Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-40686 2026-04-30 LOW 3.7 In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present (malformed UTF-8 header data). Information might be…
CVE-2026-40912 2026-04-30 HIGH 8.2 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middleware…
CVE-2026-41174 2026-04-30 MEDIUM 6.4 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation…
CVE-2026-41263 2026-04-30 LOW 3.7 Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows…
CVE-2026-43505 2026-05-01 MEDIUM 6.5 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying…
CVE-2026-43504 2026-05-01 MEDIUM 6.5 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying…
CVE-2026-43506 2026-05-01 MEDIUM 5.3 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from…
CVE-2026-43507 2026-05-01 MEDIUM 5.3 An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource…
CVE-2025-56568 2026-04-30 N/A 0.0 Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of…
CVE-2026-40201 2026-05-01 MEDIUM 5.4 @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file.
CVE-2025-46115 2026-04-30 N/A 0.0 An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
CVE-2026-43003 2026-05-01 HIGH 8.0 An issue was discovered in OpenStack ironic-python-agent 1.0.0 through 11.5.0. Ironic Python Agent (IPA) sometimes executes grub-install from within a chroot of the deployed partition image, leading to…
CVE-2026-43001 2026-05-01 HIGH 7.9 An issue was discovered in OpenStack Keystone 13 through 29. POST /v3/credentials did not validate that the caller-supplied project_id for an EC2-type credential matched the project of the…
CVE-2026-42994 2026-05-01 N/A 0.0 Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.
CVE-2026-40904 2026-04-30 HIGH 8.1 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset…
CVE-2026-40603 2026-04-30 MEDIUM 6.5 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy…
CVE-2026-40601 2026-04-30 HIGH 7.5 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query…
CVE-2026-40600 2026-04-30 HIGH 8.1 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users…
CVE-2026-40595 2026-04-30 HIGH 7.5 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart…
CVE-2026-35514 2026-04-30 MEDIUM 6.5 Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, the endpoint POST /user/invited…
CVE-2026-7551 2026-04-30 HIGH 8.8 HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can…
CVE-2026-6539 2026-04-30 MEDIUM 4.4 Notepad++ 8.9.3 contains a format string injection vulnerability in the Find Results panel handler that allows attackers to cause denial of service and information disclosure by crafting a…
CVE-2026-7435 2026-04-30 HIGH 7.2 SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft…
CVE-2026-7429 2026-04-30 MEDIUM 4.6 SSCMS v7.4.0 contains a reflected cross-site scripting vulnerability in the STL processing endpoint that allows attackers to execute arbitrary JavaScript by crafting malicious STL template payloads that are…
CVE-2026-7584 2026-05-01 HIGH 7.8 The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified…
CVE-2026-22726 2026-05-01 MEDIUM 5.0 Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to…
CVE-2026-40951 2026-04-30 N/A 0.0 CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an…
CVE-2026-40950 2026-04-30 N/A 0.0 CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to…
CVE-2026-40949 2026-04-30 N/A 0.0 CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger…
CVE-2026-33452 2026-04-30 N/A 0.0 CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue…
CVE-2026-33451 2026-04-30 N/A 0.0 CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to…
CVE-2026-33450 2026-04-30 N/A 0.0 CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed…
CVE-2026-33449 2026-04-30 N/A 0.0 CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a…
CVE-2026-33448 2026-04-30 N/A 0.0 CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force…
CVE-2026-33447 2026-04-30 N/A 0.0 CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a…
CVE-2026-33446 2026-04-30 N/A 0.0 CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special…
CVE-2026-6543 2026-04-30 HIGH 8.8 IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment variables…
CVE-2026-6542 2026-04-30 MEDIUM 6.5 IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to…
CVE-2026-6389 2026-04-30 HIGH 8.8 IBM Turbonomic prometurbo agent 8.16.0 through 8.17.6 IBM Turbonomic Application Resource Management grants excessive cluster‑wide permissions, including unrestricted read access to all secrets. An attacker that compromises the…
CVE-2026-3345 2026-04-30 MEDIUM 6.5 IBM Langflow Desktop
CVE-2025-36335 2026-04-30 MEDIUM 6.2 IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user.
CVE-2025-36180 2026-04-30 MEDIUM 5.3 IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions.
CVE-2026-4503 2026-04-30 HIGH 7.5 IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.
CVE-2026-4502 2026-04-30 MEDIUM 6.5 IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot…
CVE-2026-3346 2026-04-30 MEDIUM 6.4 IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI…
CVE-2026-3340 2026-04-30 MEDIUM 6.5 IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system,…
CVE-2026-28909 2026-04-30 MEDIUM 6.5 Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
CVE-2026-7461 2026-04-30 HIGH 7.2 Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might…
CVE-2026-32148 2026-04-30 N/A 0.0 Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file…
CVE-2026-7583 2026-05-01 MEDIUM 4.3 A flaw has been found in Open5GS up to 2.7.7. This issue affects the function bsf_sess_find_by_ipv6prefix of the file /src/bsf/context.c of the component BSF. This manipulation of the…
« Anterior Página 240 de 4469 Siguiente »