Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-2558	2026-02-16	MEDIUM	6.3	A flaw has been found in GeekAI up to 4.2.4. The affected element is the function Download of the file api/handler/net_handler.go. This manipulation of the argument url causes…
CVE-2026-2557	2026-02-16	LOW	3.5	A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross…
CVE-2026-1335	2026-02-16	HIGH	7.8	An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to…
CVE-2026-1334	2026-02-16	HIGH	7.8	An Out-Of-Bounds Read vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to…
CVE-2026-1333	2026-02-16	HIGH	7.8	A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an…
CVE-2026-2556	2026-02-16	MEDIUM	6.3	A security vulnerability has been detected in cskefu up to 8.0.1. This issue affects some unknown processing of the file com/cskefu/cc/controller/resource/MediaController.java of the component Endpoint. The manipulation of…
CVE-2026-1046	2026-02-16	HIGH	7.6	Mattermost Desktop App versions
CVE-2025-14573	2026-02-16	LOW	3.8	Mattermost versions 10.11.x
CVE-2025-14350	2026-02-16	MEDIUM	4.3	Mattermost versions 11.1.x
CVE-2026-2555	2026-02-16	MEDIUM	5.0	A weakness has been identified in JeecgBoot 3.9.1. This vulnerability affects the function importDocumentFromZip of the file org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java of the component Retrieval-Augmented Generation. Executing a manipulation can lead…
CVE-2026-2553	2026-02-16	MEDIUM	6.3	A security flaw has been discovered in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. This affects an unknown part of the file /home.php of the component HTTP POST Request Handler.…
CVE-2026-2552	2026-02-16	MEDIUM	5.5	A vulnerability was identified in ZenTao up to 21.7.8. Affected by this issue is the function delete of the file editor/control.php of the component Committer. Such manipulation of…
CVE-2025-2418	2026-02-16	MEDIUM	4.3	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in TR7 Cyber Defense Inc. Web Application Firewall allows Phishing.This issue affects Web Application Firewall: from 4.30 through 16022026. NOTE:…
CVE-2025-13821	2026-02-16	MEDIUM	5.7	Mattermost versions 11.1.x
CVE-2026-2551	2026-02-16	MEDIUM	5.4	A vulnerability was determined in ZenTao up to 21.7.8. Affected by this vulnerability is the function delete of the file editor/control.php of the component Backup Handler. This manipulation…
CVE-2026-2452	2026-02-16	N/A	0.0	Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced…
CVE-2026-2451	2026-02-16	N/A	0.0	Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced…
CVE-2026-2415	2026-02-16	N/A	0.0	Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced…
CVE-2026-2577	2026-02-16	CRITICAL	10.0	The WhatsApp bridge component in Nanobot binds the WebSocket server to all network interfaces (0.0.0.0) on port 3001 by default and does not require authentication for incoming connections.…
CVE-2026-2550	2026-02-16	CRITICAL	9.8	A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be…
CVE-2026-2549	2026-02-16	HIGH	7.3	A vulnerability has been found in zhanghuanhao LibrarySystem 图书馆管理系统 up to 1.1.1. This impacts an unknown function of the file BookController.java. The manipulation leads to improper access controls.…
CVE-2026-0999	2026-02-16	MEDIUM	5.4	Mattermost versions 11.1.x
CVE-2026-0998	2026-02-16	MEDIUM	4.3	Mattermost versions 11.1.x
CVE-2026-0997	2026-02-16	MEDIUM	4.3	Mattermost versions 11.1.x
CVE-2025-59905	2026-02-16	N/A	0.0	Cross-Site Scripting (XSS) vulnerability reflected in Kubysoft, which occurs through multiple parameters within the endpoint ‘/node/kudaby/nodeFN/procedure’. This flaw allows the injection of arbitrary client-side scripts, which are immediately…
CVE-2025-59904	2026-02-16	N/A	0.0	Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, which is triggered through multiple parameters in the '/kForms/app' endpoint. This issue allows malicious scripts to be injected and executed persistently…
CVE-2025-59903	2026-02-16	N/A	0.0	Stored Cross-Site Scripting (XSS) vulnerability in Kubysoft, where uploaded SVG images are not properly sanitized. This allows attackers to embed malicious scripts within SVG files as visual content,…
CVE-2026-2548	2026-02-16	MEDIUM	6.3	A flaw has been found in WAYOS FBM-220G 24.10.19. This affects the function sub_40F820 of the file rc. Executing a manipulation of the argument upnp_waniface/upnp_ssdp_interval/upnp_max_age can lead to…
