Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-6345 2026-05-18 MEDIUM 6.5 Mattermost versions 11.5.x
CVE-2026-6346 2026-05-18 HIGH 8.7 Mattermost versions 11.5.x
CVE-2026-6347 2026-05-18 HIGH 7.6 Mattermost versions 11.5.x
CVE-2026-7498 2026-05-18 HIGH 8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects…
CVE-2026-41119 2026-05-18 MEDIUM 6.8 Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality…
CVE-2026-7304 2026-05-18 CRITICAL 9.8 SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.
CVE-2026-7302 2026-05-18 CRITICAL 9.1 SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by including…
CVE-2026-7301 2026-05-18 CRITICAL 9.8 SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the…
CVE-2026-20685 2026-05-18 MEDIUM 6.5 An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in…
CVE-2026-26462 2026-05-18 N/A 0.0 Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed…
CVE-2026-8788 2026-05-18 N/A 0.0 Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources…
CVE-2026-8721 2026-05-17 CRITICAL 9.8 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which routes through Perl's default typemap to SvPV_nolen. The…
CVE-2026-8507 2026-05-17 CRITICAL 9.8 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws. When parsing a PKCS12 file, with a >= 1 GiB OCTET STRING (or BIT STRING) attribute on…
CVE-2026-6333 2026-05-18 LOW 3.5 Mattermost versions 11.5.x
CVE-2026-4643 2026-05-18 LOW 3.5 Mattermost Desktop App versions
CVE-2026-3471 2026-05-18 MEDIUM 6.5 Mattermost Desktop App versions
CVE-2026-3117 2026-05-18 MEDIUM 6.5 Mattermost Plugins versions
CVE-2026-28732 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-6342 2026-05-18 MEDIUM 4.3 Mattermost Plugins versions
CVE-2026-6341 2026-05-18 MEDIUM 4.3 Mattermost Plugins versions
CVE-2026-6340 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-6334 2026-05-18 LOW 3.1 Mattermost versions 11.5.x
CVE-2026-4273 2026-05-18 LOW 3.7 Mattermost versions 11.5.x
CVE-2026-3637 2026-05-18 MEDIUM 4.3 Mattermost versions 11.5.x
CVE-2026-3495 2026-05-18 LOW 3.8 Mattermost versions 11.5.x
CVE-2026-41949 2026-05-18 MEDIUM 5.9 Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any…
CVE-2026-41948 2026-05-18 HIGH 7.7 Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient…
CVE-2026-41947 2026-05-18 HIGH 7.4 Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership.…
CVE-2026-6495 2026-05-18 HIGH 7.1 The Ajax Load More WordPress plugin before 7.8.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2026-6381 2026-05-18 HIGH 7.5 The WP Maps WordPress plugin before 4.9.3 does not properly sanitize a parameter before using it in a file path, allowing authenticated users to perform Local File Inclusion…
CVE-2026-6379 2026-05-18 HIGH 8.6 The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to…
CVE-2026-3220 2026-05-18 HIGH 8.8 The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to…
CVE-2026-1631 2026-05-18 MEDIUM 5.4 The Feeds for YouTube (YouTube video, channel, and gallery plugin) WordPress plugin before 2.6.4 is vulnerable to unauthorized modification of the Feeds for YouTube (YouTube video, channel, and…
CVE-2026-46720 2026-05-17 HIGH 8.2 Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources…
CVE-2026-8759 2026-05-17 HIGH 7.3 A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper…
CVE-2026-8758 2026-05-17 HIGH 7.3 A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file /common/jsp/upload3.jsp. Executing a manipulation of the argument File…
CVE-2026-8757 2026-05-17 HIGH 7.3 A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file core/framework/server/routes_sessions.py of the component Delete Request Handler. Performing a manipulation…
CVE-2026-8756 2026-05-17 HIGH 7.3 A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the function generate_config of the file webui_preprocess.py of the component Gradio Interface. Such…
CVE-2026-8755 2026-05-17 HIGH 7.3 A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function _get_all_models of the file hiyoriUI.py of the component Model Handler. This…
CVE-2026-8754 2026-05-17 MEDIUM 6.3 A vulnerability was detected in AstrBotDevs AstrBot up to 4.23.5. Impacted is the function post_file of the file astrbot/dashboard/routes/chat.py of the component File Upload Handler. The manipulation of…
CVE-2026-8753 2026-05-17 MEDIUM 6.3 A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.php of the component fileThumb Plugin. The…
CVE-2018-25339 2026-05-17 HIGH 8.2 Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v…
CVE-2018-25338 2026-05-17 HIGH 8.2 Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Attackers can exploit the hashtag parameter…
CVE-2018-25337 2026-05-17 MEDIUM 4.3 Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting…
CVE-2018-25336 2026-05-17 MEDIUM 5.3 Joomla jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting…
CVE-2018-25335 2026-05-17 CRITICAL 9.8 WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers…
CVE-2018-25334 2026-05-17 MEDIUM 5.4 Zechat 1.5 contains a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to change a user's information by bypassing anti-CSRF protections. The application uses a CSRF token,…
CVE-2018-25333 2026-05-17 HIGH 8.2 Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login…
CVE-2018-25332 2026-05-17 CRITICAL 9.8 GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers…
CVE-2018-25331 2026-05-17 MEDIUM 6.1 Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attackers can inject script…
« Anterior Página 196 de 4501 Siguiente »