Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-20107 2026-02-25 MEDIUM 5.5 A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload…
CVE-2026-20099 2026-02-25 MEDIUM 6.7 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker with administrative privileges to perform command injection…
CVE-2026-20091 2026-02-25 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting…
CVE-2026-20051 2026-02-25 HIGH 7.4 A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 Platform Switches and Cisco Nexus 9500-R Series Switching Platforms could allow an…
CVE-2026-20048 2026-02-25 HIGH 7.7 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause…
CVE-2026-20037 2026-02-25 MEDIUM 4.4 A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized…
CVE-2026-20036 2026-02-25 MEDIUM 6.5 A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands…
CVE-2026-20033 2026-02-25 HIGH 7.4 A vulnerability in Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an…
CVE-2026-20010 2026-02-25 HIGH 7.4 A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause the LLDP process to restart, which…
CVE-2026-28196 2026-02-25 LOW 2.3 In JetBrains TeamCity before 2025.11.3 disabling versioned settings left a credentials config on disk
CVE-2026-28195 2026-02-25 MEDIUM 4.3 In JetBrains TeamCity before 2025.11.3 missing authorization allowed project developers to add parameters to build configurations
CVE-2026-28194 2026-02-25 MEDIUM 4.3 In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow
CVE-2025-67491 2026-02-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Versions 5.0.0.5 through 7.0.3.4 have a stored cross-site scripting vulnerability in the ub04…
CVE-2025-69231 2026-02-25 HIGH 8.7 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a stored cross-site scripting vulnerability in the GAD-7 anxiety…
CVE-2025-68277 2026-02-25 MEDIUM 5.0 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, when a link is sent via Secure Messaging, clicking…
CVE-2025-67752 2026-02-25 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, OpenEMR's HTTP client wrapper (`oeHttp`/`oeHttpRequest`) disables SSL/TLS certificate verification…
CVE-2026-24849 2026-02-25 CRITICAL 9.9 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 7.0.4, the `disposeDocument()` method in `EtherFaxActions.php` allows authenticated users to read arbitrary files from…
CVE-2026-25135 2026-02-25 MEDIUM 4.5 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 have an information disclosure vulnerability that leaks the entire…
CVE-2026-25131 2026-02-25 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR…
CVE-2026-24896 2026-02-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edih_main.php…
CVE-2026-25124 2026-02-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control…
CVE-2025-62512 2026-02-24 MEDIUM 5.3 Piwigo is an open source photo gallery application for the web. In version 15.5.0 and likely earlier 15.x releases, the password reset functionality in Piwigo allows an unauthenticated…
CVE-2026-27645 2026-02-25 MEDIUM 6.1 changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, the RSS single-watch endpoint reflects the UUID path parameter directly in the…
CVE-2025-46320 2026-02-24 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in a FileMaker WebDirect custom homepage could lead to unauthorized access and remote code execution. This vulnerability has been fully addressed in FileMaker…
CVE-2026-3188 2026-02-25 MEDIUM 4.3 A security flaw has been discovered in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This affects an unknown part of the file /api/admin/common/download/templates of the component API. Performing a manipulation…
CVE-2026-27848 2026-02-25 N/A 0.0 Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This…
CVE-2026-27847 2026-02-25 N/A 0.0 Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into…
CVE-2026-27747 2026-02-25 MEDIUM 6.5 The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation requests, the plugin reads the id_parent parameter from user-supplied input…
CVE-2026-27746 2026-02-25 MEDIUM 6.1 The SPIP jeux plugin versions prior to 4.1.1 contain a reflected cross-site scripting (XSS) vulnerability in the pre_propre pipeline. The plugin incorporates untrusted request parameters into HTML output without…
CVE-2026-27730 2026-02-25 HIGH 8.6 esm.sh is a no-build content delivery network (CDN) for web development. Versions up to and including 137 have an SSRF vulnerability (CWE-918) in esm.sh’s `/http(s)` fetch route. The…
CVE-2026-27745 2026-02-25 HIGH 8.8 The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden…
CVE-2026-27744 2026-02-25 CRITICAL 9.8 The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request…
CVE-2026-27743 2026-02-25 CRITICAL 9.8 The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read the url parameter from a…
CVE-2026-27704 2026-02-25 N/A 0.0 The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior…
CVE-2026-27702 2026-02-25 CRITICAL 9.9 Budibase is a low code platform for creating internal tools, workflows, and admin panels. Prior to version 3.30.4, an unsafe `eval()` vulnerability in Budibase's view filtering implementation allows…
CVE-2026-27701 2026-02-25 N/A 0.0 LiveCode is an open-source, client-side code playground. Prior to commit e151c64c2bd80d2d53ac1333f1df9429fe6a1a11, LiveCode's `i18n-update-pull` GitHub Actions workflow is vulnerable to JavaScript injection. The title of the Pull Request associated…
CVE-2026-27700 2026-02-25 HIGH 8.2 Hono is a Web application framework that provides support for any JavaScript runtime. In versions 4.12.0 and 4.12.1, when using the AWS Lambda adapter (`hono/aws-lambda`) behind an Application…
CVE-2026-27637 2026-02-25 CRITICAL 9.8 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's `TokenAuth` middleware uses a predictable authentication token computed as…
CVE-2026-27636 2026-02-25 HIGH 8.8 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.206, FreeScout's file upload restriction list in `app/Misc/Helper.php` does not include…
CVE-2026-22866 2026-02-25 N/A 0.0 Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. In versions 1.6.2 and prior, the `RSASHA256Algorithm` and `RSASHA1Algorithm` contracts fail…
CVE-2026-27624 2026-02-25 HIGH 7.2 Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions.…
CVE-2025-69771 2026-02-25 N/A 0.0 An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows attackers to execute arbitrary code via uploading a crafted subtitle file.
CVE-2025-50180 2026-02-25 N/A 0.0 esm.sh is a no-build content delivery network (CDN) for web development. In version 136, esm.sh is vulnerable to a full-response SSRF, allowing an attacker to retrieve information from…
CVE-2025-1242 2026-02-25 CRITICAL 9.1 The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full…
CVE-2026-27606 2026-02-25 CRITICAL 9.8 Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable…
CVE-2026-25127 2026-02-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized…
CVE-2026-27607 2026-02-25 HIGH 8.1 RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.56 through 1.0.0-alpha.82, RustFS does not validate policy conditions in presigned POST uploads (PostObject), allowing attackers…
CVE-2026-27822 2026-02-25 CRITICAL 9.0 RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting (XSS) vulnerability in the RustFS Console allows an attacker to…
CVE-2026-27572 2026-02-24 HIGH 7.5 Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many…
CVE-2026-3187 2026-02-25 MEDIUM 6.3 A vulnerability was identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this issue is some unknown functionality of the file /api/admin/sys-file/upload of the component API Endpoint. Such…
« Anterior Página 254 de 4226 Siguiente »