Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-23232 2026-03-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert…
CVE-2025-71238 2026-03-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page…
CVE-2025-70342 2026-03-04 MEDIUM 6.6 erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations…
CVE-2025-70341 2026-03-04 HIGH 7.8 Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files.
CVE-2026-3103 2026-03-04 N/A 0.0 A logic error in the remove_password() function in Checkmk GmbH's Checkmk versions
CVE-2025-40896 2026-03-04 MEDIUM 6.5 The server certificate was not verified when an Arc agent connected to a Guardian or CMC. A malicious actor could perform a man-in-the-middle attack and intercept the communication…
CVE-2025-40895 2026-03-04 MEDIUM 4.8 A Stored HTML Injection vulnerability was discovered in the CMC's Sensor Map functionality due to improper validation on connected Guardians' properties. A malicious authenticated user with administrator privileges…
CVE-2025-40894 2026-03-04 MEDIUM 4.4 A Stored HTML Injection vulnerability was discovered in the Alerted Nodes Dashboard functionality due to improper validation on an input parameter. A malicious authenticated user with the required…
CVE-2026-24732 2026-03-04 N/A 0.0 Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by…
CVE-2026-23231 2026-03-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering…
CVE-2026-3058 2026-03-04 MEDIUM 4.3 The Seraphinite Accelerator plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.28.14 via the `seraph_accel_api` AJAX action with `fn=GetData`. This…
CVE-2026-3056 2026-03-04 MEDIUM 4.3 The Seraphinite Accelerator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `seraph_accel_api` AJAX action with `fn=LogClear` in all…
CVE-2026-2355 2026-03-04 MEDIUM 6.4 The My Calendar – Accessible Event Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template` attribute of the `[my_calendar_upcoming]` shortcode in all versions up…
CVE-2026-1674 2026-03-04 MEDIUM 6.5 The Gutena Forms – Contact Form, Survey Form, Feedback Form, Booking Form, and Custom Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to…
CVE-2026-3439 2026-03-04 MEDIUM 4.9 A post-authentication Stack-based Buffer Overflow vulnerability in SonicOS certificate handling allows a remote attacker to crash a firewall.
CVE-2026-1706 2026-03-04 MEDIUM 6.1 The All-in-One Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'vi' parameter in all versions up to, and including, 4.7.1 due to insufficient…
CVE-2023-7337 2026-03-04 HIGH 7.5 The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an…
CVE-2026-3094 2026-03-04 HIGH 7.8 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context…
CVE-2026-2748 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 improperly validates S/MIME certificates issued for email addresses containing whitespaces, allowing signature spoofing.
CVE-2026-2747 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor.
CVE-2026-2746 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails.
CVE-2026-27445 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 does not properly verify that a PGP signature was generated by the expected key, allowing signature spoofing.
CVE-2026-27444 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to…
CVE-2026-27443 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers.
CVE-2026-27442 2026-03-04 N/A 0.0 The GINA web interface in SEPPmail Secure Email Gateway before version 15.0.1 does not properly check attachment filenames in GINA-encrypted emails, allowing an attacker to access files on…
CVE-2026-27441 2026-03-04 N/A 0.0 SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution.
CVE-2026-1236 2026-03-04 MEDIUM 6.4 The Envira Gallery for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'justified_gallery_theme' parameter in all versions up to, and including, 1.12.3 due to…
CVE-2025-66168 2026-03-04 MEDIUM 5.4 Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may…
CVE-2026-29120 2026-03-04 N/A 0.0 The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure…
CVE-2026-29119 2026-03-04 N/A 0.0 International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can use these undocumented credentials to access…
CVE-2026-28778 2026-03-04 N/A 0.0 International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker can log in via FTP using…
CVE-2026-28777 2026-03-04 N/A 0.0 International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH access to the…
CVE-2026-28776 2026-03-04 N/A 0.0 International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, undocumented credentials to access the…
CVE-2026-28775 2026-03-04 N/A 0.0 An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the `private` SNMP…
CVE-2026-28774 2026-03-04 N/A 0.0 An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated…
CVE-2026-28773 2026-03-04 N/A 0.0 The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The…
CVE-2026-28772 2026-03-04 N/A 0.0 A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker…
CVE-2026-28771 2026-03-04 N/A 0.0 A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application…
CVE-2026-2732 2026-03-04 MEDIUM 5.4 The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all versions up…
CVE-2026-2363 2026-03-04 MEDIUM 6.5 The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, 3.5.5.1.…
CVE-2026-28770 2026-03-04 N/A 0.0 Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection.…
CVE-2026-28769 2026-03-04 N/A 0.0 A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can…
CVE-2026-2292 2026-03-04 MEDIUM 4.4 The Morkva UA Shipping plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7.9 due to insufficient input…
CVE-2026-2289 2026-03-04 MEDIUM 4.4 The Taskbuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.0.3 due to insufficient input sanitization and…
CVE-2026-1980 2026-03-04 MEDIUM 5.3 The WPBookit plugin for WordPress is vulnerable to unauthorized data disclosure due to a missing authorization check on the 'get_customer_list' route in all versions up to, and including,…
CVE-2026-1945 2026-03-04 HIGH 7.2 The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb_user_name' and 'wpb_user_email' parameters in all versions up to, and including, 1.0.8 due to insufficient…
CVE-2026-1651 2026-03-04 MEDIUM 6.5 The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflow_ids' parameter in all versions up to, and including, 5.9.16 due to…
CVE-2026-1273 2026-03-04 HIGH 7.2 The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2026-3266 2026-03-03 N/A 0.0 Missing Authorization vulnerability in OpenText™ Filr allows Authentication Bypass. The vulnerability could allow unauthenticated users to get XSRF token and do RPC with carefully crafted programs. This issue affects…
CVE-2026-28289 2026-03-03 CRITICAL 10.0 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. A patch bypass vulnerability for CVE-2026-27636 in FreeScout 1.8.206 and earlier allows any authenticated…
« Anterior Página 233 de 4224 Siguiente »