Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-28475 2026-03-05 MEDIUM 4.8 OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the…
CVE-2026-28452 2026-03-05 MEDIUM 5.5 OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the extractArchive function within src/infra/archive.ts that allows attackers to consume excessive CPU, memory, and disk resources…
CVE-2026-28394 2026-03-05 MEDIUM 6.5 OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the web_fetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing…
CVE-2026-26125 2026-03-05 HIGH 8.6 Payment Orchestrator Service Elevation of Privilege Vulnerability
CVE-2026-27750 2026-03-05 HIGH 7.8 Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and…
CVE-2026-27749 2026-03-05 HIGH 7.8 Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file…
CVE-2026-27748 2026-03-05 HIGH 7.8 Avira Internet Security contains an improper link resolution vulnerability in the Software Updater component. During the update process, a privileged service running as SYSTEM deletes a file under…
CVE-2026-23651 2026-03-05 MEDIUM 6.7 Permissive regular expression in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-21536 2026-03-05 CRITICAL 9.8 Microsoft Devices Pricing Program Remote Code Execution Vulnerability
CVE-2026-3606 2026-03-05 LOW 3.3 A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to…
CVE-2026-2593 2026-03-05 MEDIUM 6.4 The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `_gspb_post_css` post meta value and the `dynamicAttributes` block attribute…
CVE-2026-29609 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.14 contain a denial of service vulnerability in the fetchWithGuard function that allocates entire response payloads in memory before enforcing maxBytes limits. Remote attackers…
CVE-2026-28485 2026-03-05 HIGH 8.4 OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on…
CVE-2026-28479 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An…
CVE-2026-28478 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.13 contain a denial of service vulnerability in webhook handlers that buffer request bodies without strict byte or time limits. Remote unauthenticated attackers can…
CVE-2026-28474 2026-03-05 CRITICAL 9.8 OpenClaw's Nextcloud Talk plugin versions prior to 2026.2.6 accept equality matching on the mutable actor.name display name field for allowlist validation, allowing attackers to bypass DM and room…
CVE-2026-28470 2026-03-05 CRITICAL 9.8 OpenClaw versions prior to 2026.2.2 contain an exec approvals (must be enabled) allowlist bypass vulnerability that allows attackers to execute arbitrary commands by injecting command substitution syntax. Attackers…
CVE-2026-28463 2026-03-05 HIGH 8.4 OpenClaw exec-approvals allowlist validation checks pre-expansion argv tokens but execution uses real shell expansion, allowing safe bins like head, tail, or grep to read arbitrary local files via…
CVE-2026-28462 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.13 contain a vulnerability in the browser control API in which it accepts user-supplied output paths for trace and download files without consistently constraining…
CVE-2026-28453 2026-03-05 HIGH 7.5 OpenClaw versions prior to 2026.2.14 fail to validate TAR archive entry paths during extraction, allowing path traversal sequences to write files outside the intended directory. Attackers can craft…
CVE-2026-28058 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Dixon dixon allows PHP Local File Inclusion.This issue affects Dixon: from…
CVE-2026-28057 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Mandala mandala allows PHP Local File Inclusion.This issue affects Mandala: from…
CVE-2026-28056 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX MCKinney's Politics mckinney-politics allows PHP Local File Inclusion.This issue affects MCKinney's…
CVE-2026-28054 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Legal Stone legal-stone allows PHP Local File Inclusion.This issue affects Legal…
CVE-2026-28053 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Miller christine-miller allows PHP Local File Inclusion.This issue affects Miller: from…
CVE-2026-28052 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Peter Mason petermason allows PHP Local File Inclusion.This issue affects Peter…
CVE-2026-28051 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Yacht Rental yacht-rental allows PHP Local File Inclusion.This issue affects Yacht…
CVE-2026-28049 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Police Department police-department allows PHP Local File Inclusion.This issue affects Police…
CVE-2026-28047 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in magentech Victo victo allows PHP Local File Inclusion.This issue affects Victo: from…
CVE-2026-28045 2026-03-05 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX N7 | Golf Club Sports & Events n7-golf-club allows PHP Local…
CVE-2026-21622 2026-03-05 N/A 0.0 Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Account Takeover. Password reset tokens generated via the "Reset your password" flow do not expire. When a user…
CVE-2026-26196 2026-03-05 MEDIUM 5.3 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, gogs api still accepts tokens in url params like token and access_token, which can leak through…
CVE-2026-26276 2026-03-05 HIGH 7.3 Gogs is an open source self-hosted Git service. Prior to version 0.14.2, an attacker can store an HTML/JavaScript payload in a repository’s Milestone name, and when another user…
CVE-2025-66319 2026-03-05 LOW 3.3 Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2026-28537 2026-03-05 MEDIUM 5.1 Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28546 2026-03-05 MEDIUM 5.9 Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28547 2026-03-05 MEDIUM 6.8 Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28548 2026-03-05 HIGH 7.1 Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-28549 2026-03-05 MEDIUM 6.6 Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28551 2026-03-05 MEDIUM 4.7 Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28542 2026-03-05 HIGH 7.3 Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28552 2026-03-05 MEDIUM 6.5 Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28550 2026-03-05 MEDIUM 4.0 Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28545 2026-03-05 MEDIUM 5.9 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28544 2026-03-05 MEDIUM 6.2 Race condition vulnerability in the printing module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28543 2026-03-05 MEDIUM 4.4 Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28541 2026-03-05 MEDIUM 4.0 Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-28540 2026-03-05 MEDIUM 4.0 Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-28539 2026-03-05 MEDIUM 6.2 Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-28538 2026-03-05 MEDIUM 5.9 Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
« Anterior Página 220 de 4222 Siguiente »