Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25774 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-25195 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a…
CVE-2026-25111 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious…
CVE-2026-25109 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious…
CVE-2026-25085 2026-02-27 HIGH 8.6 A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate…
CVE-2026-24695 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious…
CVE-2026-24689 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious…
CVE-2026-24663 2026-02-27 CRITICAL 9.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an unauthenticated attacker to achieve remote code execution on the system by sending a…
CVE-2026-24517 2026-02-27 HIGH 8.0 An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious…
CVE-2026-24445 2026-02-27 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-22878 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-3270 2026-02-27 MEDIUM 6.3 A vulnerability has been found in psi-probe PSI Probe up to 5.3.0. This affects the function lookup of the file psi-probe-core/src/main/java/psiprobe/tools/Whois.java of the component Whois. The manipulation leads…
CVE-2026-3269 2026-02-27 MEDIUM 4.3 A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler.…
CVE-2026-27773 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-27772 2026-02-27 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-27767 2026-02-27 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-27652 2026-02-27 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-25945 2026-02-27 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-25851 2026-02-27 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-25778 2026-02-27 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-25711 2026-02-27 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-25114 2026-02-27 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-25113 2026-02-27 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-24731 2026-02-27 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-22890 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20895 2026-02-27 HIGH 7.3 The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session…
CVE-2026-20792 2026-02-27 HIGH 7.5 The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing…
CVE-2026-20791 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-20781 2026-02-27 CRITICAL 9.4 WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP…
CVE-2026-20733 2026-02-27 MEDIUM 6.5 Charging station authentication identifiers are publicly accessible via web-based mapping platforms.
CVE-2026-1585 2026-02-27 MEDIUM 6.7 An unquoted Windows service executable path vulnerability in IJ Scan Utility for Windows versions 1.1.2 through 1.5.0 may allow a local attacker to execute a malicious file with…
CVE-2026-3268 2026-02-26 MEDIUM 5.4 A vulnerability was detected in psi-probe PSI Probe up to 5.3.0. The affected element is an unknown function of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/RemoveSessAttributeController.java of the component Session Attribute Handler.…
CVE-2026-3265 2026-02-26 MEDIUM 6.3 A vulnerability was identified in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. This affects an unknown part of the file /api/Security/ of the component Security API. The manipulation leads to…
CVE-2026-3264 2026-02-26 MEDIUM 6.3 A vulnerability was determined in go2ismail Free-CRM up to b83c40a90726d5e58f0cc680ffdcaa28a03fb5d1. Affected by this issue is some unknown functionality of the component Administrative Interface. Executing a manipulation can lead…
CVE-2026-28280 2026-02-26 MEDIUM 6.1 osctrl is an osquery management solution. Prior to version 0.5.0, a stored cross-site scripting (XSS) vulnerability exists in the `osctrl-admin` on-demand query list. A user with query-level permissions…
CVE-2026-28279 2026-02-26 HIGH 7.3 osctrl is an osquery management solution. Prior to version 0.5.0, an OS command injection vulnerability exists in the `osctrl-admin` environment configuration. An authenticated administrator can inject arbitrary shell…
CVE-2026-28269 2026-02-26 MEDIUM 5.9 Kiteworks is a private data network (PDN). Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations.…
CVE-2026-28230 2026-02-26 N/A 0.0 SteVe is an open-source EV charging station management system. In versions up to and including 3.11.0, when a charger sends a StopTransaction message, SteVe looks up the transaction…
CVE-2026-28226 2026-02-26 MEDIUM 6.5 Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior…
CVE-2026-28213 2026-02-26 CRITICAL 9.8 EverShop is a TypeScript-first eCommerce platform. Versions prior to 2.1.1 have a vulnerability in the "Forgot Password" functionality. When specifying a target email address, the API response returns…
CVE-2026-28211 2026-02-26 HIGH 7.8 The NVDA Dev & Test Toolbox is an NVDA add-on for gathering tools to help NVDA development and testing. A vulnerability exists in versions 2.0 through 8.0 in…
CVE-2026-27839 2026-02-26 MEDIUM 4.3 wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, three `nutritional_values` action endpoints fetch objects via `Model.objects.get(pk=pk)` — a raw ORM…
CVE-2026-27838 2026-02-26 LOW 3.1 wger is a free, open-source workout and fitness manager. Five routine detail action endpoints check a cache before calling `self.get_object()`. In versions up to and including 2.4, ache…
CVE-2026-3263 2026-02-26 MEDIUM 6.3 A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing…
CVE-2026-3262 2026-02-26 MEDIUM 6.3 A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect.…
CVE-2026-28227 2026-02-26 N/A 0.0 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the `publish_to_category` topic timer, bypassing…
CVE-2026-28219 2026-02-26 N/A 0.0 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify…
CVE-2026-28218 2026-02-26 N/A 0.0 Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL…
CVE-2026-27835 2026-02-26 MEDIUM 4.3 wger is a free, open-source workout and fitness manager. In versions up to and including 2.4, `RepetitionsConfigViewSet` and `MaxRepetitionsConfigViewSet` return all users' repetition config data because their `get_queryset()`…
CVE-2026-27449 2026-02-26 HIGH 7.5 Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without…
« Anterior Página 247 de 4225 Siguiente »