Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-24485 2026-02-24 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, when a PCD file does not contain a valid…
CVE-2026-24484 2026-02-24 MEDIUM 5.3 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, Magick fails to check for multi-layer nested mvg conversions…
CVE-2026-21864 2026-02-24 MEDIUM 6.5 Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed key-value database. Prior to commit a68614b6e3845777d383b3a513cedcc08b3b7ccd, a specially crafted…
CVE-2025-9120 2026-02-24 N/A 0.0 Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Carbonite Safe Server Backup allows Code Injection.  The vulnerability could be exploited through an open port, potentially…
CVE-2025-69253 2026-02-24 N/A 0.0 free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of the User Data Repository are affected by Improper Error…
CVE-2025-69252 2026-02-24 N/A 0.0 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL…
CVE-2025-69251 2026-02-24 N/A 0.0 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, remote attackers…
CVE-2025-69250 2026-02-24 N/A 0.0 free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service…
CVE-2026-3063 2026-02-23 N/A 0.0 Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into…
CVE-2026-3062 2026-02-23 N/A 0.0 Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via…
CVE-2026-3061 2026-02-23 N/A 0.0 Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML…
CVE-2026-21665 2026-02-23 N/A 0.0 The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization…
CVE-2026-3041 2026-02-23 LOW 2.4 A security vulnerability has been detected in xingfuggz BaykeShop up to 1.3.20. Impacted is an unknown function of the file src/baykeshop/contrib/article/templates/baykeshop/sidebar/custom.html of the component Article Sidebar Module. Such…
CVE-2026-3040 2026-02-23 MEDIUM 4.7 A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation…
CVE-2026-3028 2026-02-23 MEDIUM 4.3 A vulnerability was determined in erzhongxmu JEEWMS up to 3.7. This vulnerability affects the function doAdd of the file src/main/java/com/jeecg/demo/controller/JeecgListDemoController.java. This manipulation of the argument Name causes cross…
CVE-2026-27742 2026-02-23 MEDIUM 5.4 Bludit version 3.16.2 contains a stored cross-site scripting (XSS) vulnerability in the post content functionality. The application performs client-side sanitation of content input but does not enforce equivalent…
CVE-2026-27741 2026-02-23 MEDIUM 4.3 Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation…
CVE-2026-25649 2026-02-23 HIGH 7.3 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users can steal OAuth 2.0 authorization codes by exploiting…
CVE-2025-69248 2026-02-23 N/A 0.0 free5GC is an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 of free5GC's AMF service have a Buffer Overflow vulnerability leading…
CVE-2025-69247 2026-02-23 N/A 0.0 free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow…
CVE-2025-69232 2026-02-23 N/A 0.0 free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including…
CVE-2025-69208 2026-02-23 N/A 0.0 free5GC UDR is the user data repository (UDR) for free5GC, an an open-source project for 5th generation (5G) mobile core networks. Versions prior to 1.4.1 contain an Improper…
CVE-2026-3075 2026-02-23 N/A 0.0 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Jeff Starr Simple Ajax Chat simple-ajax-chat allows Retrieve Embedded Sensitive Data.This issue affects Simple Ajax Chat:…
CVE-2026-3025 2026-02-23 HIGH 7.3 A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation…
CVE-2026-25648 2026-02-23 HIGH 8.7 Versions of the Traccar open-source GPS tracking system starting with 6.11.1 contain an issue in which authenticated users can execute arbitrary JavaScript in the context of other users'…
CVE-2026-23694 2026-02-23 N/A 0.0 Aruba HiSpeed Cache (aruba-hispeed-cache) WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery (CSRF) vulnerability affecting multiple administrative AJAX actions. The handlers for ahsc_reset_options, ahsc_debug_status, and…
CVE-2026-23521 2026-02-23 MEDIUM 6.5 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain an issue in which authenticated users who can create or edit devices can set…
CVE-2025-71056 2026-02-23 N/A 0.0 Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.
