Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-28395 2026-03-05 MEDIUM 6.5 OpenClaw version 2026.1.14-1 prior to 2026.2.12 contain an improper network binding vulnerability in the Chrome extension (must be installed and enabled) relay server that treats wildcard hosts as…
CVE-2026-28442 2026-03-05 HIGH 8.5 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files…
CVE-2026-28393 2026-03-05 HIGH 7.7 OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings[].transform.module parameter accepts absolute paths and…
CVE-2026-28392 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.14 contain a privilege escalation vulnerability in the Slack slash-command handler that incorrectly authorizes any direct message sender when dmPolicy is set to open…
CVE-2026-28391 2026-03-05 CRITICAL 9.8 OpenClaw versions prior to 2026.2.2 fail to properly validate Windows cmd.exe metacharacters in allowlist-gated exec requests (non-default configuration), allowing attackers to bypass command approval restrictions. Remote attackers can…
CVE-2025-70363 2026-03-06 N/A 0.0 Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object…
CVE-2026-0848 2026-03-05 CRITICAL 10.0 NLTK versions
CVE-2025-15602 2026-03-06 HIGH 8.8 Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious…
CVE-2026-27777 2026-03-06 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-27764 2026-03-06 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-27123 2026-03-06 N/A 0.0 Rejected reason: Reason: This candidate was issued in error.
CVE-2026-27027 2026-03-06 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-26288 2026-03-06 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-26018 2026-03-06 HIGH 7.5 CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a denial of service vulnerability exists in CoreDNS's loop detection plugin that allows an attacker to…
CVE-2026-26017 2026-03-06 HIGH 7.7 CoreDNS is a DNS server that chains plugins. Prior to version 1.14.2, a logical vulnerability in CoreDNS allows DNS access controls to be bypassed due to the default…
CVE-2026-24696 2026-03-06 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-20882 2026-03-06 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-20748 2026-03-06 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-26999 2026-03-05 HIGH 7.5 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing TLS handshake on TCP routers.…
CVE-2026-26998 2026-03-05 MEDIUM 4.4 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.38 and 3.6.9, there is a potential vulnerability in Traefik managing the ForwardAuth middleware responses. When…
CVE-2026-29054 2026-03-05 HIGH 7.5 Traefik is an HTTP reverse proxy and load balancer. From version 2.11.9 to 2.11.37 and from version 3.1.3 to 3.6.8, there is a potential vulnerability in Traefik managing…
CVE-2026-2754 2026-03-06 HIGH 7.5 Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute…
CVE-2026-2753 2026-03-06 HIGH 7.5 An Absolute Path Traversal vulnerability exists in Navtor NavBox. The application exposes an HTTP service that fails to properly sanitize user-supplied path input. Unauthenticated remote attackers can exploit…
CVE-2026-2752 2026-03-06 MEDIUM 5.3 Navtor NavBox allows information disclosure via the /api/ais-data endpoint. A remote, unauthenticated attacker can send crafted requests to trigger an unhandled exception, causing the server to return verbose…
CVE-2026-26051 2026-03-06 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-1799 2026-03-06 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate has been determined not to be a valid vulnerability. Notes: All references and descriptions…
CVE-2022-4947 2026-03-06 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-32111. Reason: This candidate is a reservation duplicate of CVE-2024-32111. Notes: All CVE users should reference…
CVE-2026-25921 2026-03-05 CRITICAL 9.3 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to…
CVE-2026-26022 2026-03-05 HIGH 8.7 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting (XSS) vulnerability exists in the comment and issue description functionality. The application's…
CVE-2026-26194 2026-03-05 HIGH 7.3 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, there's a security issue in gogs where deleting a release can fail if a user controlled…
CVE-2026-26195 2026-03-05 MEDIUM 6.1 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus…
CVE-2018-25200 2026-03-06 MEDIUM 5.3 OOP CMS BLOG 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by crafting malicious POST requests. Attackers can submit forms…
CVE-2018-25199 2026-03-06 HIGH 8.2 OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. Attackers can inject SQL…
CVE-2018-25198 2026-03-06 MEDIUM 6.2 eToolz 3.4.8.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying oversized input buffers. Attackers can create a payload file containing…
CVE-2018-25197 2026-03-06 HIGH 8.2 PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET…
CVE-2018-25196 2026-03-06 HIGH 8.2 ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests…
CVE-2018-25194 2026-03-06 HIGH 8.2 Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. Attackers can send POST…
CVE-2018-25193 2026-03-06 HIGH 7.5 Mongoose Web Server 6.9 contains a denial of service vulnerability that allows remote attackers to crash the service by establishing multiple socket connections. Attackers can repeatedly create connections…
CVE-2018-25192 2026-03-06 HIGH 8.2 GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted…
CVE-2018-25191 2026-03-06 HIGH 7.1 Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. Attackers can send…
CVE-2018-25190 2026-03-06 MEDIUM 5.3 Easyndexer 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative accounts by submitting forged POST requests. Attackers can craft malicious web pages that…
CVE-2018-25189 2026-03-06 HIGH 8.2 Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted…
CVE-2018-25188 2026-03-06 HIGH 8.2 Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send…
CVE-2018-25187 2026-03-06 HIGH 8.2 Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to…
CVE-2018-25186 2026-03-06 MEDIUM 5.3 Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can…
CVE-2018-25184 2026-03-06 MEDIUM 6.2 Surreal ToDo 0.6.1.2 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the content parameter. Attackers can supply directory traversal sequences…
CVE-2018-25182 2026-03-06 HIGH 8.2 Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can…
CVE-2018-25181 2026-03-06 HIGH 7.5 Musicco 2.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary directories by manipulating the parent parameter. Attackers can supply directory traversal sequences in the…
CVE-2018-25180 2026-03-06 HIGH 7.1 Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail…
CVE-2018-25179 2026-03-06 HIGH 8.2 Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send…
« Anterior Página 216 de 4221 Siguiente »