Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-27468 2026-02-24 N/A 0.0 Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6,…
CVE-2026-27156 2026-02-24 MEDIUM 6.1 NiceGUI is a Python-based UI framework. Prior to version 3.8.0, several NiceGUI APIs that execute methods on client-side elements (`Element.run_method()`, `AgGrid.run_grid_method()`, `EChart.run_chart_method()`, and others) use an `eval()` fallback…
CVE-2026-26222 2026-02-24 N/A 0.0 Altec DocLink (now maintained by Beyond Limits Inc.) version 4.0.336.0 exposes insecure .NET Remoting endpoints over TCP and HTTP/SOAP via Altec.RDCHostService.exe using the ObjectURI "doclinkServer.soap". The service does…
CVE-2026-25603 2026-02-24 MEDIUM 6.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Linksys MR9600, Linksys MX4200 allows that contents of a USB drive partition can be mounted in…
CVE-2025-14963 2026-02-24 N/A 0.0 A vulnerability identified in the Trellix HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of…
CVE-2026-27590 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's FastCGI path splitting logic computes the split index on a lowercased copy…
CVE-2026-27589 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API (default listen `127.0.0.1:2019`) exposes a state-changing `POST /load`…
CVE-2026-27588 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `host` request matcher is documented as case-insensitive, but when configured with…
CVE-2026-27587 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, Caddy's HTTP `path` request matcher is intended to be case-insensitive, but when the…
CVE-2026-27586 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, two swallowed errors in `ClientAuthentication.provision()` cause mTLS client certificate authentication to silently fail…
CVE-2026-27585 2026-02-24 N/A 0.0 Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the path sanitization routine in file matcher doesn't sanitize backslashes which can lead…
CVE-2026-27571 2026-02-24 MEDIUM 5.9 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression.…
CVE-2025-13776 2026-02-24 N/A 0.0 Multiple Finka programs use hard-coded Firebird database credentials (shared across all instances of this software). A malicious attacker in local network who knows default credentials is able to…
CVE-2024-48928 2026-02-24 N/A 0.0 Piwigo is an open source photo gallery application for the web. In versions on the 14.x branch, when installing, the secret_key configuration parameter is set to MD5(RAND()) in…
CVE-2026-27521 2026-02-24 MEDIUM 6.5 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior do not implement rate limiting or account lockout on failed login attempts, enabling brute-force attacks against user credentials.
CVE-2026-27520 2026-02-24 HIGH 7.5 Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible…
CVE-2026-27519 2026-02-24 HIGH 7.5 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can…
CVE-2026-27518 2026-02-24 MEDIUM 4.3 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized…
CVE-2026-27517 2026-02-24 MEDIUM 5.4 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context…
CVE-2026-27516 2026-02-24 HIGH 8.1 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials.
CVE-2026-27515 2026-02-24 CRITICAL 9.1 Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 generate predictable numeric session identifiers in the web management interface. An attacker can guess valid session IDs and hijack authenticated…
CVE-2026-27507 2026-02-24 CRITICAL 9.8 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain hard-coded administrative credentials that cannot be changed by users. Knowledge of these credentials allows full administrative access to the…
CVE-2026-23678 2026-02-24 HIGH 8.8 Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior contain a command injection vulnerability in the traceroute diagnostic function of the affected device web management interface. By injecting the %1a…
CVE-2025-69985 2026-02-24 N/A 0.0 FUXA 1.2.8 and prior contains an Authentication Bypass vulnerability leading to Remote Code Execution (RCE). The vulnerability exists in the server/api/jwt-helper.js middleware, which improperly trusts the HTTP "Referer"…
CVE-2025-63409 2026-02-24 N/A 0.0 Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials.
CVE-2025-47904 2026-02-24 N/A 0.0 Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.
CVE-2026-3102 2026-02-24 MEDIUM 6.3 A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This…
CVE-2026-3101 2026-02-24 MEDIUM 6.3 A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack…
CVE-2026-27732 2026-02-24 N/A 0.0 WWBN AVideo is an open source video platform. Prior to version 22.0, the `aVideoEncoder.json.php` API endpoint accepts a `downloadURL` parameter and fetches the referenced resource server-side without proper…
CVE-2026-27584 2026-02-24 N/A 0.0 Actual is a local-first personal finance tool. Prior to version 26.2.1, missing authentication middleware in the ActualBudget server component allows any unauthenticated user to query the SimpleFIN and…
CVE-2026-27568 2026-02-24 N/A 0.0 WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown (v1.7.4) without Safe Mode enabled. Markdown links…
CVE-2026-27567 2026-02-24 MEDIUM 6.5 Payload is a free and open source headless content management system. Prior to 3.75.0, a Server-Side Request Forgery (SSRF) vulnerability exists in Payload's external file upload functionality. When…
CVE-2026-27483 2026-02-24 HIGH 8.8 MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated…
CVE-2026-27208 2026-02-24 CRITICAL 9.2 bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands…
CVE-2026-0402 2026-02-24 MEDIUM 4.9 A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0401 2026-02-24 MEDIUM 4.9 A post-authentication NULL Pointer Dereference vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0400 2026-02-24 MEDIUM 4.9 A post-authentication Format String vulnerability in SonicOS allows a remote attacker to crash a firewall.
CVE-2026-0399 2026-02-24 MEDIUM 4.9 Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint.
CVE-2025-67445 2026-02-24 N/A 0.0 TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking.…
CVE-2025-10010 2026-02-24 MEDIUM 6.8 The CPSD CryptoPro Secure Disk application boots a small Linux operating system to perform user authentication before using BitLocker to decrypt the Windows partition. The system is located…
CVE-2026-2807 2026-02-24 N/A 0.0 Memory safety bugs present in Firefox 147 and Thunderbird 147. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2026-2806 2026-02-24 N/A 0.0 Uninitialized memory in the Graphics: Text component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2805 2026-02-24 N/A 0.0 Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2804 2026-02-24 MEDIUM 5.4 Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2803 2026-02-24 N/A 0.0 Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2802 2026-02-24 MEDIUM 4.2 Race condition in the JavaScript: GC component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2801 2026-02-24 N/A 0.0 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2800 2026-02-24 N/A 0.0 Spoofing issue in the WebAuthn component in Firefox for Android. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2799 2026-02-24 N/A 0.0 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
CVE-2026-2798 2026-02-24 HIGH 8.8 Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox < 148 and Thunderbird < 148.
« Anterior Página 258 de 4227 Siguiente »