Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25950 2026-02-10 N/A 0.0 Rejected reason: Further research determined the issue is not a vulnerability.
CVE-2025-6010 2026-02-10 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-24343 2026-02-10 HIGH 8.8 Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: from 1.7.1 before 1.8.0. Users are recommended to upgrade to…
CVE-2026-23906 2026-02-10 CRITICAL 9.8 Affected Products and Versions * Apache Druid * Affected Versions: 0.17.0 through 35.x (all versions prior to 36.0.0) * Prerequisites: * druid-basic-security extension enabled * LDAP authenticator configured…
CVE-2025-7636 2026-02-10 HIGH 8.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ergosis Security Systems Computer Industry and Trade Inc. ZEUS PDKS allows SQL Injection.This issue…
CVE-2025-7347 2026-02-10 HIGH 8.8 Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers.This issue affects Dinibh Patrol Tracking System: through 10022026.…
CVE-2025-15571 2026-02-10 LOW 3.3 A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer…
CVE-2025-6967 2026-02-10 HIGH 8.7 Execution After Redirect (EAR) vulnerability in Sarman Soft Software and Technology Services Industry and Trade Ltd. Co. CMS allows JSON Hijacking (aka JavaScript Hijacking), Authentication Bypass.This issue affects…
CVE-2025-15570 2026-02-10 MEDIUM 5.3 A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking…
CVE-2025-15569 2026-02-10 HIGH 7.0 A flaw has been found in Artifex MuPDF up to 1.26.1 on Windows. The impacted element is the function get_system_dpi of the file platform/x11/win_main.c. This manipulation causes uncontrolled…
CVE-2025-11537 2026-02-10 MEDIUM 5.0 A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and…
CVE-2026-2268 2026-02-10 HIGH 7.5 The Ninja Forms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.14.0. This is due to the unsafe application of…
CVE-2026-25656 2026-02-10 HIGH 7.8 A vulnerability has been identified in SINEC NMS (All versions), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a configuration file…
CVE-2026-25655 2026-02-10 HIGH 7.8 A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This…
CVE-2026-23901 2026-02-10 N/A 0.0 Observable Timing Discrepancy vulnerability in Apache Shiro. This issue affects Apache Shiro: from 1.*, 2.* before 2.0.7. Users are recommended to upgrade to version 2.0.7 or later, which…
CVE-2026-23720 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability…
CVE-2026-23719 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while…
CVE-2026-23718 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability…
CVE-2026-23717 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability…
CVE-2026-23716 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability…
CVE-2026-23715 2026-02-10 HIGH 7.8 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds write vulnerability…
CVE-2026-22923 2026-02-10 HIGH 7.8 A vulnerability has been identified in NX (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attacker with local access to…
CVE-2026-1922 2026-02-10 MEDIUM 6.4 The The Events Calendar Shortcode & Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `ecs-list-events` shortcode `message` attribute in all versions up to,…
CVE-2026-1866 2026-02-10 HIGH 7.2 The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to…
CVE-2025-40587 2026-02-10 HIGH 7.6 A vulnerability has been identified in Polarion V2404 (All versions < V2404.5), Polarion V2410 (All versions < V2410.2). The affected application allows arbitrary JavaScript code be included in…
CVE-2025-14895 2026-02-10 MEDIUM 5.4 The PopupKit plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.2.0. This is due to the plugin not properly verifying that…
CVE-2024-52334 2026-02-10 MEDIUM 5.3 A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF07). The affected application does not encrypt the passwords properly. This could allow an attacker to recover…
CVE-2025-11242 2026-02-10 CRITICAL 9.8 Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025.
CVE-2026-1722 2026-02-10 MEDIUM 5.3 The WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.7.0. This is…
CVE-2026-2099 2026-02-10 MEDIUM 5.4 AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
CVE-2026-2098 2026-02-10 MEDIUM 6.1 AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-2097 2026-02-10 HIGH 8.8 Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the…
CVE-2026-2096 2026-02-10 CRITICAL 9.8 Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality.
CVE-2026-2095 2026-02-10 CRITICAL 9.8 Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the…
CVE-2026-2094 2026-02-10 HIGH 8.8 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2026-2093 2026-02-10 HIGH 7.5 Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-12063 2026-02-10 MEDIUM 5.7 An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
CVE-2026-0996 2026-02-10 MEDIUM 6.4 The Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI Form Builder module in all versions up to, and including, 6.1.14 due to…
CVE-2025-13064 2026-02-10 MEDIUM 4.5 A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only…
CVE-2025-12757 2026-02-10 MEDIUM 4.6 An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.
CVE-2025-11547 2026-02-10 HIGH 7.8 AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.
CVE-2025-11142 2026-02-10 HIGH 7.1 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with…
CVE-2026-2260 2026-02-10 HIGH 7.2 A vulnerability was found in D-Link DCS-931L up to 1.13.0. This affects an unknown part of the file /goform/setSysAdmin. The manipulation of the argument AdminID results in os…
CVE-2026-2259 2026-02-10 LOW 3.3 A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Parsing. The…
CVE-2026-24328 2026-02-10 MEDIUM 6.1 SAP TAF_APPLAUNCHER within Business Server Pages allows unauthenticated attacker to craft malicious links that, when clicked by a victim, redirect them to attacker?controlled sites, potentially exposing or altering…
CVE-2026-24327 2026-02-10 MEDIUM 4.3 Due to missing authorization check in SAP Strategic Enterprise Management (Balanced Scorecard in Business Server Pages), an authenticated attacker could access information that they are otherwise unauthorized to…
CVE-2026-24326 2026-02-10 MEDIUM 4.3 Due to a missing authorization check in the Disconnected Operations of the SAP S/4HANA Defense & Security, an attacker with user privileges could call remote-enabled function modules to…
CVE-2026-24325 2026-02-10 MEDIUM 4.8 SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting (XSS) vulnerability. This enables an admin user to inject malicious JavaScript into a website…
CVE-2026-24324 2026-02-10 MEDIUM 6.5 SAP BusinessObjects Business Intelligence Platform (AdminTools) allows an authenticated attacker with user privileges to execute a specific query in AdminTools that could cause the Content Management Server (CMS)…
CVE-2026-24323 2026-02-10 MEDIUM 6.1 The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL parameters that are not sufficiently sanitized. When a victim accesses a crafted URL,…
« Anterior Página 320 de 4236 Siguiente »