Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-28360 2026-03-02 N/A 0.0 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, shared view passwords were stored in plaintext in the database and compared using direct string equality.…
CVE-2026-28359 2026-03-02 N/A 0.0 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Editor role can inject arbitrary HTML into Rich Text cells by bypassing…
CVE-2026-28358 2026-03-02 N/A 0.0 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, the password forgot endpoint returned different responses for registered and unregistered emails, allowing user enumeration. This…
CVE-2026-28357 2026-03-02 N/A 0.0 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, a stored XSS vulnerability exists in the Formula virtual cell. Formula results containing URI::() patterns are…
CVE-2026-28286 2026-03-02 HIGH 8.5 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, the application enforces restrictions in the frontend/UI to…
CVE-2026-26708 2026-03-02 N/A 0.0 sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.
CVE-2026-26700 2026-03-02 N/A 0.0 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
CVE-2026-24105 2026-03-02 N/A 0.0 An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18_multi. The value of `v1` was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd.
CVE-2026-23865 2026-03-02 MEDIUM 5.3 An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR…
CVE-2026-21385 2026-03-02 HIGH 7.8 Memory corruption while using alignments for memory allocation.
CVE-2025-70252 2026-03-02 N/A 0.0 An issue was discovered in /goform/WifiWpsStart in Tenda AC6V2.0 V15.03.06.23_multi. The index and mode are controllable. If the conditions are met to sprintf, they will be spliced into…
CVE-2025-64427 2026-03-02 HIGH 7.1 ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction…
CVE-2025-59603 2026-03-02 HIGH 7.8 Memory Corruption when processing invalid user address with nonstandard buffer address.
CVE-2025-59600 2026-03-02 HIGH 7.8 Memory Corruption when adding user-supplied data without checking available buffer space.
CVE-2025-47386 2026-03-02 HIGH 7.8 Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.
CVE-2025-47385 2026-03-02 HIGH 7.8 Memory Corruption when accessing trusted execution environment without proper privilege check.
CVE-2025-47384 2026-03-02 MEDIUM 6.5 Transient DOS when MAC configures config id greater than supported maximum value.
CVE-2025-47383 2026-03-02 HIGH 7.2 Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
CVE-2025-47381 2026-03-02 HIGH 7.8 Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
CVE-2025-47379 2026-03-02 HIGH 7.8 Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.
CVE-2025-47378 2026-03-02 HIGH 7.1 Cryptographic Issue when a shared VM reference allows HLOS to boot loader and access cert chain.
CVE-2025-47377 2026-03-02 HIGH 7.8 Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.
CVE-2025-47376 2026-03-02 HIGH 7.8 Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.
CVE-2025-47375 2026-03-02 HIGH 7.8 Memory corruption while handling different IOCTL calls from the user-space simultaneously.
CVE-2025-47373 2026-03-02 HIGH 7.8 Memory Corruption when accessing buffers with invalid length during TA invocation.
CVE-2025-47371 2026-03-02 MEDIUM 6.5 Transient DOS when an LTE RLC packet with invalid TB is received by UE.
CVE-2026-28412 2026-03-02 MEDIUM 6.5 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends…
CVE-2026-28403 2026-03-02 HIGH 7.6 Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:`) accepts connections from any origin without validating the HTTP `Origin` header during…
CVE-2026-26720 2026-03-02 CRITICAL 9.8 An issue in Twenty CRM v1.15.0 and before allows a remote attacker to execute arbitrary code via the local.driver.ts module.
CVE-2026-26701 2026-03-02 N/A 0.0 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
CVE-2026-26699 2026-03-02 HIGH 8.8 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
CVE-2026-24112 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and…
CVE-2026-24110 2026-03-02 CRITICAL 9.8 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret =…
CVE-2026-24101 2026-03-02 CRITICAL 9.8 An issue was discovered in goform/formSetIptv in Tenda AC15V1.0 V15.03.05.18_multi. When the condition is met, `s1_1` will be passed into sub_B0488, concatenated into `doSystemCmd`. The value of s1_1…
CVE-2026-0689 2026-03-02 N/A 0.0 In ExtremeCloud IQ – Site Engine (XIQ‑SE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP…
CVE-2025-66880 2026-03-02 MEDIUM 6.1 Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094)…
CVE-2025-52998 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects…
CVE-2025-52564 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary…
CVE-2025-52563 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the…
CVE-2025-52476 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/user_list.php.…
CVE-2025-52475 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is not properly…
CVE-2025-52470 2026-03-02 MEDIUM 4.8 Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by improper sanitization…
CVE-2025-52469 2026-03-02 HIGH 7.1 Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to…
CVE-2025-52468 2026-03-02 HIGH 8.8 Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient…
CVE-2025-50199 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched…
CVE-2025-50198 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters.…
CVE-2025-50197 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been…
CVE-2025-50196 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been…
CVE-2025-50195 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.
CVE-2025-50194 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.
« Anterior Página 239 de 4224 Siguiente »