Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-43120 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released…
CVE-2026-43119 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, several other functions…
CVE-2026-43118 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as…
CVE-2026-43117 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs,…
CVE-2026-43116 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master…
CVE-2026-43115 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the…
CVE-2026-43114 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are…
CVE-2026-43113 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the…
CVE-2026-43112 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing…
CVE-2026-43111 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the readers_lock. This allows…
CVE-2026-43110 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[],…
CVE-2026-43109 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock 김영민 reports that shstk_pop_sigframe() doesn't check for errors from…
CVE-2026-43108 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei for reason not…
CVE-2026-43107 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMA_IF_ID in aevent size calculation xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then build_aevent() appends attributes…
CVE-2026-43106 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expect 2 references to…
CVE-2026-43105 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix memory leak of BO array in hang state The hang state's BO array is allocated separately…
CVE-2026-43104 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4_save_hang_state() encounters an early return condition, it…
CVE-2026-43103 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: lapbether: handle NETDEV_PRE_TYPE_CHANGE lapbeth_data_transmit() expects the underlying device type to be ARPHRD_ETHER. Returning NOTIFY_BAD from lapbeth_device_event() makes…
CVE-2026-43102 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix memory leak in airoha_qdma_rx_process() If an error occurs on the subsequents buffers belonging to the…
CVE-2026-43101 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() We need to check __in6_dev_get() for possible NULL value, as…
CVE-2026-43100 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIG_BRIDGE_VLAN_FILTERING is not set, br_vlan_group() and nbp_vlan_group()…
CVE-2026-43099 2026-05-06 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: fix null-ptr-deref in icmp_build_probe() ipv6_stub->ipv6_dev_find() may return ERR_PTR(-EAFNOSUPPORT) when the IPv6 stack is not active (CONFIG_IPV6=m…
CVE-2026-1719 2026-05-06 HIGH 7.5 The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied…
CVE-2026-7457 2026-05-06 MEDIUM 6.4 The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the…
CVE-2026-7448 2026-05-06 HIGH 7.2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'first_name' parameter in all versions up to,…
CVE-2026-7332 2026-05-06 HIGH 7.2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'booking_form_page_url' parameter in all versions up to,…
CVE-2026-6672 2026-05-06 MEDIUM 6.4 The Affiliate Program Suite — SliceWP Affiliates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.2.7. This…
CVE-2026-6344 2026-05-06 MEDIUM 4.9 The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the…
CVE-2026-2306 2026-05-06 MEDIUM 4.3 The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to unauthorized database table creation due to missing authorization checks on the `createFluentCartTable` function in…
CVE-2026-5753 2026-05-06 MEDIUM 6.5 The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmve_Schedules_Controller::save' handler…
CVE-2026-3208 2026-05-06 MEDIUM 5.3 The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint…
CVE-2026-6210 2026-05-06 N/A 0.0 A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves…
CVE-2026-6420 2026-05-06 MEDIUM 6.3 A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime…
CVE-2026-40001 2026-05-06 MEDIUM 5.2 There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and…
CVE-2026-7841 2026-05-06 HIGH 8.8 A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server by…
CVE-2026-23928 2026-05-06 N/A 0.0 The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an…
CVE-2026-23927 2026-05-06 N/A 0.0 A user able to connect to Agent 2 can inject an Oracle TNS connection string via the 'service' parameter. This can lead to Agent 2 connecting to an…
CVE-2026-23926 2026-05-06 N/A 0.0 An authenticated (non-super) administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the…
CVE-2026-42997 2026-05-05 HIGH 7.7 An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The…
CVE-2026-43002 2026-05-05 MEDIUM 5.3 An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can…
CVE-2026-7573 2026-05-06 MEDIUM 5.0 An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles…
CVE-2026-7572 2026-05-06 MEDIUM 4.4 An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial…
CVE-2025-71256 2026-05-06 HIGH 7.5 In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71255 2026-05-06 HIGH 7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71254 2026-05-06 HIGH 7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71253 2026-05-06 HIGH 7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71252 2026-05-06 HIGH 7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71251 2026-05-06 HIGH 7.5 In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-44405 2026-05-06 LOW 3.4 In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
CVE-2026-40110 2026-05-05 N/A 0.0 Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pat…
« Anterior Página 233 de 4474 Siguiente »