Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-0724 2026-02-11 MEDIUM 4.4 The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_wplyr_accent_color' parameter in all versions up to, and including, 1.3.0 due to insufficient…
CVE-2025-9986 2026-02-11 HIGH 8.2 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025.
CVE-2025-15440 2026-02-11 HIGH 7.2 The iONE360 configurator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Form Parameters in all versions up to, and including, 2.0.57 due to insufficient…
CVE-2025-13651 2026-02-11 N/A 0.0 Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31.
CVE-2025-13650 2026-02-11 N/A 0.0 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has…
CVE-2025-13649 2026-02-11 N/A 0.0 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is not necessary, but the action must be performed) who has the…
CVE-2025-13648 2026-02-11 N/A 0.0 An attacker with access to the web application ZeusWeb of the provider Microcom (in this case, registration is required) who has the vulnerable software could introduce arbitrary JavaScript…
CVE-2025-10913 2026-02-11 HIGH 8.3 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Cross-Site Scripting (XSS).This issue affects TemizlikYolda:…
CVE-2025-10912 2026-02-11 MEDIUM 5.4 Authorization Bypass Through User-Controlled Key vulnerability in Saastech Cleaning and Internet Services Inc. TemizlikYolda allows Manipulating User-Controlled Variables.This issue affects TemizlikYolda: through 11022026. NOTE: The vendor was contacted…
CVE-2026-1357 2026-02-11 CRITICAL 9.8 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Upload in versions up to and including 0.9.123. This is…
CVE-2026-26079 2026-02-11 MEDIUM 4.7 Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
CVE-2026-1893 2026-02-11 MEDIUM 6.4 The Orbisius Random Name Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'btn_label' parameter in the 'orbisius_random_name_generator' shortcode in all versions up to, and…
CVE-2026-1231 2026-02-11 MEDIUM 6.4 The Beaver Builder Page Builder – Drag and Drop Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `js` Global Settings parameter in all…
CVE-2025-15524 2026-02-11 MEDIUM 4.3 The Gallery by FooGallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax_get_gallery_info() function in all versions up…
CVE-2025-14541 2026-02-11 HIGH 7.2 The Lucky Wheel Giveaway plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.22 via the conditional_tags parameter. This is due…
CVE-2025-13431 2026-02-11 MEDIUM 6.5 The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping…
CVE-2026-1571 2026-02-11 N/A 0.0 User-controlled input is reflected into the HTML output without proper encoding on TP-Link Archer C60 v3, allowing arbitrary JavaScript execution via a crafted URL. An attacker could run script…
CVE-2026-25872 2026-02-10 MEDIUM 5.3 JUNG Smart Panel KNX firmware version L1.12.22 and prior contain an unauthenticated path traversal vulnerability in the embedded web interface. The application fails to properly validate file path…
CVE-2026-25870 2026-02-10 MEDIUM 5.8 DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP…
CVE-2026-26013 2026-02-10 LOW 3.7 LangChain is a framework for building agents and LLM-powered applications. Prior to 1.2.11, the ChatOpenAI.get_num_tokens_from_messages() method fetches arbitrary image_url values without validation when computing token counts for vision-enabled…
CVE-2026-26007 2026-02-10 N/A 0.0 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_key() functions do not…
CVE-2026-26006 2026-02-10 MEDIUM 6.5 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular…
CVE-2026-21533 2026-02-10 HIGH 7.8 Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-20841 2026-02-10 HIGH 8.8 Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
CVE-2026-26044 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26043 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26042 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26041 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26040 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26039 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26038 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26037 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-26036 2026-02-11 N/A 0.0 Rejected reason: Not used
CVE-2026-21517 2026-02-10 MEDIUM 4.7 Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
CVE-2026-25251 2026-02-10 N/A 0.0 Rejected reason: This has been moved to the REJECTED state because the information source is under review. If circumstances change, it is possible that this will be moved…
CVE-2025-62439 2026-02-10 MEDIUM 4.2 An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0…
CVE-2025-55018 2026-02-10 MEDIUM 5.8 An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4.3…
CVE-2025-52436 2026-02-10 HIGH 8.8 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions,…
CVE-2025-15572 2026-02-10 LOW 3.3 A vulnerability has been found in wasm3 up to 0.5.0. The affected element is the function NewCodePage. The manipulation leads to memory leak. The attack must be carried…
CVE-2025-11004 2026-02-10 N/A 0.0 The Simplicity Device Manager Tool has a Reflected XSS (Cross-site-scripting) vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These…
CVE-2024-54192 2026-02-10 MEDIUM 5.0 An issue inTcpreplay v4.5.1 allows a local attacker to cause a denial of service via a crafted file to the tcpedit_dlt_getplugin function at src/tcpedit/plugins/dlt_utils.c.
CVE-2026-1507 2026-02-10 HIGH 7.5 The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
CVE-2026-1495 2026-02-10 MEDIUM 6.5 The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT…
CVE-2025-12699 2026-02-10 MEDIUM 5.5 The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS…
CVE-2026-2303 2026-02-10 MEDIUM 6.5 The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about…
CVE-2026-21349 2026-02-10 HIGH 7.8 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
CVE-2026-21348 2026-02-10 MEDIUM 5.5 Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-1763 2026-02-10 MEDIUM 4.6 Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
CVE-2026-1762 2026-02-10 LOW 2.9 A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
CVE-2025-54514 2026-02-10 N/A 0.0 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
« Anterior Página 316 de 4236 Siguiente »