Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-34393 2026-04-15 HIGH 8.8 Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been…
CVE-2026-34244 2026-04-15 MEDIUM 5.0 Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the per-project "Administration" role) can configure machine translation…
CVE-2026-34242 2026-04-15 HIGH 7.7 Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue…
CVE-2026-33667 2026-04-15 HIGH 7.4 OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting, lockout…
CVE-2026-33440 2026-04-15 MEDIUM 5.0 Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This…
CVE-2026-33435 2026-04-15 HIGH 8.0 Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code…
CVE-2026-33220 2026-04-15 MEDIUM 6.8 Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This…
CVE-2026-30996 2026-04-15 HIGH 7.5 An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system…
CVE-2026-30994 2026-04-15 HIGH 7.5 Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.
CVE-2026-30624 2026-04-15 HIGH 8.6 Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration…
CVE-2026-30617 2026-04-15 HIGH 8.6 LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management interface…
CVE-2026-27290 2026-04-14 HIGH 8.6 Adobe Framemaker versions 2022.8 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code in the context of the current…
CVE-2026-34630 2026-04-14 HIGH 7.8 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-6290 2026-04-15 HIGH 8.0 Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated…
CVE-2026-5088 2026-04-15 N/A 0.0 Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::Random::Secure to generate…
CVE-2026-33214 2026-04-15 MEDIUM 4.3 Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This…
CVE-2026-33212 2026-04-15 LOW 3.1 Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress…
CVE-2026-32631 2026-04-15 HIGH 7.4 Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM…
CVE-2026-30995 2026-04-15 HIGH 8.6 Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint.
CVE-2026-30616 2026-04-15 HIGH 7.3 Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application,…
CVE-2026-30615 2026-04-15 HIGH 8.0 A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause…
CVE-2026-30364 2026-04-15 HIGH 7.5 CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.
CVE-2024-53412 2026-04-15 HIGH 8.4 Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payloads…
CVE-2026-27292 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-27293 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-27294 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of…
CVE-2026-27295 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
CVE-2026-27296 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-27297 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-27298 2026-04-14 HIGH 7.8 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the…
CVE-2026-27299 2026-04-14 MEDIUM 6.3 Adobe Framemaker versions 2022.8 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability…
CVE-2026-27300 2026-04-14 MEDIUM 5.5 Adobe Framemaker versions 2022.8 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to…
CVE-2026-27301 2026-04-14 MEDIUM 5.5 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-6372 2026-04-15 HIGH 7.5 Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.
CVE-2026-6370 2026-04-15 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Mini Ajax Cart for WooCommerce allows Stored XSS.This issue affects Mini Ajax Cart for WooCommerce:…
CVE-2026-5588 2026-04-15 N/A 0.0 : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draft CompositeVerifier accepts empty…
CVE-2026-39884 2026-04-15 HIGH 8.3 mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/port_forward.ts, where a…
CVE-2026-35589 2026-04-14 HIGH 8.0 nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting from an…
CVE-2026-20186 2026-04-15 CRITICAL 9.9 A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To…
CVE-2026-20184 2026-04-15 CRITICAL 9.8 A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within…
CVE-2026-20180 2026-04-15 CRITICAL 9.9 A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To…
CVE-2026-20170 2026-04-15 MEDIUM 6.1 A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed this…
CVE-2026-20161 2026-04-15 MEDIUM 5.5 A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of…
CVE-2026-20152 2026-04-15 MEDIUM 5.3 A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirements. This…
CVE-2026-20148 2026-04-15 MEDIUM 4.9 A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files.…
CVE-2026-20147 2026-04-15 CRITICAL 9.9 A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To…
CVE-2026-20136 2026-04-15 MEDIUM 6.0 A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform…
CVE-2026-20132 2026-04-15 MEDIUM 4.8 Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to conduct a stored cross-site scripting…
CVE-2026-20081 2026-04-15 MEDIUM 6.5 Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid…
CVE-2026-20078 2026-04-15 MEDIUM 6.5 Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid…
« Anterior Página 290 de 4463 Siguiente »