Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-38719 2026-05-18 MEDIUM 6.2 OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item_count…
CVE-2025-56352 2026-05-18 HIGH 7.5 In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set…
CVE-2026-8843 2026-05-18 MEDIUM 6.5 Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server.…
CVE-2026-41085 2026-05-18 HIGH 8.8 Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges…
CVE-2025-57282 2026-05-18 HIGH 8.8 ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
CVE-2026-6902 2026-05-18 N/A 0.0 A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks.
CVE-2026-21789 2026-05-18 MEDIUM 4.6 HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
CVE-2026-47092 2026-05-18 HIGH 7.8 Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers…
CVE-2026-47091 2026-05-18 LOW 3.3 Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin…
CVE-2026-47090 2026-05-18 MEDIUM 4.6 Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded…
CVE-2026-39079 2026-05-18 HIGH 7.5 An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components
CVE-2026-4320 2026-05-18 N/A 0.0 Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process,…
CVE-2026-8783 2026-05-18 MEDIUM 4.3 A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to null pointer dereference.…
CVE-2026-8770 2026-05-18 LOW 3.3 A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the…
CVE-2026-45231 2026-05-18 MEDIUM 6.1 DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using…
CVE-2026-45230 2026-05-18 CRITICAL 9.1 DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../…
CVE-2026-32849 2026-05-18 MEDIUM 5.5 NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int…
CVE-2026-32848 2026-05-18 MEDIUM 4.7 NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing…
CVE-2026-42822 2026-05-18 CRITICAL 10.0 Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42009 2026-05-18 HIGH 7.5 A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for…
CVE-2026-0983 2026-05-18 N/A 0.0 Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
CVE-2026-8764 2026-05-17 HIGH 7.2 A security vulnerability has been detected in H3C Magic B3 up to 100R002. This affects the function UpdateWanParams of the file /goform/aspForm. Such manipulation of the argument param…
CVE-2026-8786 2026-05-18 MEDIUM 6.3 A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API…
CVE-2026-8769 2026-05-17 MEDIUM 4.3 A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes…
CVE-2026-8768 2026-05-17 HIGH 7.3 A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils. The manipulation results…
CVE-2026-8767 2026-05-17 MEDIUM 5.0 A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The…
CVE-2026-8766 2026-05-17 MEDIUM 4.3 A flaw has been found in Kilo-Org kilocode up to 7.0.47. This issue affects the function Load of the file packages/opencode/src/config/config.ts of the component Environment Variable Handler. Executing…
CVE-2026-8765 2026-05-17 MEDIUM 4.3 A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing…
CVE-2026-8836 2026-05-18 CRITICAL 9.8 A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of…
CVE-2026-8785 2026-05-18 HIGH 7.3 A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Parameter Handler. Executing…
CVE-2026-8784 2026-05-18 MEDIUM 4.2 A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack…
CVE-2026-8777 2026-05-18 MEDIUM 6.3 A vulnerability was found in Edimax BR-6428NS 1.10. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup of the component POST Request Handler. Performing a manipulation of…
CVE-2026-8776 2026-05-18 HIGH 8.8 A vulnerability has been found in Edimax BR-6428NS 1.10. This vulnerability affects the function formPPTPSetup of the file /goform/formPPTPSetup of the component POST Request Handler. Such manipulation of…
CVE-2026-8775 2026-05-18 HIGH 8.8 A flaw has been found in Edimax BR-6428NS 1.10. This affects the function formL2TPSetup of the file /goform/formL2TPSetup of the component POST Request Handler. This manipulation of the…
CVE-2026-8774 2026-05-18 MEDIUM 6.3 A vulnerability was detected in Edimax BR-6228NC 1.22. Affected by this issue is the function mp of the file /goform/mp of the component POST Request Handler. The manipulation…
CVE-2026-8773 2026-05-18 MEDIUM 4.7 A security vulnerability has been detected in linlinjava litemall up to 1.8.0. Affected by this vulnerability is the function backup/load of the file litemall-db/src/main/java/org/linlinjava/litemall/db/util/DbUtil.java of the component Database…
CVE-2026-8772 2026-05-18 MEDIUM 4.7 A weakness has been identified in linlinjava litemall up to 1.8.0. Affected is an unknown function of the component Admin Endpoint. Executing a manipulation can lead to sql…
CVE-2026-8771 2026-05-18 HIGH 7.3 A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing…
CVE-2026-8782 2026-05-18 MEDIUM 4.3 A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation…
CVE-2026-8781 2026-05-18 MEDIUM 4.3 A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null…
CVE-2026-8780 2026-05-18 MEDIUM 4.3 A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The…
CVE-2026-8779 2026-05-18 MEDIUM 4.3 A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead…
CVE-2026-8803 2026-05-18 LOW 3.7 A flaw has been found in opensourcepos Open Source Point of Sale up to 3.4.2. Impacted is the function Login of the file app/Models/Employee.php of the component Employee…
CVE-2026-8802 2026-05-18 MEDIUM 4.3 A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the…
CVE-2026-28759 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-2325 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-4286 2026-05-18 LOW 3.1 Mattermost versions 11.5.x
CVE-2026-5163 2026-05-18 MEDIUM 6.5 Mattermost versions 11.5.x
CVE-2026-6339 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-6343 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
« Anterior Página 195 de 4501 Siguiente »