Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-27793 2026-02-27 MEDIUM 6.5 Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Prior to version 3.1.0, the `GET /api/v1/user/:id` endpoint returns the full settings object for…
CVE-2026-27792 2026-02-27 MEDIUM 5.4 Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0…
CVE-2026-27734 2026-02-27 MEDIUM 6.5 Beszel is a server monitoring platform. Prior to version 0.18.2, the hub's authenticated API endpoints GET /api/beszel/containers/logs and GET /api/beszel/containers/info pass the user-supplied "container" query parameter to the…
CVE-2026-27707 2026-02-27 HIGH 7.3 Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. Starting in version 2.0.0 and prior to version 3.1.0, an authentication guard logic flaw…
CVE-2026-27583 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27582 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27581 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27580 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27573 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27501 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27500 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27201 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-27200 2026-02-27 N/A 0.0 Rejected reason: Further research determined the situation described is not a vulnerability.
CVE-2026-26997 2026-02-27 N/A 0.0 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by…
CVE-2026-26862 2026-02-27 HIGH 8.3 CleverTap Web SDK version 1.15.2 and earlier is vulnerable to DOM-based Cross-Site Scripting (XSS) via window.postMessage in the Visual Builder module. The origin validation in src/modules/visualBuilder/pageBuilder.js (lines 56-60)…
CVE-2026-26861 2026-02-27 HIGH 8.3 CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting (XSS) via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes() method,…
CVE-2026-22717 2026-02-27 LOW 2.7 Out-of-bound read vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to obtain limited information disclosure from…
CVE-2026-22716 2026-02-27 MEDIUM 5.0 Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes.
CVE-2025-69437 2026-02-27 HIGH 8.7 PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads…
CVE-2026-2880 2026-02-27 N/A 0.0 A vulnerability in @fastify/middie versions < 9.2.0 can result in authentication/authorization bypass when using path-scoped middleware (for example, app.use('/secret', auth)). When Fastify router normalization options are enabled (such…
CVE-2026-28372 2026-02-27 HIGH 7.4 telnetd in GNU inetutils through 2.7 allows privilege escalation that can be exploited by abusing systemd service credentials support added to the login(1) implementation of util-linux in release…
CVE-2026-2597 2026-02-27 HIGH 7.5 Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes(). The function does not validate that the length parameter is…
CVE-2026-27758 2026-02-27 MEDIUM 4.3 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a cross-site request forgery vulnerability in its management interface that allows attackers to induce authenticated users into submitting forged requests. Attackers…
CVE-2026-27757 2026-02-27 HIGH 7.1 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication vulnerability that allows authenticated users to change account passwords without verifying the current password. Attackers who gain access to…
CVE-2026-27756 2026-02-27 MEDIUM 6.1 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a reflected cross-site scripting vulnerability in the management interface where user input is not properly encoded before output. Attackers can craft…
CVE-2026-27755 2026-02-27 CRITICAL 9.8 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know…
CVE-2026-27754 2026-02-27 MEDIUM 6.5 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with…
CVE-2026-22207 2026-02-26 CRITICAL 9.8 OpenViking through version 0.1.18, prior to commit 0251c70, contains a broken access control vulnerability that allows unauthenticated attackers to gain ROOT privileges when the root_api_key configuration is omitted. Attackers can…
CVE-2026-22206 2026-02-26 HIGH 8.8 SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit…
CVE-2026-22205 2026-02-26 HIGH 7.5 SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type…
CVE-2025-40932 2026-02-27 HIGH 8.2 Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with…
CVE-2026-28363 2026-02-27 CRITICAL 9.9 In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free execution paths that were…
CVE-2026-28274 2026-02-26 HIGH 8.7 Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 are vulnerable to Stored Cross-Site Scripting (XSS) in the document upload functionality. Any user…
CVE-2026-28275 2026-02-26 HIGH 8.1 Initiative is a self-hosted project management platform. Versions of the application prior to 0.32.4 do not invalidate previously issued JWT access tokens after a user changes their password.…
CVE-2026-28276 2026-02-26 HIGH 7.5 Initiative is a self-hosted project management platform. An access control vulnerability exists in Initiative versions prior to 0.32.2 where uploaded documents are served from a publicly accessible /uploads/…
CVE-2026-24352 2026-02-27 CRITICAL 9.8 PluXml CMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker…
CVE-2026-24351 2026-02-27 MEDIUM 5.4 PluXml CMS is vulnerable to Stored XSS in Static Pages editing functionality. Attacker with editing privileges can inject arbitrary HTML and JS into website, which will be rendered/executed…
CVE-2026-24350 2026-02-27 MEDIUM 5.4 PluXml CMS is vulnerable to Stored XSS in file uploading functionality. An authenticated attacker can upload an SVG file containing a malicious payload, which will be executed when…
CVE-2026-3292 2026-02-27 MEDIUM 6.3 A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of…
CVE-2026-3271 2026-02-27 HIGH 8.8 A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results…
CVE-2026-27753 2026-02-27 MEDIUM 6.5 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online…
CVE-2026-27752 2026-02-27 MEDIUM 5.9 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 transmit authentication credentials over unencrypted HTTP, allowing attackers to capture credentials. An attacker positioned to observe network traffic between a user and…
CVE-2026-27751 2026-02-27 CRITICAL 9.8 SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a default credentials vulnerability that allows remote attackers to obtain administrative access to the management interface. Attackers can authenticate using the…
CVE-2026-21619 2026-02-27 N/A 0.0 Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability…
CVE-2019-25497 2026-02-27 HIGH 8.2 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests…
CVE-2019-25496 2026-02-27 HIGH 8.2 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id…
CVE-2019-25495 2026-02-27 HIGH 8.2 osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests…
CVE-2019-25494 2026-02-27 HIGH 8.2 Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password…
CVE-2019-25493 2026-02-27 HIGH 8.2 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET…
CVE-2019-25492 2026-02-27 HIGH 8.2 Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET…
« Anterior Página 244 de 4225 Siguiente »