Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-27206 2026-02-21 HIGH 8.1 Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using…
CVE-2026-2863 2026-02-21 MEDIUM 5.4 A flaw has been found in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. The impacted element is the function deleteFile of the file FileServiceImpl.java. This manipulation causes path…
CVE-2026-2861 2026-02-21 MEDIUM 5.3 A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is…
CVE-2026-27212 2026-02-21 N/A 0.0 Swiper is a free and mobile touch slider with hardware accelerated transitions and native behavior. Versions 6.5.1 through 12.1.1 have a Prototype pollution vulnerability. The vulnerability resides in…
CVE-2026-27211 2026-02-21 N/A 0.0 Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. Versions 34.0 through 50.0 arevulnerable to arbitrary host file exfiltration (constrained by process privileges) when using virtio-block devices…
CVE-2026-27210 2026-02-21 N/A 0.0 Pannellum is a lightweight, free, and open source panorama viewer for the web. In versions 3.5.0 through 2.5.6, the hot spot attributes configuration property allowed any attribute to…
CVE-2026-27205 2026-02-21 N/A 0.0 Flask is a web server gateway interface (WSGI) web application framework. In versions 3.1.2 and below, when the session object is accessed, Flask should set the Vary: Cookie…
CVE-2026-27199 2026-02-21 N/A 0.0 Werkzeug is a comprehensive WSGI web application library. Versions 3.1.5 and below, the safe_join function allows Windows device names as filenames if preceded by other path segments. This…
CVE-2026-27198 2026-02-21 HIGH 8.8 Formwork is a flat file-based Content Management System (CMS). In versions 2.0.0 through 2.3.3, the application fails to properly enforce role-based authorization during account creation. Although the system…
CVE-2026-26047 2026-02-21 MEDIUM 6.5 A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive…
CVE-2026-26046 2026-02-21 HIGH 7.2 A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is…
CVE-2026-26045 2026-02-21 HIGH 7.2 A flaw was identified in Moodle’s backup restore functionality where specially crafted backup files were not properly validated during processing. If a malicious backup file is restored, it…
CVE-2026-2860 2026-02-21 MEDIUM 6.3 A security vulnerability has been detected in feng_ha_ha/megagao ssm-erp and production_ssm up to 4288d53bd35757b27f2d070057aefb2c07bdd097. Impacted is an unknown function of the file EmployeeController.java. The manipulation leads to improper…
CVE-2026-27534 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27533 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27532 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27531 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27530 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27529 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27528 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27527 2026-02-21 N/A 0.0 Rejected reason: Not used
CVE-2026-27197 2026-02-21 CRITICAL 9.1 Sentry is a developer-first error tracking and performance monitoring tool. Versions 21.12.0 through 26.1.0 have a critical vulnerability in its SAML SSO implementation which allows an attacker to…
CVE-2026-27196 2026-02-21 HIGH 8.1 Statmatic is a Laravel and Git powered content management system (CMS). Versions 5.73.8 and below in addition to 6.0.0-alpha.1 through 6.3.1 have a Stored XSS vulnerability in html…
CVE-2026-27194 2026-02-21 N/A 0.0 D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be…
CVE-2026-27193 2026-02-21 N/A 0.0 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, all HTTP request headers are stored in the…
CVE-2026-27192 2026-02-21 N/A 0.0 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. In versions 5.0.39 and below, origin validation uses startsWith() for comparison, allowing attackers…
CVE-2026-27191 2026-02-21 N/A 0.0 Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Versions 5.0.39 and below the redirect query parameter is appended to the base…
CVE-2025-65995 2026-02-21 N/A 0.0 When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as…
CVE-2026-27203 2026-02-21 HIGH 8.3 eBay API MCP Server is an open source local MCP server providing AI assistants with comprehensive access to eBay's Sell APIs. All versions are vulnerable to Environment Variable…
CVE-2026-27202 2026-02-21 N/A 0.0 GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for arbitrary file reads. This issue…
CVE-2026-27189 2026-02-21 MEDIUM 6.6 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON…
CVE-2026-27170 2026-02-21 HIGH 7.1 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side…
CVE-2026-27169 2026-02-21 HIGH 8.9 OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool…
CVE-2026-27168 2026-02-21 HIGH 8.8 SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. All versions are vulnerable to Heap-based Buffer Overflow through the…
CVE-2026-27161 2026-02-21 N/A 0.0 GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive directories such as /data/ and /backups/. If…
CVE-2026-27147 2026-02-21 N/A 0.0 GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated users can upload SVG files via the…
CVE-2026-27146 2026-02-21 N/A 0.0 GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file upload endpoint. As a result, an attacker…
CVE-2026-27134 2026-02-21 HIGH 8.1 Strimzi provides a way to run an Apache Kafka cluster on Kubernetes or OpenShift in various deployment configurations. In versions 0.49.0 through 0.50.0, when using a custom Cluster…
CVE-2026-2635 2026-02-20 CRITICAL 9.8 MLflow Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this…
CVE-2026-2492 2026-02-20 HIGH 7.0 TensorFlow HDF5 Library Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TensorFlow. An attacker must first…
CVE-2026-2490 2026-02-20 MEDIUM 5.5 RustDesk Client for Windows Transfer File Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of RustDesk Client for Windows.…
CVE-2026-2048 2026-02-20 HIGH 7.8 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required…
CVE-2026-2047 2026-02-20 HIGH 7.8 GIMP ICNS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is…
CVE-2026-2045 2026-02-20 HIGH 7.8 GIMP XWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required…
CVE-2026-2044 2026-02-20 HIGH 7.8 GIMP PGM File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required…
CVE-2026-2043 2026-02-20 HIGH 7.2 Nagios Host esensors_websensor_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to…
CVE-2026-2042 2026-02-20 HIGH 7.2 Nagios Host monitoringwizard Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to…
CVE-2026-2041 2026-02-20 HIGH 7.2 Nagios Host zabbixagent_configwizard_func Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nagios Host. Authentication is required to…
CVE-2026-2040 2026-02-20 HIGH 7.3 PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must…
CVE-2026-2039 2026-02-20 HIGH 7.3 GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of GFI Archiver. Authentication is not required to exploit…
« Anterior Página 266 de 4227 Siguiente »