Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-6131 2026-04-12 CRITICAL 9.8 A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of…
CVE-2026-6130 2026-04-12 HIGH 7.3 A flaw has been found in chatboxai chatbox up to 1.20.0. This impacts the function StdioClientTransport of the file src/main/mcp/ipc-stdio-transport.ts of the component Model Context Protocol Server Management…
CVE-2026-6129 2026-04-12 HIGH 7.3 A vulnerability was detected in zhayujie chatgpt-on-wechat CowAgent up to 2.0.4. This affects an unknown function of the component Agent Mode Service. Performing a manipulation results in missing…
CVE-2026-40396 2026-04-12 MEDIUM 4.0 Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until…
CVE-2026-40395 2026-04-12 MEDIUM 4.0 Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req0, which is normally…
CVE-2026-40394 2026-04-12 MEDIUM 4.0 Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of…
CVE-2026-40393 2026-04-12 HIGH 8.1 In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is…
CVE-2026-40386 2026-04-12 MEDIUM 4.0 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of…
CVE-2026-40385 2026-04-12 MEDIUM 4.0 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects…
CVE-2019-25713 2026-04-12 HIGH 7.1 MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attackers can submit crafted…
CVE-2019-25712 2026-04-12 MEDIUM 6.2 BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can…
CVE-2019-25711 2026-04-12 MEDIUM 6.2 SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during…
CVE-2019-25710 2026-04-12 HIGH 8.2 Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject…
CVE-2019-25709 2026-04-12 CRITICAL 9.8 CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete…
CVE-2019-25708 2026-04-12 MEDIUM 4.3 Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft…
CVE-2019-25707 2026-04-12 HIGH 7.1 eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send…
CVE-2019-25706 2026-04-12 HIGH 7.5 Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers…
CVE-2019-25705 2026-04-12 HIGH 8.4 Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the…
CVE-2019-25703 2026-04-12 HIGH 7.1 ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attackers can send…
CVE-2019-25701 2026-04-12 HIGH 8.4 Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers…
CVE-2019-25699 2026-04-12 HIGH 7.1 Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques.…
CVE-2019-25697 2026-04-12 HIGH 8.2 CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests…
CVE-2019-25695 2026-04-12 HIGH 8.4 R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft…
CVE-2019-25693 2026-04-12 HIGH 7.1 ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can…
CVE-2019-25691 2026-04-12 HIGH 8.4 Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers…
CVE-2019-25689 2026-04-12 HIGH 8.4 HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a…
CVE-2018-25258 2026-04-12 HIGH 8.4 RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft…
CVE-2018-25257 2026-04-12 HIGH 7.1 Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm.…
CVE-2017-20239 2026-04-12 MEDIUM 6.1 MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft URLs with…
CVE-2026-6126 2026-04-12 HIGH 7.3 A weakness has been identified in zhayujie chatgpt-on-wechat CowAgent 2.0.4. The affected element is an unknown function of the component Administrative HTTP Endpoint. This manipulation causes missing authentication.…
CVE-2026-6125 2026-04-12 MEDIUM 6.3 A security flaw has been discovered in Dromara warm-flow up to 1.8.4. Impacted is the function SpelHelper.parseExpression of the file /warm-flow/save-json of the component Workflow Definition Handler. The…
CVE-2026-6124 2026-04-12 HIGH 8.8 A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument…
CVE-2026-6123 2026-04-12 HIGH 8.8 A vulnerability was found in Tenda F451 1.0.0.7. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Performing a manipulation of the argument entrys…
CVE-2026-6122 2026-04-12 HIGH 8.8 A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Such manipulation of…
CVE-2026-6121 2026-04-12 HIGH 8.8 A flaw has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function WrlclientSet of the file /goform/WrlclientSet of the component httpd. This manipulation of…
CVE-2026-6120 2026-04-12 HIGH 8.8 A vulnerability was detected in Tenda F451 1.0.0.7. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. The manipulation of the argument page results…
CVE-2026-6119 2026-04-12 MEDIUM 6.3 A vulnerability was identified in AstrBotDevs AstrBot up to 4.22.1. The affected element is the function post_data.get of the component API Endpoint. Such manipulation leads to server-side request…
CVE-2026-31413 2026-04-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when…
CVE-2026-6118 2026-04-12 MEDIUM 6.3 A vulnerability was determined in AstrBotDevs AstrBot up to 4.22.1. Impacted is the function add_mcp_server of the file astrbot/dashboard/routes/tools.py of the component MCP Endpoint. This manipulation of the…
CVE-2026-6117 2026-04-12 MEDIUM 6.3 A vulnerability was found in AstrBotDevs AstrBot up to 4.22.1. This issue affects the function install_plugin_upload of the file astrbot/dashboard/routes/plugin.py of the component install-upload Endpoint. The manipulation of…
CVE-2026-6116 2026-04-12 CRITICAL 9.8 A vulnerability has been found in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the…
CVE-2026-6115 2026-04-12 CRITICAL 9.8 A flaw has been found in Totolink A7100RU 7.4cu.2313_b20191024. This affects the function setAppCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the…
CVE-2026-34621 2026-04-11 HIGH 8.6 Acrobat Reader versions 24.001.30356, 26.001.21367 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability that could result in arbitrary code execution…
CVE-2026-6114 2026-04-12 CRITICAL 9.8 A vulnerability was detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this issue is the function setNetworkCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation…
CVE-2026-6113 2026-04-12 CRITICAL 9.8 A security vulnerability has been detected in Totolink A7100RU 7.4cu.2313_b20191024. Affected by this vulnerability is the function setTtyServiceCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such…
CVE-2026-6112 2026-04-12 CRITICAL 9.8 A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setRadvdCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument…
CVE-2026-6111 2026-04-12 MEDIUM 6.3 A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results…
CVE-2026-6110 2026-04-12 HIGH 7.3 A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to…
CVE-2026-1116 2026-04-12 HIGH 8.2 A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of…
CVE-2026-6109 2026-04-12 MEDIUM 4.3 A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.1. The impacted element is the function evaluateCode of the file metagpt/environment/minecraft/mineflayer/index.js of the component Mineflayer HTTP API. Executing…
« Anterior Página 304 de 4462 Siguiente »