Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-2906 2026-02-22 HIGH 8.8 A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of…
CVE-2026-2905 2026-02-22 HIGH 8.8 A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument…
CVE-2026-2904 2026-02-22 HIGH 8.8 A vulnerability was determined in UTT HiPER 810G 1.7.7-171114. This affects the function strcpy of the file /goform/ConfigExceptAli. Executing a manipulation can lead to buffer overflow. The attack…
CVE-2026-2903 2026-02-22 LOW 3.3 A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack…
CVE-2026-2898 2026-02-22 MEDIUM 5.5 A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulation of the…
CVE-2026-2897 2026-02-22 LOW 2.4 A security vulnerability has been detected in funadmin up to 7.1.0-rc4. This vulnerability affects unknown code of the file app/backend/view/index/index.html of the component Backend Interface. The manipulation of…
CVE-2026-2896 2026-02-22 HIGH 7.3 A weakness has been identified in funadmin up to 7.1.0-rc4. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can…
CVE-2026-2895 2026-02-21 LOW 3.7 A security flaw has been discovered in funadmin up to 7.1.0-rc4. Affected by this issue is the function repass of the file app/frontend/controller/Member.php. Performing a manipulation of the…
CVE-2026-2894 2026-02-21 MEDIUM 5.3 A vulnerability was identified in funadmin up to 7.1.0-rc4. Affected by this vulnerability is the function getMember of the file app/frontend/view/login/forget.html. Such manipulation leads to information disclosure. The…
CVE-2026-2889 2026-02-21 LOW 3.3 A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack…
CVE-2026-2887 2026-02-21 LOW 3.3 A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrolled recursion. The…
CVE-2026-2886 2026-02-21 HIGH 8.8 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow.…
CVE-2026-2885 2026-02-21 HIGH 8.8 A security flaw has been discovered in D-Link DWR-M960 1.01.07. The impacted element is the function sub_469104 of the file /boafrm/formIpv6Setup. The manipulation of the argument submit-url results…
CVE-2026-2884 2026-02-21 HIGH 8.8 A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub_41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation…
CVE-2026-2883 2026-02-21 HIGH 8.8 A vulnerability was determined in D-Link DWR-M960 1.01.07. Impacted is the function sub_427D74 of the file /boafrm/formIpQoS. Executing a manipulation of the argument submit-url can lead to stack-based…
CVE-2026-2882 2026-02-21 HIGH 8.8 A vulnerability was found in D-Link DWR-M960 1.01.07. This issue affects the function sub_46385C of the file /boafrm/formDosCfg. Performing a manipulation of the argument submit-url results in stack-based…
CVE-2026-2881 2026-02-21 HIGH 8.8 A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation…
CVE-2026-2877 2026-02-21 HIGH 8.8 A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument…
CVE-2026-2876 2026-02-21 HIGH 8.8 A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The…
CVE-2026-2874 2026-02-21 HIGH 8.8 A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. Executing a manipulation of the argument ssid can lead to…
CVE-2026-2873 2026-02-21 HIGH 8.8 A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based…
CVE-2026-2872 2026-02-21 HIGH 8.8 A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such…
CVE-2026-2871 2026-02-21 HIGH 8.8 A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow.…
CVE-2026-2870 2026-02-21 HIGH 8.8 A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list…
CVE-2026-2869 2026-02-21 LOW 3.3 A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The…
CVE-2026-2867 2026-02-21 HIGH 7.3 A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead…
CVE-2026-27579 2026-02-21 HIGH 7.4 CollabPlatform is a full-stack, real-time doc collaboration platform. In all versions of CollabPlatform, the Appwrite project used by the application is misconfigured to allow arbitrary origins in CORS…
CVE-2026-27574 2026-02-21 CRITICAL 9.9 OneUptime is a solution for monitoring and managing online services. In versions 9.5.13 and below, custom JavaScript monitor feature uses Node.js's node:vm module (explicitly documented as not a…
CVE-2026-27492 2026-02-21 MEDIUM 4.7 Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties (such as to, subject, html, text, and attachments) are not reset…
CVE-2026-1787 2026-02-21 MEDIUM 4.8 The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_migrated_data'…
CVE-2026-27576 2026-02-21 N/A 0.0 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the ACP bridge accepts very large prompt text blocks and can assemble oversized prompt payloads before forwarding…
CVE-2026-27488 2026-02-21 N/A 0.0 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, Cron webhook delivery in src/gateway/server-cron.ts uses fetch() directly, so webhook targets can reach private/metadata/internal endpoints without SSRF…
CVE-2026-27487 2026-02-21 HIGH 7.6 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the…
CVE-2026-27486 2026-02-21 N/A 0.0 OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes…
CVE-2026-27485 2026-02-21 N/A 0.0 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, skills/skill-creator/scripts/package_skill.py (a local helper script used when authors package skills) previously followed symlinks while building .skill archives.…
CVE-2026-27484 2026-02-21 N/A 0.0 OpenClaw is a personal AI assistant. In versions 2026.2.17 and below, the Discord moderation action handling (timeout, kick, ban) uses sender identity from request parameters in tool-driven flows,…
CVE-2026-27482 2026-02-21 MEDIUM 5.9 Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated…
CVE-2026-27480 2026-02-21 MEDIUM 5.3 Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic…
CVE-2025-14339 2026-02-21 MEDIUM 6.5 The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to unauthorized form deletion in all versions up…
CVE-2026-27479 2026-02-21 HIGH 7.7 Wallos is an open-source, self-hostable personal subscription tracker. Versions 4.6.0 and below contain a Server-Side Request Forgery (SSRF) vulnerability in the subscription and payment logo/icon upload functionality. The…
CVE-2026-2865 2026-02-21 HIGH 7.3 A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing…
CVE-2026-2864 2026-02-21 MEDIUM 5.4 A vulnerability has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. This affects the function pictureDelete of the file PictureController.java. Such manipulation of the argument picName…
CVE-2026-27470 2026-02-21 HIGH 8.8 ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the…
CVE-2026-27469 2026-02-21 MEDIUM 6.1 Isso is a lightweight commenting server written in Python and JavaScript. In commits before 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144, there is a stored Cross-Site Scripting (XSS) vulnerability affecting the website and author…
CVE-2026-27467 2026-02-21 LOW 2.0 BigBlueButton is an open-source virtual classroom. In versions 3.0.19 and below, when first joining a session with the microphone muted, the client sends audio to the server regardless…
CVE-2026-27466 2026-02-21 HIGH 7.2 BigBlueButton is an open-source virtual classroom. In versions 3.0.21 and below, the official documentation for "Server Customization" on Support for ClamAV as presentation file scanner contains instructions that…
CVE-2026-27464 2026-02-21 HIGH 7.7 Metabase is an open-source data analytics platform. In versions prior to 0.57.13 and versions 0.58.x through 0.58.6, authenticated users are able to retrieve sensitive information from a Metabase…
CVE-2026-27471 2026-02-21 N/A 0.0 ERP is a free and open source Enterprise Resource Planning tool. In versions up to 15.98.0 and 16.0.0-rc.1 and through 16.6.0, certain endpoints lacked access validation which allowed…
CVE-2026-27458 2026-02-21 N/A 0.0 LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists (/lists/feed). An…
CVE-2026-27452 2026-02-21 N/A 0.0 ASN.1 TypeScript ESM library, including codecs for Basic Encoding Rules (BER) and Distinguished Encoding Rules (DER). In versions 11.0.5 and below, in some cases, decoding an INTEGER could…
« Anterior Página 265 de 4227 Siguiente »