Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1688 2026-01-30 HIGH 7.3 A security vulnerability has been detected in itsourcecode Directory Management System 1.0. The affected element is an unknown function of the file /admin/index.php. The manipulation of the argument…
CVE-2026-1687 2026-01-30 HIGH 7.3 A weakness has been identified in Tenda HG10 US_HG7_HG9_HG10re_300001138_en_xpon. Impacted is an unknown function of the file /boaform/formSamba of the component Boa Webserver. Executing a manipulation of the…
CVE-2026-1686 2026-01-30 HIGH 8.8 A security flaw has been discovered in Totolink A3600R 5.9c.4959. This issue affects the function setAppEasyWizardConfig in the library /lib/cste_modules/app.so. Performing a manipulation of the argument apcliSsid results…
CVE-2025-7964 2026-01-30 N/A 0.0 After receiving a malformed 802.15.4 MAC Data Request the Zigbee Coordinator sends a ‘network leave’ request to Zigbee router resulting in the Zigbee Router getting stuck in a…
CVE-2025-4686 2026-01-30 HIGH 8.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment…
CVE-2025-15549 2026-01-29 N/A 0.0 FluentCMS 2026 contains a stored cross-site scripting vulnerability that allows authenticated administrators to upload SVG files with embedded JavaScript via the File Management module. Attackers can upload malicious…
CVE-2026-1685 2026-01-30 LOW 3.7 A vulnerability was identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_40AC74 of the component Login. Such manipulation leads to improper restriction of excessive authentication attempts.…
CVE-2026-1684 2026-01-30 MEDIUM 5.3 A vulnerability was found in Free5GC SMF up to 4.1.0. Affected by this issue is the function HandleReports of the file /internal/context/pfcp_reports.go of the component PFCP UDP Endpoint.…
CVE-2024-4027 2026-01-30 HIGH 7.5 A flaw was found in Undertow. Servlets using a method that calls HttpServletRequestImpl.getParameterNames() can cause an OutOfMemoryError when the client sends a request with large parameter names. This…
CVE-2025-1395 2026-01-30 HIGH 8.2 Generation of Error Message Containing Sensitive Information vulnerability in Codriapp Innovation and Software Technologies Inc. HeyGarson allows Fuzzing for application mapping.This issue affects HeyGarson: through 30012026. NOTE: The…
CVE-2026-1683 2026-01-30 MEDIUM 5.3 A vulnerability has been found in Free5GC SMF up to 4.1.0. Affected by this vulnerability is the function HandlePfcpSessionReportRequest of the file internal/pfcp/handler/handler.go of the component PFCP. The…
CVE-2026-1682 2026-01-30 MEDIUM 5.3 A flaw has been found in Free5GC SMF up to 4.1.0. Affected is the function HandlePfcpAssociationReleaseRequest of the file internal/pfcp/handler/handler.go of the component PFCP UDP Endpoint. Executing a…
CVE-2025-9226 2026-01-30 MEDIUM 4.6 Zohocorp ManageEngine OpManager, NetFlow Analyzer, and OpUtils versions prior to 128582 are affected by a stored cross-site scripting vulnerability in the Subnet Details.
CVE-2025-6723 2026-01-30 N/A 0.0 Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit…
CVE-2026-1281 2026-01-29 CRITICAL 9.8 A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution.
CVE-2026-1498 2026-01-30 N/A 0.0 An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication…
CVE-2025-13176 2026-01-30 N/A 0.0 Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.
CVE-2026-22626 2026-01-30 MEDIUM 4.9 Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
CVE-2026-22625 2026-01-30 MEDIUM 4.6 Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
CVE-2026-22624 2026-01-30 MEDIUM 4.3 Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
CVE-2026-22623 2026-01-30 HIGH 7.2 Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
CVE-2026-0709 2026-01-30 HIGH 7.2 Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets…
CVE-2025-26385 2026-01-30 N/A 0.0 Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote…
CVE-2026-1699 2026-01-30 CRITICAL 10.0 In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pull_request_target trigger while checking out and executing untrusted pull request code. This allowed any GitHub user…
CVE-2026-22277 2026-01-30 HIGH 7.8 Dell UnityVSA, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local…
CVE-2026-21418 2026-01-30 HIGH 7.8 Dell Unity, version(s) 5.5.2 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local…
CVE-2026-25211 2026-01-30 LOW 3.2 Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log.
CVE-2026-25210 2026-01-30 MEDIUM 6.9 In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.
CVE-2026-1680 2026-01-30 N/A 0.0 Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges…
CVE-2026-0963 2026-01-30 CRITICAL 9.9 An input neutralization vulnerability in the File Operations API Endpoint component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via…
CVE-2026-0805 2026-01-30 HIGH 8.2 An input neutralization vulnerability in the Backup Configuration component of Crafty Controller allows a remote, authenticated attacker to perform file tampering and remote code execution via path traversal.
CVE-2025-12899 2026-01-30 MEDIUM 6.5 A flaw in Zephyr’s network stack allows an IPv4 packet containing ICMP type 128 to be misclassified as an ICMPv6 Echo Request. This results in an out-of-bounds memory…
CVE-2026-25097 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25096 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25095 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25094 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25093 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25092 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25091 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-25090 2026-01-30 N/A 0.0 Rejected reason: Not used
CVE-2026-24729 2026-01-30 N/A 0.0 An unrestricted upload of file with dangerous type vulnerability in the file upload function of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to execute arbitrary system commands…
CVE-2026-24728 2026-01-30 N/A 0.0 A missing authentication for critical function vulnerability in the /servlet/baServer3 endpoint of Interinfo DreamMaker versions before 2025/10/22 allows remote attackers to access exposed administrative functionality without prior authentication.
CVE-2026-24714 2026-01-30 HIGH 7.5 Some end of service NETGEAR products provide "TelnetEnable" functionality, which allows a magic packet to activate telnet service on the box.
CVE-2025-15322 2026-01-30 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Tanium Server.
CVE-2026-1638 2026-01-30 MEDIUM 6.3 A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results…
CVE-2026-1665 2026-01-29 N/A 0.0 A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable…
CVE-2026-1637 2026-01-29 HIGH 8.8 A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation…
CVE-2026-25126 2026-01-29 HIGH 7.1 PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript…
CVE-2026-25117 2026-01-29 N/A 0.0 pwn.college DOJO is an education platform for learning cybersecurity. Prior to commit e33da14449a5abcff507e554f66e2141d6683b0a, missing sandboxing on `/workspace/*` routes allows challenge authors to inject arbitrary javascript which runs on…
CVE-2026-25116 2026-01-29 HIGH 7.6 Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the `UserConfigController` allows any remote user to…
« Anterior Página 30 de 3913 Siguiente »