Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-41758	2026-03-09	HIGH	8.8	A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the…
CVE-2025-41757	2026-03-09	HIGH	8.8	A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not validate the contents of the backup archive…
CVE-2025-41756	2026-03-09	HIGH	8.1	A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to write arbitrary files on the system.
CVE-2025-41755	2026-03-09	MEDIUM	6.5	A low-privileged remote attacker can exploit the ubr-logread method in wwwubr.cgi to read arbitrary files on the system. The endpoint accepts a parameter specifying the log file to…
CVE-2025-41754	2026-03-09	MEDIUM	6.5	A low-privileged remote attacker can exploit the ubr-editfile method in wwwubr.cgi, an undocumented and unused API endpoint to read arbitrary files on the system.
CVE-2026-3823	2026-03-09	HIGH	8.8	EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
CVE-2026-30896	2026-03-09	HIGH	7.8	The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same…
CVE-2026-3822	2026-03-09	MEDIUM	6.5	Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate.…
CVE-2026-3798	2026-03-09	MEDIUM	4.7	A vulnerability was detected in Comfast CF-AC100 2.6.0.8. This affects the function sub_44AC14 of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component Request Path Handler. The manipulation results in command…
CVE-2026-3797	2026-03-09	MEDIUM	6.3	A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the file /src/com/tiandy/easy7/core/rest/CLS_REST_File.java. The manipulation of the…
CVE-2026-3796	2026-03-09	MEDIUM	5.3	A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini…
CVE-2026-3631	2026-03-09	HIGH	7.5	Delta Electronics COMMGR2 has Buffer Over-read DoS vulnerability.
CVE-2026-3630	2026-03-09	CRITICAL	9.8	Delta Electronics COMMGR2 has Stack-based Buffer Overflow vulnerability.
CVE-2026-3795	2026-03-09	MEDIUM	6.3	A security flaw has been discovered in doramart DoraCMS 3.0.x. Impacted is the function createFileBypath of the file /DoraCMS/server/app/router/api/v1.js. Performing a manipulation results in path traversal. The attack…
CVE-2026-3794	2026-03-09	HIGH	7.3	A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper…
CVE-2026-3789	2026-03-09	MEDIUM	6.3	A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument…
CVE-2026-3788	2026-03-09	MEDIUM	6.3	A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of the…
CVE-2026-3787	2026-03-08	HIGH	7.0	A weakness has been identified in UltraVNC 1.6.4.0 on Windows. This affects an unknown function in the library cryptbase.dll of the component Windows Service. This manipulation causes uncontrolled…
CVE-2026-3767	2026-03-08	MEDIUM	6.3	A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument…
CVE-2026-3753	2026-03-08	MEDIUM	6.3	A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of…
CVE-2026-3752	2026-03-08	MEDIUM	4.7	A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component…
CVE-2026-3751	2026-03-08	MEDIUM	4.7	A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation…
CVE-2026-3750	2026-03-08	MEDIUM	4.7	A security vulnerability has been detected in ContiNew Admin up to 4.2.0. This issue affects the function URI.create of the file continew-system/src/main/java/top/continew/admin/system/factory/S3ClientFactory.java of the component Storage Management Module.…
CVE-2026-3749	2026-03-08	MEDIUM	6.3	A weakness has been identified in Bytedesk up to 1.3.9. This vulnerability affects the function handleFileUpload of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestService.java of the component SVG File Handler. Executing a…
CVE-2026-3748	2026-03-08	MEDIUM	6.3	A security flaw has been discovered in Bytedesk up to 1.3.9. This affects the function uploadFile of the file source-code/src/main/java/com/bytedesk/core/upload/UploadRestController.java of the component SVG File Handler. Performing a…
CVE-2026-3747	2026-03-08	HIGH	7.3	A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject…
CVE-2026-3746	2026-03-08	HIGH	7.3	A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This…
CVE-2026-3745	2026-03-08	MEDIUM	6.3	A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql…
CVE-2026-3744	2026-03-08	HIGH	7.3	A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to…
CVE-2026-3743	2026-03-08	LOW	3.5	A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to…
CVE-2026-3742	2026-03-08	LOW	3.5	A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in…
CVE-2026-3741	2026-03-08	LOW	3.5	A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads…
CVE-2026-3740	2026-03-08	HIGH	7.3	A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql…
CVE-2025-33022	2026-03-09	N/A	0.0	Rejected reason: The reporter agreed to not assign CVE ID
CVE-2026-3739	2026-03-08	MEDIUM	6.3	A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in…
CVE-2026-3738	2026-03-08	MEDIUM	6.3	A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization.…
CVE-2026-3737	2026-03-08	MEDIUM	6.3	A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a…
CVE-2026-3736	2026-03-08	HIGH	7.3	A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of…
CVE-2026-3735	2026-03-08	HIGH	7.3	A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of…
CVE-2026-3734	2026-03-08	HIGH	7.3	A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of…
CVE-2026-3733	2026-03-08	MEDIUM	6.3	A vulnerability was detected in xuxueli xxl-job up to 3.3.2. This impacts an unknown function of the file source-code/src/main/java/com/xxl/job/admin/controller/JobInfoController.java. The manipulation results in server-side request forgery. It is…
CVE-2026-3732	2026-03-08	HIGH	8.8	A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based…
CVE-2026-3731	2026-03-08	MEDIUM	5.3	A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler.…
CVE-2026-3730	2026-03-08	HIGH	7.3	A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of…
CVE-2026-3729	2026-03-08	HIGH	8.8	A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow.…
CVE-2026-3728	2026-03-08	HIGH	8.8	A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow.…
CVE-2026-3727	2026-03-08	HIGH	8.8	A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer…
CVE-2026-3726	2026-03-08	HIGH	8.8	A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer…
CVE-2026-3725	2026-03-08	MEDIUM	6.3	A flaw has been found in 1024-lab/lab1024 SmartAdmin up to 3.29. Affected by this issue is the function freemarkerResolverContent of the file sa-base/src/main/java/net/lab1024/sa/base/module/support/mail/MailService.java of the component FreeMarker Template…
CVE-2026-3724	2026-03-08	MEDIUM	6.3	A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument…

« Anterior Página 210 de 4221 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte