Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50193 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been…
CVE-2026-26703 2026-03-02 N/A 0.0 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
CVE-2026-26702 2026-03-02 N/A 0.0 sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
CVE-2026-26696 2026-03-02 N/A 0.0 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
CVE-2026-26695 2026-03-02 N/A 0.0 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
CVE-2026-26694 2026-03-02 N/A 0.0 code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
CVE-2026-24115 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
CVE-2026-24114 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
CVE-2026-24113 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function…
CVE-2026-24111 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and…
CVE-2026-24109 2026-03-02 N/A 0.0 An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating…
CVE-2026-23600 2026-03-02 N/A 0.0 A remote authentication bypass vulnerability  exists in HPE AutoPass License Server (APLS).
CVE-2026-0995 2026-03-02 LOW 3.6 An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
CVE-2025-65465 2026-03-02 MEDIUM 6.1 A reflected Cross-Site Scripting (XSS) vulnerability in the RaiseError function of Skrol29 TbsZip version 2.17 and earlier allows remote attackers to execute arbitrary web script or HTML via…
CVE-2025-58107 2026-03-02 HIGH 7.5 In Microsoft Exchange through 2019, Exchange ActiveSync (EAS) configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address,…
CVE-2025-52482 2026-03-02 HIGH 8.3 Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject…
CVE-2025-50192 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
CVE-2025-50191 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched…
CVE-2025-50190 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has…
CVE-2025-50189 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login…
CVE-2025-50188 2026-03-02 N/A 0.0 Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the…
CVE-2025-50187 2026-03-02 CRITICAL 9.8 Chamilo is a learning management system. Prior to version 1.11.28, parameter from SOAP request is evaluated without filtering which leads to Remote Code Execution. This issue has been…
CVE-2025-50186 2026-03-02 MEDIUM 4.8 Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload…
CVE-2024-50337 2026-03-02 MEDIUM 5.3 Chamilo is a learning management system. Prior to version 1.11.28, the OpenId function allows anyone to send requests to any URL on server's behalf, which results in unauthenticated…
CVE-2024-47886 2026-03-02 N/A 0.0 Chamilo is a learning management system. Chamillo is affected by a post-authentication phar unserialize which leads to a remote code execution (RCE) within versions 1.11.12 to 1.11.26. By…
CVE-2026-26698 2026-03-02 MEDIUM 4.9 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
CVE-2026-26697 2026-03-02 MEDIUM 4.9 code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
CVE-2026-1628 2026-03-02 MEDIUM 4.6 Mattermost Desktop App versions
CVE-2026-3432 2026-03-02 N/A 0.0 On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker…
CVE-2026-3431 2026-03-02 CRITICAL 9.8 On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints…
CVE-2025-14532 2026-03-02 N/A 0.0 DobryCMS's upload file functionality allows an unauthenticated remote attacker to upload files of any type and extension without restriction, which can result in Remote Code Execution. This issue…
CVE-2025-12462 2026-03-02 N/A 0.0 A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.…
CVE-2025-58406 2026-03-02 N/A 0.0 The CGM CLININET application respond without essential security HTTP headers, exposing users to client‑side attacks such as clickjacking, MIME sniffing, unsafe caching, weak cross‑origin isolation, and missing transport…
CVE-2025-58405 2026-03-02 N/A 0.0 The CGM CLININET application does not implement any mechanisms that prevent clickjacking attacks, neither HTTP security headers nor HTML-based frame‑busting protections were detected. As a result, an attacker…
CVE-2025-58402 2026-03-02 N/A 0.0 The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and…
CVE-2025-30062 2026-03-02 N/A 0.0 In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
CVE-2025-30044 2026-03-02 N/A 0.0 In the endpoints "/cgi-bin/CliniNET.prd/utils/usrlogstat_simple.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", "/cgi-bin/CliniNET.prd/utils/userlogstat2.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl", the parameters are not sufficiently normalized, which enables code injection.
CVE-2025-30042 2026-03-02 N/A 0.0 The CGM CLININET system provides smart card authentication; however, authentication is conducted locally on the client device, and, in reality, only the certificate number is used for access…
CVE-2025-30035 2026-03-02 N/A 0.0 The vulnerability enables an attacker to fully bypass authentication in CGM CLININET and gain access to any active user account by supplying only the username, without requiring a…
CVE-2025-10350 2026-03-02 N/A 0.0 SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This…
CVE-2026-2584 2026-03-02 N/A 0.0 A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially…
CVE-2026-20445 2026-03-02 MEDIUM 4.4 In MDDP, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained…
CVE-2026-20444 2026-03-02 MEDIUM 6.7 In display, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already…
CVE-2026-20443 2026-03-02 MEDIUM 6.7 In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained…
CVE-2026-20442 2026-03-02 MEDIUM 4.4 In display, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained…
CVE-2026-20441 2026-03-02 MEDIUM 6.7 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2026-20440 2026-03-02 MEDIUM 6.7 In MAE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2026-20439 2026-03-02 MEDIUM 4.4 In imgsys, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained…
CVE-2026-20438 2026-03-02 MEDIUM 6.4 In MAE, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has…
CVE-2026-20437 2026-03-02 MEDIUM 4.4 In MAE, there is a possible system crash due to use after free. This could lead to local denial of service if a malicious actor has already obtained…
« Anterior Página 240 de 4224 Siguiente »