Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-26165 2026-04-14 HIGH 7.0 Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-26163 2026-04-14 HIGH 7.8 Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26162 2026-04-14 HIGH 7.8 Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally.
CVE-2026-26161 2026-04-14 HIGH 7.8 Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26160 2026-04-14 HIGH 7.8 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26159 2026-04-14 HIGH 7.8 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26156 2026-04-14 HIGH 7.8 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-26155 2026-04-14 MEDIUM 6.5 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-26154 2026-04-14 HIGH 7.5 Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network.
CVE-2026-26153 2026-04-14 HIGH 7.8 Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-26152 2026-04-14 HIGH 7.0 Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-26151 2026-04-14 HIGH 7.1 Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26149 2026-04-14 CRITICAL 9.0 Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network.
CVE-2026-26143 2026-04-14 HIGH 7.8 Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-25184 2026-04-14 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-24907 2026-04-14 N/A 0.0 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail…
CVE-2026-24906 2026-04-14 N/A 0.0 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings.…
CVE-2026-23670 2026-04-14 MEDIUM 5.7 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.
CVE-2026-23666 2026-04-14 HIGH 7.5 Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23657 2026-04-14 HIGH 7.8 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23653 2026-04-14 MEDIUM 5.7 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-21331 2026-04-14 MEDIUM 6.1 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a…
CVE-2026-20945 2026-04-14 MEDIUM 4.6 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-20930 2026-04-14 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20928 2026-04-14 MEDIUM 4.6 Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-20806 2026-04-14 MEDIUM 5.5 Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally.
CVE-2026-0390 2026-04-14 MEDIUM 6.7 Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
CVE-2026-0209 2026-04-14 N/A 0.0 Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured.
CVE-2026-0207 2026-04-14 N/A 0.0 A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions.
CVE-2025-70023 2026-04-14 N/A 0.0 An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6.
CVE-2025-65136 2026-04-14 MEDIUM 6.1 In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter.
CVE-2025-65135 2026-04-14 CRITICAL 9.8 In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter.
CVE-2025-69993 2026-04-14 MEDIUM 6.1 Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting (XSS) via the bindPopup() method. This method renders user-supplied input as raw HTML without sanitization, allowing…
CVE-2025-65132 2026-04-14 MEDIUM 6.1 alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET parameter.
CVE-2025-63939 2026-04-14 CRITICAL 9.8 Improper input handling in /Grocery/search_products_itname.php, in anirudhkannan Grocery Store Management System 1.0, allows SQL injection via the sitem_name POST parameter.
CVE-2026-5713 2026-04-14 N/A 0.0 The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write addresses…
CVE-2026-39956 2026-04-13 MEDIUM 6.1 jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() without verifying they are strings, and…
CVE-2026-34626 2026-04-14 MEDIUM 6.3 Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary file…
CVE-2026-34622 2026-04-14 HIGH 8.6 Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code…
CVE-2026-34225 2026-04-14 MEDIUM 4.3 Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that…
CVE-2026-33534 2026-04-13 MEDIUM 4.3 EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the internal-host validation logic…
CVE-2026-27291 2026-04-14 HIGH 7.8 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-27286 2026-04-14 MEDIUM 5.5 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to…
CVE-2026-27285 2026-04-14 MEDIUM 5.5 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2026-27284 2026-04-14 HIGH 7.8 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end…
CVE-2026-27283 2026-04-14 HIGH 7.8 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-27238 2026-04-14 HIGH 7.8 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-22692 2026-04-14 MEDIUM 4.9 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig…
CVE-2026-4832 2026-04-14 N/A 0.0 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port.
CVE-2026-39814 2026-04-14 MEDIUM 6.7 A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7.0.12 may…
« Anterior Página 297 de 4463 Siguiente »