Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-10970 2026-02-20 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20022026. NOTE:…
CVE-2026-21620 2026-02-20 N/A 0.0 Relative Path Traversal, Improper Isolation or Compartmentalization vulnerability in erlang otp erlang/otp (tftp_file modules), erlang otp inets (tftp_file modules), erlang otp tftp (tftp_file modules) allows Relative Path Traversal.…
CVE-2026-26050 2026-02-20 HIGH 7.8 The installer for ジョブログ集計/分析ソフトウェア RICOHジョブログ集計ツール versions prior to Ver.1.3.7 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a…
CVE-2026-26370 2026-02-20 MEDIUM 6.1 WordPress Plugin "Survey Maker" versions 5.1.7.7 and prior contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed in the user's web…
CVE-2025-59819 2026-02-20 MEDIUM 6.5 This vulnerability allows authenticated attackers to read an arbitrary file by changing a filepath parameter into an internal system path.
CVE-2026-2825 2026-02-20 LOW 3.5 A vulnerability has been found in rachelos WeRSS we-mp-rss up to 1.4.8. This impacts the function fix_html of the file tools/fix.py of the component Article Module. The manipulation…
CVE-2026-2822 2026-02-20 MEDIUM 6.3 A security vulnerability has been detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file /jeecgboot/sys/dict/loadDict/airag_app,1,create_by of the component Backend Interface. Such…
CVE-2026-2739 2026-02-20 MEDIUM 5.3 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an…
CVE-2026-2821 2026-02-20 HIGH 7.3 A weakness has been identified in Fujian Smart Integrated Management Platform System up to 7.5. Impacted is an unknown function of the file /Module/CRXT/Controller/XCamera.ashx. This manipulation of the…
CVE-2026-2384 2026-02-20 MEDIUM 6.4 The Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `vc_quizmaker` shortcode in all versions up to, and including, 6.7.1.7 due to insufficient…
CVE-2026-26993 2026-02-20 MEDIUM 4.6 Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Versions 1.7.0 and below allow users to upload files without proper content validation or sanitization.…
CVE-2026-2820 2026-02-20 HIGH 7.3 A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation…
CVE-2026-2819 2026-02-20 MEDIUM 6.3 A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads…
CVE-2026-26975 2026-02-20 HIGH 8.8 Music Assistant is an open-source media library manager that integrates streaming services with connected speakers. Versions 2.6.3 and below allow unauthenticated network-adjacent attackers to execute arbitrary code on…
CVE-2026-26974 2026-02-20 N/A 0.0 Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports **/*.plugin.{js,mjs} files including those from node_modules, so any malicious package…
CVE-2025-30416 2026-02-20 CRITICAL 10.0 Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux,…
CVE-2025-30412 2026-02-20 CRITICAL 10.0 Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux,…
CVE-2025-30411 2026-02-20 CRITICAL 10.0 Sensitive data disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39938, Acronis Cyber Protect 15 (Linux,…
CVE-2025-30410 2026-02-20 CRITICAL 9.8 Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect…
CVE-2026-2435 2026-02-20 MEDIUM 6.3 Tanium addressed a SQL injection vulnerability in Asset.
CVE-2026-2408 2026-02-20 MEDIUM 4.7 Tanium addressed a use-after-free vulnerability in the Cloud Workloads Enforce client extension.
CVE-2026-2350 2026-02-20 MEDIUM 6.5 Tanium addressed an insertion of sensitive information into log file vulnerability in Interact and TDS.
CVE-2026-26964 2026-02-20 LOW 2.7 Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets,…
CVE-2026-26959 2026-02-20 HIGH 7.8 ADB Explorer is a fluent UI for ADB on Windows. Versions 0.9.26020 and below fail to validate the integrity or authenticity of the ADB binary path specified in…
CVE-2026-26957 2026-02-20 N/A 0.0 Libredesk is a self-hosted customer support desk application. Versions prior to 1.0.2-0.20260215211005-727213631ce6 fail to validate destination URLs for webhooks, allowing an attacker posing as an authenticated "Application Admin"…
CVE-2026-26328 2026-02-20 MEDIUM 6.5 OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening…
CVE-2026-1292 2026-02-20 MEDIUM 6.5 Tanium addressed an insertion of sensitive information into log file vulnerability in Trends.
