Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-24103 2026-03-03 N/A 0.0 A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
CVE-2026-22891 2026-03-03 CRITICAL 9.8 A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file…
CVE-2026-20777 2026-03-03 HIGH 8.1 A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can…
CVE-2025-70821 2026-03-03 N/A 0.0 renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component
CVE-2025-64736 2026-03-03 MEDIUM 6.1 An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to…
CVE-2025-57622 2026-03-03 N/A 0.0 An issue in Step-Video-T2V allows a remote attacker to execute arbitrary code via the /vae-api , /caption-api , feature = pickle.loads(request.get_data()) component
CVE-2025-52365 2026-03-03 HIGH 7.8 A command injection vulnerability in the szc script of the ccurtsinger/stabilizer repository allows remote attackers to execute arbitrary system commands via unsanitized user input passed to os.system(). The…
CVE-2026-3344 2026-03-03 N/A 0.0 A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This…
CVE-2026-3343 2026-03-03 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they…
CVE-2026-3342 2026-03-03 N/A 0.0 An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability…
CVE-2026-3351 2026-03-03 N/A 0.0 Improper authorization in the API endpoint GET /1.0/certificates in Canonical LXD 6.6 on Linux allows an authenticated, restricted user to enumerate all certificate fingerprints trusted by the lxd…
CVE-2026-3463 2026-03-03 LOW 3.3 A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation…
CVE-2025-59060 2026-03-03 MEDIUM 5.3 Hostname verification bypass issue in Apache Ranger NiFiRegistryClient/NiFiClient is reported in Apache Ranger versions
CVE-2025-59059 2026-03-03 CRITICAL 9.8 Remote Code Execution Vulnerability in NashornScriptEngineCreator is reported in Apache Ranger versions
CVE-2026-2568 2026-03-03 HIGH 7.2 The WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission data in all…
CVE-2026-22886 2026-03-03 CRITICAL 9.8 OpenMQ exposes a TCP-based management service (imqbrokerd) that by default requires authentication. However, the product ships with a default administrative account (admin/ admin) and does not enforce a…
CVE-2025-15598 2026-03-03 LOW 3.7 A vulnerability was found in Dataease SQLBot up to 1.5.1. This impacts the function validateEmbedded of the file backend/apps/system/middleware/auth.py of the component JWT Token Handler. Performing a manipulation…
CVE-2026-1876 2026-03-03 N/A 0.0 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP all versions allows a remote attacker to cause a denial-of-service (DoS)…
CVE-2026-1875 2026-03-03 N/A 0.0 Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP all versions allows a remote attacker to cause a denial-of-service (DoS)…
CVE-2026-1874 2026-03-03 N/A 0.0 Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP…
CVE-2025-15595 2026-03-03 N/A 0.0 Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions.
CVE-2025-12345 2026-03-03 HIGH 8.8 A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads…
CVE-2026-3455 2026-03-03 MEDIUM 6.1 Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content.…
CVE-2026-3449 2026-03-03 LOW 3.3 Versions of the package @tootallnate/once before 3.0.1 are vulnerable to Incorrect Control Flow Scoping in promise resolving when AbortSignal option is used. The Promise remains in a permanently…
CVE-2026-1492 2026-03-03 CRITICAL 9.8 The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to improper privilege…
CVE-2026-20801 2026-03-03 MEDIUM 5.6 Cleartext Transmission of Sensitive Information (CWE-319) in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live…
CVE-2026-20757 2026-03-03 LOW 2.5 Improper Locking vulnerability (CWE-667) in Gallagher Morpho integration allows a privileged operator to cause a limited denial-of-service in the Command Centre Server. This issue affects Command Centre Server: 9.40 prior…
CVE-2025-47147 2026-03-03 MEDIUM 5.7 Cleartext Storage of Sensitive Information (CWE-312) in the Command Centre Mobile Client on Android and iOS could allow an attacker with access to a logged-in Operator's mobile device…
CVE-2026-2628 2026-03-03 CRITICAL 9.8 The All-in-One Microsoft 365 & Entra ID / Azure AD SSO Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.2.5.…
CVE-2026-2448 2026-03-03 HIGH 8.8 The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.33.5 via the locate_template() function. This makes…
CVE-2026-2269 2026-03-03 HIGH 7.2 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including,…
CVE-2026-1487 2026-03-03 MEDIUM 6.5 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and…
CVE-2026-0754 2026-03-03 N/A 0.0 An embedded test key and certificate could be extracted from a Poly Voice device using specialized reverse engineering tools. This extracted certificate could be accepted by a SIP…
CVE-2026-1566 2026-03-03 HIGH 8.8 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to privilege escalation via password reset in all versions up to, and including,…
CVE-2026-1336 2026-03-03 MEDIUM 5.3 The AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on…
CVE-2026-2256 2026-03-02 MEDIUM 6.5 A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
CVE-2026-0029 2026-03-02 HIGH 8.4 In __pkvm_init_vm of pkvm.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2026-0025 2026-03-02 HIGH 8.4 In hasImage of Notification.java, there is a possible way to reveal information across users due to a permissions bypass. This could lead to local escalation of privilege with…
CVE-2026-0007 2026-03-02 HIGH 8.6 In writeToParcel of WindowInfo.cpp, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation…
CVE-2025-48654 2026-03-02 HIGH 7.8 In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-48653 2026-03-02 HIGH 7.8 In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation…
CVE-2025-48644 2026-03-02 MEDIUM 5.5 In multiple locations, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no additional execution…
CVE-2025-48642 2026-03-02 MEDIUM 5.5 In jump_to_payload of payload.rs, there is a possible information disclosure due to a logic error in the code. This could lead to local information disclosure with no additional…
CVE-2025-48641 2026-03-02 HIGH 7.0 In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional…
CVE-2025-48635 2026-03-02 HIGH 7.7 In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege…
CVE-2025-48634 2026-03-02 HIGH 7.3 In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution…
CVE-2025-48579 2026-03-02 HIGH 8.4 In multiple functions of MediaProvider.java, there is a possible external storage write permission bypass due to a confused deputy. This could lead to local escalation of privilege with…
CVE-2025-48582 2026-03-02 HIGH 8.4 In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege…
CVE-2025-48585 2026-03-02 MEDIUM 6.2 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no…
CVE-2025-48587 2026-03-02 MEDIUM 6.2 In multiple functions of ProfilingService.java, there is a possible persistent denial of service due to improper input validation. This could lead to local denial of service with no…
« Anterior Página 236 de 4224 Siguiente »