Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-30958 2026-03-10 HIGH 7.2 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, an unauthenticated path traversal in the /workflow/docs/:componentName endpoint allows reading arbitrary files from the server…
CVE-2026-30957 2026-03-10 CRITICAL 9.9 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the…
CVE-2026-30956 2026-03-10 CRITICAL 9.9 OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in OneUptime v10.0.20 and earlier by…
CVE-2026-30945 2026-03-10 HIGH 7.1 StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke…
CVE-2026-30944 2026-03-10 HIGH 8.8 StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for…
CVE-2026-30942 2026-03-10 N/A 0.0 Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to 1.7.3, an authenticated path traversal vulnerability in /api/avatars/[filename] allows any logged-in user to…
CVE-2026-30941 2026-03-10 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an…
CVE-2026-30939 2026-03-10 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.13 and 9.5.1-alpha.2, an unauthenticated attacker can crash…
CVE-2026-30938 2026-03-10 N/A 0.0 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.12 and 9.5.1-alpha.1, the requestKeywordDenylist security control can…
CVE-2026-30934 2026-03-10 HIGH 8.9 FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered…
CVE-2026-30933 2026-03-10 HIGH 7.5 FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, the remediation for CVE-2026-27611 is incomplete. Password protected shares still disclose tokenized downloadURL via…
CVE-2026-30930 2026-03-10 N/A 0.0 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize()…
CVE-2026-30928 2026-03-10 N/A 0.0 Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, the /api/4/config REST API endpoint returns the entire parsed Glances configuration file (glances.conf) via self.config.as_dict() with no…
CVE-2026-30897 2026-03-10 MEDIUM 6.6 A stack-based buffer overflow vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may…
CVE-2026-2742 2026-03-10 N/A 0.0 An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern…
CVE-2026-2741 2026-03-10 N/A 0.0 Specially crafted ZIP archives can escape the intended extraction directory during Node.js download and extraction in Vaadin 14.2.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.8, and 25.0.0…
CVE-2026-2724 2026-03-10 HIGH 7.2 The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form entry fields in all versions up to, and including, 2.0.5. This…
CVE-2026-2339 2026-03-10 HIGH 7.5 Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0.
CVE-2026-2273 2026-03-10 N/A 0.0 CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exist that could cause execution of untrusted commands on the engineering workstation which could result in a limited…
CVE-2026-27661 2026-03-10 MEDIUM 4.3 A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application leaks confidential information in metadata, and files such as information on contributors…
CVE-2026-26738 2026-03-10 HIGH 7.8 Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file.
CVE-2026-26148 2026-03-10 HIGH 8.1 External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26144 2026-03-10 HIGH 7.5 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2026-26141 2026-03-10 HIGH 7.8 Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally.
CVE-2026-26134 2026-03-10 HIGH 7.8 Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26132 2026-03-10 HIGH 7.8 Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26131 2026-03-10 HIGH 7.8 Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-26130 2026-03-10 HIGH 7.5 Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2026-26128 2026-03-10 HIGH 7.8 Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-26127 2026-03-10 HIGH 7.5 Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26121 2026-03-10 HIGH 7.5 Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26118 2026-03-10 HIGH 8.8 Server-side request forgery (ssrf) in Azure MCP Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26117 2026-03-10 HIGH 7.8 Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-26116 2026-03-10 HIGH 8.8 Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26115 2026-03-10 HIGH 8.8 Improper validation of specified type of input in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-26114 2026-03-10 HIGH 8.8 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26113 2026-03-10 HIGH 8.4 Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26112 2026-03-10 HIGH 7.8 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26111 2026-03-10 HIGH 8.8 Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-26110 2026-03-10 HIGH 8.4 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26109 2026-03-10 HIGH 8.4 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26108 2026-03-10 HIGH 7.8 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26107 2026-03-10 HIGH 7.8 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-26106 2026-03-10 HIGH 8.8 Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-26105 2026-03-10 HIGH 8.1 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25972 2026-03-10 MEDIUM 4.3 An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSIEM 7.4.0, FortiSIEM 7.3.0 through 7.3.4 may allow a remote unauthenticated attacker to provide…
CVE-2026-25836 2026-03-10 HIGH 7.2 An improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox Cloud 5.0.4 may allow a privileged attacker with super-admin profile…
CVE-2026-25689 2026-03-10 MEDIUM 6.5 An improper neutralization of argument delimiters in a command ('argument injection') vulnerability in Fortinet FortiDeceptor 6.2.0, FortiDeceptor 6.0 all versions, FortiDeceptor 5.3 all versions, FortiDeceptor 5.2 all versions,…
CVE-2026-25605 2026-03-10 MEDIUM 6.7 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application performs file deletion without properly validating the file path or target. An…
CVE-2026-25573 2026-03-10 HIGH 7.4 A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The affected application builds shell commands with caller-provided strings and executes them. An attacker could…
« Anterior Página 203 de 4221 Siguiente »