Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-56536 2026-04-29 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
CVE-2025-56535 2026-04-29 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter.
CVE-2025-56534 2026-04-29 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2026-42798 2026-04-30 MEDIUM 4.0 Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c.
CVE-2018-25313 2026-04-29 MEDIUM 6.2 SysGauge 4.5.18 contains a buffer overflow vulnerability in the proxy configuration handler that allows local attackers to cause a denial of service by supplying an oversized string. Attackers…
CVE-2018-25308 2026-04-29 HIGH 8.8 BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify…
CVE-2018-25307 2026-04-29 HIGH 8.4 SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock…
CVE-2018-25304 2026-04-29 HIGH 8.4 Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain…
CVE-2018-25301 2026-04-29 HIGH 8.4 Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious…
CVE-2018-25300 2026-04-29 HIGH 8.2 XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send…
CVE-2026-7466 2026-04-29 HIGH 8.8 AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST…
CVE-2026-7439 2026-04-29 MEDIUM 4.4 AgentFlow's local web API accepts non-JSON content types on POST /api/runs and POST /api/runs/validate endpoints without enforcing application/json validation, allowing attackers to bypass trust-boundary enforcement on sensitive operations.…
CVE-2026-7270 2026-04-30 HIGH 7.8 An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve(2) argument buffers. The bug may be…
CVE-2026-41882 2026-04-30 HIGH 7.4 In JetBrains IntelliJ IDEA before 2024.3.7.1, 2025.1.7.1, 2025.2.6.2, 2025.3.4.1, 2026.1.1 reading arbitrary local files was possible via built-in web server
CVE-2026-42511 2026-04-30 HIGH 7.3 The BOOTP file field is written to the lease file without escaping embedded double-quotes, allowing injection of arbitrary dhclient.conf directives. When the lease file is subsequently re-parsed by…
CVE-2026-7379 2026-04-30 MEDIUM 5.5 Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-7378 2026-04-30 MEDIUM 5.5 Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-7376 2026-04-30 MEDIUM 5.5 Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-7375 2026-04-30 MEDIUM 5.5 UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6868 2026-04-30 MEDIUM 5.5 HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-1858 2026-04-29 MEDIUM 4.8 wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for…
CVE-2026-7426 2026-04-29 HIGH 8.1 Insufficient validation of the prefix length field in IPv6 Router Advertisement processing in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause memory corruption by…
CVE-2026-7425 2026-04-29 MEDIUM 6.5 Insufficient option length validation in the IPv6 Router Advertisement parser in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to cause a denial of service (device…
CVE-2026-7424 2026-04-29 HIGH 8.1 Integer underflow in the DHCPv6 sub-option parser in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network actor to corrupt the device's IPv6 address assignment, DNS configuration, and…
CVE-2026-7423 2026-04-29 MEDIUM 5.3 Integer underflow in the ICMP and ICMPv6 echo reply handlers in FreeRTOS-Plus-TCP before V4.4.1 and V4.2.6 allows an adjacent network user to cause a denial of service (device…
CVE-2026-7422 2026-04-29 MEDIUM 6.5 Insufficient packet validation in FreeRTOS-Plus-TCP before V4.2.6 and V4.4.1 allows an adjacent network actor to bypass all checksum and minimum-size validation by spoofing the Ethernet source MAC address…
CVE-2026-6915 2026-04-29 MEDIUM 6.3 An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect…
CVE-2026-6914 2026-04-29 MEDIUM 6.5 Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions,…
CVE-2026-2810 2026-04-29 N/A 0.0 Netskope was notified about a potential gap in the Endpoint DLP Module for Netskope Client on Windows systems. The successful exploitation of the gap can potentially allow an…
CVE-2018-25318 2026-04-29 CRITICAL 9.8 Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to…
CVE-2018-25317 2026-04-29 CRITICAL 9.8 Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send…
CVE-2018-25316 2026-04-29 CRITICAL 9.8 Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests…
CVE-2026-41499 2026-04-29 MEDIUM 6.5 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, multiple heap-based out-of-bounds WRITE vulnerabilities exist…
CVE-2026-30893 2026-04-29 CRITICAL 9.0 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's…
CVE-2026-28221 2026-04-29 MEDIUM 6.5 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in…
CVE-2026-26206 2026-04-29 MEDIUM 6.5 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for…
CVE-2026-26204 2026-04-29 MEDIUM 4.4 Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in…
CVE-2026-0206 2026-04-29 MEDIUM 4.9 A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0205 2026-04-29 MEDIUM 6.8 A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
CVE-2026-0204 2026-04-29 HIGH 8.0 A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
CVE-2026-40230 2026-04-29 N/A 0.0 Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or…
CVE-2026-40229 2026-04-29 N/A 0.0 Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it…
CVE-2026-6870 2026-04-30 MEDIUM 5.5 GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6869 2026-04-30 MEDIUM 5.5 WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6867 2026-04-30 MEDIUM 5.5 SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6538 2026-04-30 MEDIUM 5.5 BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6537 2026-04-30 MEDIUM 5.5 ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6536 2026-04-30 MEDIUM 5.5 DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4
CVE-2026-6535 2026-04-30 MEDIUM 5.5 Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
CVE-2026-6534 2026-04-30 MEDIUM 5.5 USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
« Anterior Página 246 de 4469 Siguiente »