Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36018 2026-02-17 MEDIUM 6.5 IBM Concert 1.0.0 through 2.1.0 for Z hub component is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a…
CVE-2025-13965 2026-02-18 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference…
CVE-2025-13933 2026-02-18 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-12500. Reason: This candidate is a reservation duplicate of CVE-2025-12500. Notes: All CVE users should reference…
CVE-2025-13602 2026-02-18 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-25421 2026-02-18 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Collision with another CVE.
CVE-2026-27038 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27037 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27036 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27035 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27034 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27033 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27032 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-27031 2026-02-18 N/A 0.0 Rejected reason: Not used
CVE-2026-2570 2026-02-17 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-23648 2026-02-17 HIGH 7.8 Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and…
CVE-2026-23647 2026-02-17 CRITICAL 9.8 Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including…
CVE-2026-22208 2026-02-17 CRITICAL 9.6 OpenS100 (the reference implementation S-100 viewer) prior to commit 753cf29 contain a remote code execution vulnerability via an unrestricted Lua interpreter. The Portrayal Engine initializes Lua using luaL_openlibs()…
CVE-2025-67905 2026-02-17 HIGH 8.7 Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate…
CVE-2026-25087 2026-02-17 HIGH 7.0 Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file…
CVE-2026-0829 2026-02-17 MEDIUM 5.8 The Frontend File Manager Plugin WordPress plugin through 23.5 allows unauthenticated users to send emails through the site without any security checks. This lets attackers use the WordPress…
CVE-2024-55271 2026-02-17 LOW 3.5 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in phpgurukul Gym Management System 1.0. This issue is present in the profile update functionality of the User Panel,…
CVE-2026-1452 2026-02-17 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-2618 2026-02-17 LOW 3.7 A vulnerability was determined in Beetel 777VR1 up to 01.00.09. This impacts an unknown function of the component SSH Service. This manipulation causes risky cryptographic algorithm. The attack…
CVE-2025-70828 2026-02-17 HIGH 8.8 An issue in Datart v1.0.0-rc.3 allows attackers to execute arbitrary code via the url parameter in the JDBC configuration
CVE-2025-70397 2026-02-17 HIGH 8.8 jizhicms 2.5.6 is vulnerable to SQL Injection in Article/deleteAll and Extmolds/deleteAll via the data parameter.
CVE-2025-65753 2026-02-17 CRITICAL 9.0 An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.
CVE-2026-2617 2026-02-17 MEDIUM 6.3 A vulnerability was found in Beetel 777VR1 up to 01.00.09. This affects an unknown function of the component Telnet Service/SSH Service. The manipulation results in insecure default initialization…
CVE-2025-70830 2026-02-17 CRITICAL 9.9 A Server-Side Template Injection (SSTI) vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into…
CVE-2025-70829 2026-02-17 MEDIUM 5.7 An information exposure vulnerability in Datart v1.0.0-rc.3 allows authenticated attackers to access sensitive data via a custom H2 JDBC connection string.
CVE-2026-2616 2026-02-17 HIGH 8.8 A vulnerability has been found in Beetel 777VR1 up to 01.00.09. The impacted element is an unknown function of the component Web Management Interface. The manipulation leads to…
CVE-2026-2439 2026-02-16 CRITICAL 9.8 Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with…
CVE-2026-2474 2026-02-16 HIGH 7.5 Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom(). The function does not validate that the length…
CVE-2025-15578 2026-02-16 CRITICAL 9.8 Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers),…
CVE-2024-31118 2026-02-17 MEDIUM 6.5 Missing Authorization vulnerability in Smartypants SP Project & Document Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SP Project & Document Manager: from n/a through…
CVE-2022-41650 2026-02-17 MEDIUM 6.5 Missing Authorization vulnerability in Paul Custom Content by Country (by Shield Security) custom-content-by-country.This issue affects Custom Content by Country (by Shield Security): from n/a through 3.1.2.
CVE-2026-23861 2026-02-17 MEDIUM 5.4 Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could…
CVE-2025-7706 2026-02-17 MEDIUM 6.1 Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
CVE-2026-2615 2026-02-17 HIGH 7.2 A flaw has been found in Wavlink WL-NU516U1 up to 20251208. The affected element is the function singlePortForwardDelete of the file /cgi-bin/firewall.cgi. Executing a manipulation of the argument…
CVE-2026-2608 2026-02-17 MEDIUM 4.3 The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in…
CVE-2026-2247 2026-02-17 N/A 0.0 SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL…
CVE-2025-8303 2026-02-17 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EKA Software Computer Information Advertising Services Ltd. Real Estate Script V5 (With Doping Module…
CVE-2025-7631 2026-02-17 HIGH 8.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co. Tumeva News…
CVE-2026-25903 2026-02-17 N/A 0.0 Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation…
CVE-2026-1216 2026-02-17 HIGH 7.2 The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input…
CVE-2026-1657 2026-02-17 MEDIUM 5.3 The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the…
CVE-2026-2592 2026-02-17 HIGH 7.7 The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is…
CVE-2026-2002 2026-02-17 MEDIUM 4.4 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_name parameter in all versions…
CVE-2026-26220 2026-02-17 N/A 0.0 LightLLM version 1.1.0 and prior contain an unauthenticated remote code execution vulnerability in PD (prefill-decode) disaggregation mode. The PD master node exposes WebSocket endpoints that receive binary frames…
CVE-2025-12062 2026-02-17 HIGH 8.8 The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.8.6 via the…
CVE-2026-2001 2026-02-16 HIGH 8.8 The WowRevenue plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'Notice::install_activate_plugin' function in all versions up to, and including,…
« Anterior Página 293 de 4232 Siguiente »