Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-21286 2026-03-11 MEDIUM 5.3 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker…
CVE-2026-21289 2026-03-11 HIGH 7.5 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker…
CVE-2026-21290 2026-03-11 HIGH 8.7 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker…
CVE-2026-21291 2026-03-11 MEDIUM 4.8 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker…
CVE-2026-21292 2026-03-11 MEDIUM 5.4 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker…
CVE-2026-31875 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.7 and 8.6.33, when multi-factor authentication (MFA) via…
CVE-2026-31872 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission (CLP)…
CVE-2026-31871 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists…
CVE-2026-31870 2026-03-11 HIGH 7.5 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API (httplib::stream::Get, httplib::stream::Post, etc.), the library calls std::stoull()…
CVE-2026-31868 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.4 and 8.6.30, an attacker can upload a…
CVE-2026-31867 2026-03-11 N/A 0.0 Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.11.0 and 5.6.0, An Insecure Direct Object Reference (IDOR) vulnerability exists in Craft Commerce’s cart functionality that…
CVE-2026-31866 2026-03-11 HIGH 7.5 flagd is a feature flag daemon with a Unix philosophy. Prior to 0.14.2, flagd exposes OFREP (/ofrep/v1/evaluate/...) and gRPC (evaluation.v1, evaluation.v2) endpoints for feature flag evaluation. These endpoints…
CVE-2026-31863 2026-03-11 LOW 3.6 Anytype Heart is the middleware library for Anytype. The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the…
CVE-2026-31862 2026-03-11 CRITICAL 9.1 Cloud CLI (aka Claude Code UI) is a desktop and mobile UI for Claude Code, Cursor CLI, Codex, and Gemini-CLI. Prior to 1.24.0, multiple Git-related API endpoints use…
CVE-2026-31859 2026-03-11 N/A 0.0 Craft is a content management system (CMS). The fix for CVE-2025-35939 in craftcms/cms introduced a strip_tags() call in src/web/User.php to sanitize return URLs before they are stored in…
CVE-2026-31858 2026-03-11 N/A 0.0 Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability…
CVE-2026-31857 2026-03-11 N/A 0.0 Craft is a content management system (CMS). Prior to 5.9.9 and 4.17.4, a Remote Code Execution vulnerability exists in the Craft CMS 5 conditions system. The BaseElementSelectConditionRule::getElementIds() method…
CVE-2026-31856 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A SQL injection vulnerability exists in the PostgreSQL storage adapter…
CVE-2026-30226 2026-03-11 N/A 0.0 Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. In devalue v5.6.3 and earlier, devalue.parse and devalue.unflatten were susceptible…
CVE-2026-0231 2026-03-11 N/A 0.0 An information disclosure vulnerability in Palo Alto Networks Cortex XDR® Broker VM allows an authenticated user to obtain and modify sensitive information by triggering live terminal session via Cortex…
CVE-2026-0230 2026-03-11 N/A 0.0 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on macOS allows a local administrator to disable the agent. This issue could be…
CVE-2026-27221 2026-03-10 MEDIUM 5.5 Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by an Improper Certificate Validation vulnerability that could result in a Security feature bypass. An attacker could leverage…
CVE-2026-27220 2026-03-10 HIGH 7.8 Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21361 2026-03-11 HIGH 8.1 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vvulnerability that could be abused by a high-privileged attacker…
CVE-2026-21360 2026-03-11 MEDIUM 6.8 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that…
CVE-2026-21359 2026-03-11 MEDIUM 4.7 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker…
CVE-2026-21311 2026-03-11 HIGH 8.0 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker…
CVE-2026-21310 2026-03-11 MEDIUM 5.3 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass, with…
CVE-2026-21309 2026-03-11 HIGH 7.5 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker…
CVE-2026-21297 2026-03-11 MEDIUM 4.3 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged…
CVE-2026-21296 2026-03-11 MEDIUM 4.3 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged…
CVE-2026-27278 2026-03-10 HIGH 7.8 Acrobat Reader versions 24.001.30307, 24.001.30308, 25.001.21265 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21295 2026-03-11 LOW 3.1 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this…
CVE-2026-21294 2026-03-11 MEDIUM 5.5 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass.…
CVE-2026-21293 2026-03-11 MEDIUM 5.5 Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass.…
CVE-2026-3429 2026-03-11 MEDIUM 4.2 A flaw was identified in the Account REST API of Keycloak that allows a user authenticated at a lower security level to perform sensitive actions intended only for…
CVE-2026-31854 2026-03-11 N/A 0.0 Cursor is a code editor built for programming with AI. Prior to 2.0 ,if a visited website contains maliciously crafted instructions, the model may attempt to follow them…
CVE-2026-31853 2026-03-11 MEDIUM 5.7 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, an overflow on 32-bit systems can cause a crash in…
CVE-2026-31852 2026-03-11 CRITICAL 10.0 Jellyfin is an open-source media system. The code-quality.yml GitHub Actions workflow in jellyfin/jellyfin-ios is vulnerable to arbitrary code execution via pull requests from forked repositories. Due to the…
CVE-2026-31840 2026-03-11 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.2 and 8.6.28, an attacker can use a…
CVE-2026-31839 2026-03-11 HIGH 8.2 Striae is a firearms examiner's comparison companion. A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that…
CVE-2026-31813 2026-03-11 MEDIUM 4.8 Supabase Auth is a JWT based API for managing users and issuing JWT tokens. Prior to 2.185.0, a vulnerability has been identified that allows an attacker to issue…
CVE-2026-30868 2026-03-11 MEDIUM 6.3 OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.4, multiple OPNsense MVC API endpoints perform state‑changing operations but are accessible via HTTP GET requests without…
CVE-2026-30239 2026-03-11 MEDIUM 6.5 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when budgets are deleted, the work packages that were assigned to this budget need to be moved…
CVE-2026-30236 2026-03-11 MEDIUM 4.3 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, when editing a project budget and planning the labor cost, it was not checked that the user…
CVE-2026-30235 2026-03-11 MEDIUM 6.5 OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This…
CVE-2026-20166 2026-03-11 MEDIUM 5.4 In Splunk Enterprise versions below 10.2.1 and 10.0.4, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, and 10.0.2503.12, a low-privileged user that does not hold the "admin" or…
CVE-2026-20165 2026-03-11 MEDIUM 6.3 In Splunk Enterprise versions below 10.2.1, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.7, 10.1.2507.17, 10.0.2503.12, and 9.3.2411.124, a low-privileged user that does not hold…
CVE-2026-20164 2026-03-11 MEDIUM 6.5 In Splunk Enterprise versions below 10.2.0, 10.0.3, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.1.2507.16, 10.0.2503.11, and 9.3.2411.123, a low-privileged user that does not hold…
CVE-2026-20163 2026-03-11 HIGH 7.2 In Splunk Enterprise versions below 10.2.0, 10.0.4, 9.4.9, and 9.3.10, and Splunk Cloud Platform versions below 10.2.2510.5, 10.0.2503.12, 10.1.2507.16, and 9.3.2411.124, a user who holds a role that…
« Anterior Página 195 de 4220 Siguiente »