CVE-2026-2547	2026-02-16	LOW	3.5	A vulnerability was detected in LigeroSmart up to 6.1.26. The impacted element is the function AgentDashboard of the file /otrs/index.pl. Performing a manipulation of the argument Subaction results…
CVE-2026-2546	2026-02-16	LOW	3.5	A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument SortBy…
CVE-2026-2545	2026-02-16	LOW	3.5	A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketSearch. This manipulation of the argument Profile causes cross site…
CVE-2026-2544	2026-02-16	HIGH	7.3	A security flaw has been discovered in yued-fe LuLu UI up to 3.0.0. This issue affects the function child_process.exec of the file run.js. The manipulation results in os…
CVE-2026-2543	2026-02-16	LOW	2.7	A vulnerability was identified in vichan-devel vichan up to 5.1.5. This vulnerability affects unknown code of the file inc/mod/pages.php of the component Password Change Handler. The manipulation of…
CVE-2026-2542	2026-02-16	HIGH	7.0	A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipulation…
CVE-2026-2538	2026-02-16	HIGH	7.0	A security flaw has been discovered in Flos Freeware Notepad2 4.2.22/4.2.23/4.2.24/4.2.25. Affected is an unknown function in the library Msimg32.dll. Performing a manipulation results in uncontrolled search path.…
CVE-2026-0929	2026-02-16	N/A	0.0	The RegistrationMagic WordPress plugin before 6.0.7.2 does not have proper capability checks, allowing subscribers and above to create forms on the site.
CVE-2026-2537	2026-02-16	MEDIUM	4.7	A vulnerability was identified in Comfast CF-E4 2.6.0.1. This impacts an unknown function of the file /cgi-bin/mbox-config?method=SET&section=ntp_timezone of the component HTTP POST Request Handler. Such manipulation of the…
CVE-2026-2536	2026-02-16	MEDIUM	6.3	A vulnerability was determined in opencc JFlow up to 20260129. This affects the function Imp_Done of the file src/main/java/bp/wf/httphandler/WF_Admin_AttrFlow.java of the component Workflow Engine. This manipulation of the…
CVE-2026-2535	2026-02-16	MEDIUM	6.3	A vulnerability was found in Comfast CF-N1 V2 2.6.0.2. The impacted element is the function sub_44AB9C of the file /cgi-bin/mbox-config?method=SET&section=ptest_channel. The manipulation of the argument channel results in…
CVE-2026-2534	2026-02-16	MEDIUM	6.3	A vulnerability has been found in Comfast CF-N1 V2 2.6.0.2. The affected element is the function sub_44AC4C of the file /cgi-bin/mbox-config?method=SET&section=ptest_bandwidth. The manipulation of the argument bandwidth leads…
CVE-2026-2533	2026-02-16	HIGH	7.3	A flaw has been found in Tosei Self-service Washing Machine 4.02. Impacted is an unknown function of the file /cgi-bin/tosei_datasend.php. Executing a manipulation of the argument adr_txt_1 can…
CVE-2026-2532	2026-02-16	MEDIUM	6.3	A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a…
CVE-2026-2531	2026-02-16	MEDIUM	6.3	A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation…
CVE-2026-2530	2026-02-16	MEDIUM	6.3	A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command…
CVE-2026-2529	2026-02-16	MEDIUM	6.3	A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the…
CVE-2026-2528	2026-02-16	MEDIUM	6.3	A vulnerability was identified in Wavlink WL-WN579A3 up to 20210219. Affected by this vulnerability is the function Delete_Mac_list of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list…
CVE-2026-2527	2026-02-16	MEDIUM	6.3	A vulnerability was determined in Wavlink WL-WN579A3 up to 20210219. Affected is an unknown function of the file /cgi-bin/login.cgi. Executing a manipulation of the argument key can lead…
CVE-2026-2526	2026-02-16	MEDIUM	6.3	A vulnerability was found in Wavlink WL-WN579A3 up to 20210219. This impacts the function multi_ssid of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument SSID2G2 results in…
CVE-2026-2525	2026-02-16	MEDIUM	5.3	A vulnerability has been found in Free5GC up to 4.1.0. This affects an unknown function of the component PFCP UDP Endpoint. Such manipulation leads to denial of service.…
CVE-2026-2524	2026-02-16	MEDIUM	5.3	A flaw has been found in Open5GS 2.7.6. The impacted element is the function mme_s11_handle_create_session_response of the component MME. This manipulation causes denial of service. The attack can…

« Anterior Página 295 de 4232 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte