Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-23669 2026-03-10 HIGH 8.8 Use after free in Windows Print Spooler Components allows an authorized attacker to execute code over a network.
CVE-2026-23668 2026-03-10 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-23667 2026-03-10 HIGH 7.0 Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally.
CVE-2026-23665 2026-03-10 HIGH 7.8 Heap-based buffer overflow in Azure Linux Virtual Machines allows an authorized attacker to elevate privileges locally.
CVE-2026-23664 2026-03-10 HIGH 7.5 Improper restriction of communication channel to intended endpoints in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23662 2026-03-10 HIGH 7.5 Missing authentication for critical function in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23661 2026-03-10 HIGH 7.5 Cleartext transmission of sensitive information in Azure IoT Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-23660 2026-03-10 HIGH 7.8 Improper access control in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-23656 2026-03-10 MEDIUM 5.9 Insufficient verification of data authenticity in Windows App Installer allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-23654 2026-03-10 HIGH 8.8 Dependency on vulnerable third-party component in GitHub Repo: zero-shot-scfoundation allows an unauthorized attacker to execute code over a network.
CVE-2026-23240 2026-03-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tls: Fix race condition in tls_sw_cancel_work_tx() This issue was discovered during a code audit. After cancel_delayed_work_sync() is called…
CVE-2026-23239 2026-03-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: espintcp: Fix race condition in espintcp_close() This issue was discovered during a code audit. After cancel_work_sync() is called…
CVE-2026-22629 2026-03-10 LOW 3.7 An improper restriction of excessive authentication attempts vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4 all versions, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4…
CVE-2026-22628 2026-03-10 MEDIUM 5.3 An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file.
CVE-2026-22627 2026-03-10 HIGH 8.8 A buffer copy without checking size of input ('classic buffer overflow') vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an unauthenticated attacker within the same adjacent network…
CVE-2026-3944 2026-03-11 HIGH 7.3 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection.…
CVE-2026-3178 2026-03-11 HIGH 7.2 The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' parameter in all versions up to, and including, 1.32.1 due to insufficient input…
CVE-2026-3906 2026-03-11 MEDIUM 4.3 WordPress core is vulnerable to unauthorized access in versions 6.9 through 6.9.1. The Notes feature (block-level collaboration annotations) was introduced in WordPress 6.9 to allow editorial comments directly…
CVE-2026-3492 2026-03-11 MEDIUM 6.4 The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.9.28.1. This is due to a compound failure involving…
CVE-2026-3231 2026-03-11 HIGH 7.2 The Checkout Field Editor (Checkout Manager) for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted through the WooCommerce…
CVE-2026-1993 2026-03-11 HIGH 8.8 The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting…
CVE-2026-1992 2026-03-11 HIGH 8.8 The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Insecure Direct Object Reference in versions 8.6.0 through 9.0.2. This is due to the `store_settings()` method…
CVE-2026-1454 2026-03-11 HIGH 7.2 The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.1 via form…
CVE-2026-3903 2026-03-11 MEDIUM 4.3 The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is…
CVE-2026-2918 2026-03-11 MEDIUM 6.4 The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_condition_update` AJAX action.…
CVE-2026-2917 2026-03-11 MEDIUM 5.4 The Happy Addons for Elementor plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.21.0 via the `ha_duplicate_thing` admin action…
CVE-2026-1708 2026-03-11 HIGH 7.5 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This…
CVE-2024-14026 2026-03-11 N/A 0.0 A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account,…
CVE-2024-14025 2026-03-11 N/A 0.0 An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then…
CVE-2024-14024 2026-03-11 N/A 0.0 An improper certificate validation vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can…
CVE-2026-3826 2026-03-11 CRITICAL 9.8 IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2026-3825 2026-03-11 MEDIUM 6.1 IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-3824 2026-03-11 MEDIUM 6.1 IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
CVE-2026-3534 2026-03-11 MEDIUM 6.4 The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-background-meta` and `ast-content-background-meta` post meta fields in all versions up to, and including, 4.12.3. This…
CVE-2026-31844 2026-03-11 HIGH 8.8 An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues…
CVE-2026-3911 2026-03-11 LOW 2.7 A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnerability in the UserResource component. By accessing a specific administrative endpoint, this…
CVE-2026-3884 2026-03-11 MEDIUM 6.1 Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each…
CVE-2026-3222 2026-03-11 HIGH 7.5 The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_id' parameter in all versions up to, and including, 4.9.1. This is due…
CVE-2026-2707 2026-03-11 MEDIUM 6.4 The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry submission endpoint in all versions up to, and including, 1.6.27. This is…
CVE-2026-2358 2026-03-11 MEDIUM 6.4 The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_likers_box]` shortcode `template` attribute in all versions up to, and including, 5.0.1. This is…
CVE-2026-27842 2026-03-11 CRITICAL 9.8 Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration.
CVE-2026-24448 2026-03-11 CRITICAL 9.8 Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to obtain administrative access.
CVE-2026-20892 2026-03-11 HIGH 7.2 Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with administrative privileges to execute arbitrary commands.
CVE-2023-27573 2026-03-11 CRITICAL 9.0 netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost…
CVE-2026-2413 2026-03-11 HIGH 7.5 The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the URL path in all versions up to, and including, 4.0.3. This…
CVE-2025-13067 2026-03-11 HIGH 8.8 The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 1.7.1049. This is due to insufficient file…
CVE-2026-29515 2026-03-11 N/A 0.0 MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP server component that allows network attackers to log in without valid credentials. Attackers can send arbitrary…
CVE-2026-3453 2026-03-11 HIGH 8.1 The ProfilePress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.16.11. This is due to missing ownership validation on…
CVE-2026-2324 2026-03-11 MEDIUM 6.1 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This…
CVE-2026-1781 2026-03-11 MEDIUM 6.5 The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.11.1. This is due to the plugin trusting…
« Anterior Página 205 de 4221 Siguiente »