CVE-2026-26958 2026-02-19 N/A 0.0 filippo.io/edwards25519 is a Go library implementing the edwards25519 elliptic curve with APIs for building cryptographic primitives. In versions 1.1.0 and earlier, MultiScalarMult produces invalid results or undefined behavior…
CVE-2026-26953 2026-02-19 MEDIUM 5.4 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.0 and above have a Stored HTML Injection vulnerability…
CVE-2026-26952 2026-02-19 MEDIUM 5.4 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions 6.4 and below are vulnerable to stored HTML injection…
CVE-2026-26327 2026-02-19 N/A 0.0 OpenClaw is a personal AI assistant. Discovery beacons (Bonjour/mDNS and DNS-SD) include TXT records such as `lanHost`, `tailnetDns`, `gatewayPort`, and `gatewayTlsSha256`. TXT records are unauthenticated. Prior to version…
CVE-2026-26326 2026-02-19 N/A 0.0 OpenClaw is a personal AI assistant. Prior to version 2026.2.14, `skills.status` could disclose secrets to `operator.read` clients by returning raw resolved config values in `configChecks` for skill `requires.config`…
CVE-2026-26325 2026-02-19 HIGH 7.2 OpenClaw is a personal AI assistant. Prior to version 2026.2.14, a mismatch between `rawCommand` and `command[]` in the node host `system.run` handler could cause allowlist/approval evaluation to be…
CVE-2026-26324 2026-02-19 HIGH 7.5 OpenClaw is a personal AI assistant. Prior to version 2026.2.14, OpenClaw's SSRF protection could be bypassed using full-form IPv4-mapped IPv6 literals such as `0:0:0:0:0:ffff:7f00:1` (which is `127.0.0.1`). This…
CVE-2026-1658 2026-02-19 N/A 0.0 User Interface (UI) Misrepresentation of Critical Information vulnerability in OpenText™ Directory Services allows Cache Poisoning.  The vulnerability could be exploited by a bad actor to inject manipulated text…
CVE-2025-9208 2026-02-19 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Stored XSS. The vulnerability could execute malicious scripts…
CVE-2025-8055 2026-02-19 N/A 0.0 Server-Side Request Forgery (SSRF) vulnerability in OpenText™ XM Fax allows Server Side Request Forgery.  The vulnerability could allow an attacker to perform blind SSRF to other systems accessible…
CVE-2025-8054 2026-02-19 N/A 0.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText™ XM Fax allows Path Traversal.  The vulnerability could allow an attacker to arbitrarily disclose…
CVE-2025-13672 2026-02-19 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Web Site Management Server allows Reflected XSS. The vulnerability could allow injecting malicious JavaScript…
CVE-2025-13671 2026-02-19 N/A 0.0 Cross-Site Request Forgery (CSRF) vulnerability in OpenText™ Web Site Management Server allows Cross Site Request Forgery. The vulnerability could make a user, with active session inside the product, click…
CVE-2026-26744 2026-02-19 N/A 0.0 A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid…
CVE-2026-26317 2026-02-19 HIGH 7.1 OpenClaw is a personal AI assistant. Prior to 2026.2.14, browser-facing localhost mutation routes accepted cross-origin browser requests without explicit Origin/Referer validation. Loopback binding reduces remote exposure but does…
CVE-2026-26316 2026-02-19 HIGH 7.5 OpenClaw is a personal AI assistant. Prior to 2026.2.13, the optional BlueBubbles iMessage channel plugin could accept webhook requests as authenticated based only on the TCP peer address…
CVE-2026-26315 2026-02-19 N/A 0.0 go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be…
CVE-2026-26314 2026-02-19 N/A 0.0 go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, a vulnerable node can be forced to shutdown/crash using a specially crafted…
CVE-2026-26275 2026-02-19 HIGH 7.5 httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in `httpsig-hyper` prior to version 0.0.23 where Digest header verification could incorrectly succeed due to…
CVE-2026-2738 2026-02-19 N/A 0.0 Buffer overflow in ovpn‑dco‑win version 2.8.0 allows local attackers to cause a system crash by sending too large packets to the remote peer when the AEAD tag appears at…
CVE-2026-27476 2026-02-19 CRITICAL 9.8 RustFly 2.0.0 contains a command injection vulnerability in its remote UI control mechanism that accepts hex-encoded instructions over UDP port 5005 without proper sanitization. Attackers can send crafted…
CVE-2026-27328 2026-02-19 MEDIUM 5.3 Missing Authorization vulnerability in DevsBlink EduBlink edublink allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EduBlink: from n/a through
CVE-2026-27327 2026-02-19 N/A 0.0 Missing Authorization vulnerability in YayCommerce YayMail – WooCommerce Email Customizer yaymail allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YayMail – WooCommerce Email Customizer: from n/a…
« Anterior Página 275 de 4227 Siguiente »