CVE-2025-70328 2026-02-23 N/A 0.0 TOTOLINK X6000R v9.4.0cu.1498_B20250826 contains an OS command injection vulnerability in the NTPSyncWithHost handler of the /usr/sbin/shttpd executable. The host_time parameter is retrieved via sub_40C404 and passed to a…
CVE-2025-70327 2026-02-23 N/A 0.0 TOTOLINK X5000R v9.1.0cu_2415_B20250515 contains an argument injection vulnerability in the setDiagnosisCfg handler of the /usr/sbin/lighttpd executable. The ip parameter is retrieved via websGetVar and passed to a ping…
CVE-2025-68930 2026-02-23 HIGH 7.1 Versions of the Traccar open-source GPS tracking system up to and including 6.11.1 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability in the `/api/socket` endpoint. The application fails to…
CVE-2026-27623 2026-02-23 HIGH 7.5 Valkey is a distributed key-value database. Starting in version 9.0.0 and prior to version 9.0.3, a malicious actor with network access to Valkey can cause the system to…
CVE-2026-21863 2026-02-23 HIGH 7.5 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious actor with access to the Valkey clusterbus port can send an invalid…
CVE-2025-70329 2026-02-23 HIGH 8.0 TOTOLink X5000R v9.1.0cu_2415_B20250515 contains an OS command injection vulnerability in the setIptvCfg handler of the /usr/sbin/lighttpd executable. The vlanVidLan1 (and other vlanVidLanX) parameters are retrieved via Uci_Get_Str and…
CVE-2025-67733 2026-02-23 HIGH 8.5 Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response…
CVE-2025-63946 2026-02-23 HIGH 7.4 A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution…
CVE-2025-63945 2026-02-23 HIGH 7.4 A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires…
CVE-2025-61147 2026-02-23 MEDIUM 6.2 strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
CVE-2025-61146 2026-02-23 MEDIUM 4.0 saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c.
CVE-2025-61145 2026-02-23 N/A 0.0 libtiff up to v4.7.1 was discovered to contain a double free via the component tools/tiffcrop.c.
CVE-2025-61144 2026-02-23 N/A 0.0 libtiff up to v4.7.1 was discovered to contain a stack overflow via the readSeparateStripsIntoBuffer function.
CVE-2025-61143 2026-02-23 N/A 0.0 libtiff up to v4.7.1 was discovered to contain a NULL pointer dereference via the component libtiff/tif_open.c.
CVE-2026-26464 2026-02-23 MEDIUM 6.1 Stored Cross-Site Scripting (XSS) was found in the /admin/edit_user.php page of Society Management System Portal V1.0, which allows remote attackers to inject and store arbitrary JavaScript code that…
CVE-2025-14905 2026-02-23 HIGH 7.2 A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly…
CVE-2026-27163 2026-02-23 N/A 0.0 Rejected reason: This CVE was assigned in error.
CVE-2026-25984 2026-02-23 N/A 0.0 Rejected reason: This CVE was assigned in error.
CVE-2025-70045 2026-02-23 HIGH 7.4 An issue pertaining to CWE-295: Improper Certificate Validation was discovered in jxcore jxm master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in HTTPS request options…
CVE-2026-2588 2026-02-23 CRITICAL 9.1 Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN (size_t) to unsigned long long when passing a length pointer…
CVE-2025-69700 2026-02-23 HIGH 7.5 Tenda FH1203 V2.0.1.6 contains a stack-based buffer overflow vulnerability in the modify_add_client_prio function, which is reachable via the formSetClientPrio CGI handler.
CVE-2026-2966 2026-02-23 LOW 3.7 A weakness has been identified in Cesanta Mongoose up to 7.20. The impacted element is the function mg_sendnsreq of the file /src/dns.c of the component DNS Transaction ID…
« Anterior Página 262 de 4227 Siguiente »