Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-36340 2026-04-30 HIGH 8.1 An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function
CVE-2025-71284 2026-04-30 CRITICAL 9.8 Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly…
CVE-2025-51846 2026-04-30 HIGH 7.5 CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2.
CVE-2026-5174 2026-04-30 HIGH 7.7 Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before…
CVE-2026-4670 2026-04-30 CRITICAL 9.8 Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions…
CVE-2025-14543 2026-04-30 N/A 0.0 Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0…
CVE-2022-50993 2026-04-30 CRITICAL 9.8 Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending…
CVE-2022-50992 2026-04-30 HIGH 7.5 Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to…
CVE-2026-36960 2026-04-30 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as…
CVE-2026-31693 2026-04-30 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: cifs: some missing initializations on replay In several places in the code, we have a label to signify…
CVE-2026-31787 2026-04-30 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix double free via VMA splitting privcmd_vm_ops defines .close (privcmd_close), but neither .may_split nor .open. When userspace…
CVE-2026-31786 2026-04-30 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Buffer overflow in drivers/xen/sys-hypervisor.c The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is neither NUL terminated nor a string. The…
CVE-2026-31692 2026-04-30 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the peer network…
CVE-2026-7246 2026-04-30 HIGH 7.2 Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account.
CVE-2026-36959 2026-04-30 HIGH 7.5 U-SPEED N300 router V1.0.0 does not implement rate limiting or account lockout protections on the /api/login endpoint. This allows an attacker on the local network to perform unlimited…
CVE-2026-34998 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2026-34997 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2026-36958 2026-04-30 HIGH 7.5 A denial-of-service vulnerability exists in the U-SPEED N300 V1.0.0 wireless router. By sending a large number of concurrent HTTP requests to random or non-existent endpoints on the web…
CVE-2026-36957 2026-04-30 HIGH 7.5 Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router V1.0.0 is vulnerable to Denial of Service via the boa web server URI handler. By initiating a high-volume flood…
CVE-2026-36956 2026-04-30 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF…
CVE-2026-34996 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2026-34995 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2026-34994 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2025-51850 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2025-51849 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2025-51847 2026-04-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue.…
CVE-2025-13890 2026-04-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12494. Reason: This candidate is a reservation duplicate of CVE-2025-12494. Notes: All CVE users should reference…
CVE-2026-7500 2026-04-30 MEDIUM 5.4 When Keycloak is started with `--features-disabled=account,account-api`, the Account REST API is only partially disabled. Five endpoints under the versioned path `/account/v1alpha1` remain fully functional — including both read…
CVE-2025-14576 2026-04-30 N/A 0.0 Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML…
CVE-2024-13971 2026-04-30 N/A 0.0 Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the…
CVE-2026-1493 2026-04-30 N/A 0.0 LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in…
CVE-2026-22070 2026-04-30 HIGH 7.1 ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal.
CVE-2026-41226 2026-04-30 MEDIUM 6.1 Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to…
CVE-2024-39847 2026-04-30 N/A 0.0 Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on…
CVE-2025-13030 2026-04-30 HIGH 7.1 All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary…
CVE-2026-7381 2026-04-29 CRITICAL 9.1 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting (sendfile type) to be set by the client via the X-Sendfile-Type header,…
CVE-2025-50328 2026-04-29 HIGH 7.3 A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from…
CVE-2018-25309 2026-04-29 HIGH 7.2 MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads…
CVE-2018-25306 2026-04-29 MEDIUM 6.2 PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation…
CVE-2018-25305 2026-04-29 MEDIUM 6.2 librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input…
CVE-2018-25299 2026-04-29 HIGH 8.4 Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through…
CVE-2018-25298 2026-04-29 MEDIUM 5.3 Merge PACS 7.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms targeting the merge-viewer endpoint. Attackers can submit…
CVE-2026-27105 2026-04-29 MEDIUM 6.3 Dell/Alienware Purchased Apps, versions prior to 1.1.31.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2026-5712 2026-04-29 HIGH 8.0 This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a…
CVE-2026-26015 2026-04-29 N/A 0.0 DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment,…
CVE-2026-42198 2026-04-29 HIGH 7.5 pgjdbc is an open source postgresql JDBC Driver. From version 42.2.0 to before version 42.7.11, pgjdbc is vulnerable to a client-side denial of service during SCRAM-SHA-256 authentication. A…
CVE-2026-41940 2026-04-29 CRITICAL 9.8 cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.
CVE-2026-37555 2026-04-29 HIGH 7.5 An issue was discovered in libsndfile 1.2.2 IMA ADPCM codec. The AIFF code path (line 241) was fixed with (sf_count_t) cast, but the WAV code path (line 235)…
CVE-2026-30769 2026-04-29 HIGH 7.8 An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests.
CVE-2025-56537 2026-04-29 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into…
« Anterior Página 245 de 4469 Siguiente »