2025-65954 2026-05-18 MEDIUM 4.7 SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a…
« Anterior Página 194 de 4501 Siguiente »