Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25951 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.11, there is a flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to…
CVE-2026-25939 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through version 1.2.10, an authorization bypass vulnerability in the FUXA allows an unauthenticated, remote attacker to create and…
CVE-2026-25938 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. From 1.2.8 through 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to execute arbitrary code on…
CVE-2026-25934 2026-02-09 MEDIUM 4.3 go-git is a highly extensible git implementation library written in pure Go. Prior to 5.16.5, a vulnerability was discovered in go-git whereby data integrity values for .pack and…
CVE-2026-25931 2026-02-09 HIGH 7.8 vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The…
CVE-2026-25895 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. A path traversal vulnerability in FUXA allows an unauthenticated, remote attacker to write arbitrary files to arbitrary locations on the…
CVE-2026-25894 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. An insecure default configuration in FUXA allows an unauthenticated, remote attacker to gain administrative access and execute arbitrary code on…
CVE-2026-25893 2026-02-09 N/A 0.0 FUXA is a web-based Process Visualization (SCADA/HMI/Dashboard) software. Prior to 1.2.10, an authentication bypass vulnerability in FUXA allows an unauthenticated, remote attacker to gain administrative access via the…
CVE-2025-15319 2026-02-09 HIGH 7.8 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVE-2025-15318 2026-02-09 MEDIUM 5.5 Tanium addressed an arbitrary file deletion vulnerability in End-User Notifications Endpoint Tools.
CVE-2026-25961 2026-02-09 HIGH 7.5 SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker…
CVE-2026-25925 2026-02-09 HIGH 7.8 PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or…
CVE-2026-25923 2026-02-09 N/A 0.0 my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the…
CVE-2026-25920 2026-02-09 MEDIUM 5.5 SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, tA heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only…
CVE-2026-25918 2026-02-09 N/A 0.0 unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose…
CVE-2026-25892 2026-02-09 HIGH 7.5 Adminer is open-source database management software. Adminer v5.4.1 and earlier has a version check mechanism where adminer.org sends signed version info via JavaScript postMessage, which the browser then…
CVE-2026-25890 2026-02-09 HIGH 8.1 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an…
CVE-2026-25889 2026-02-09 MEDIUM 5.4 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a…
CVE-2026-25885 2026-02-09 N/A 0.0 PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can…
CVE-2026-25881 2026-02-09 CRITICAL 9.0 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.31, a sandbox escape vulnerability allows sandboxed code to mutate host built-in prototypes by laundering the isGlobal protection flag through…
CVE-2026-25880 2026-02-09 HIGH 7.8 SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the…
CVE-2026-25875 2026-02-09 N/A 0.0 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role…
CVE-2026-25814 2026-02-09 N/A 0.0 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization.
CVE-2026-25813 2026-02-09 N/A 0.0 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction.
CVE-2026-25812 2026-02-09 N/A 0.0 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism.
CVE-2026-25811 2026-02-09 N/A 0.0 PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user,…
CVE-2026-25808 2026-02-09 HIGH 7.5 Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts…
CVE-2026-25807 2026-02-09 HIGH 8.8 ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP…
CVE-2025-15317 2026-02-09 MEDIUM 6.5 Tanium addressed an uncontrolled resource consumption vulnerability in Tanium Server.
CVE-2025-15316 2026-02-09 MEDIUM 6.7 Tanium addressed a local privilege escalation vulnerability in Tanium Server.
CVE-2025-15315 2026-02-09 MEDIUM 6.7 Tanium addressed a local privilege escalation vulnerability in Tanium Module Server.
CVE-2026-23948 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2() allows a malicious RDP server to crash FreeRDP…
CVE-2026-24677 2026-02-09 CRITICAL 9.1 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and does not validate the source buffer size, leading to an…
CVE-2026-24678 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel…
CVE-2026-24679 2026-02-09 CRITICAL 9.1 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an…
CVE-2026-24680 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan…
CVE-2026-24491 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel is closed, dereferencing a freed callback…
CVE-2026-24681 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel callback after URBDRC channel close, leading…
CVE-2026-24675 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but later code still dereferences it,…
CVE-2026-24676 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the capture thread continues using audin->format,…
CVE-2026-24682 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio formats on parse failure (i + i), leading…
CVE-2026-24683 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses it without synchronization; a concurrent channel close can…
CVE-2026-24684 2026-02-09 HIGH 7.5 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and…
CVE-2026-25981 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25980 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25979 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25978 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25977 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25976 2026-02-10 N/A 0.0 Rejected reason: Not used
CVE-2026-25975 2026-02-10 N/A 0.0 Rejected reason: Not used
« Anterior Página 322 de 4236 Siguiente »