Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54602 2026-04-06 HIGH 7.0 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000.…
CVE-2026-20446 2026-04-07 MEDIUM 4.3 In sec boot, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service, if an attacker has…
CVE-2026-5384 2026-04-07 MEDIUM 5.8 An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an…
CVE-2026-5383 2026-04-07 MEDIUM 4.4 An issue that could allow access to Explorer groups from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and…
CVE-2026-5382 2026-04-07 LOW 3.0 An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and…
CVE-2026-5381 2026-04-07 LOW 2.2 An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated…
CVE-2026-5380 2026-04-07 MEDIUM 5.3 An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance…
CVE-2026-5379 2026-04-07 LOW 3.0 An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization,…
CVE-2026-5378 2026-04-07 MEDIUM 5.8 An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and…
CVE-2026-5376 2026-04-07 MEDIUM 5.9 An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources…
CVE-2026-5375 2026-04-07 LOW 2.7 An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of…
CVE-2026-5374 2026-04-07 MEDIUM 5.8 An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863:…
CVE-2026-5373 2026-04-07 HIGH 8.1 An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated…
CVE-2026-5372 2026-04-07 MEDIUM 6.4 An issue that allowed a SQL injection attack vector related to saved queries (introduced in version 4.0.260123.0). This is an instance of CWE-89: Improper Neutralization of Special Elements…
CVE-2026-4740 2026-04-07 HIGH 8.2 A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed…
CVE-2026-4277 2026-04-07 N/A 0.0 An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged…
CVE-2026-35484 2026-04-07 MEDIUM 5.3 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_preset() allows reading any .yaml file on the…
CVE-2026-35483 2026-04-07 MEDIUM 5.3 text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .jinja, .jinja2, .yaml,…
CVE-2026-35481 2026-04-07 N/A 0.0 Rejected reason: Further research determined the issue does not satisfy the assignment rules.
CVE-2026-35480 2026-04-07 MEDIUM 6.2 go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on…
CVE-2026-35463 2026-04-07 HIGH 8.8 pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the ADMIN_ONLY_OPTIONS protection mechanism restricts security-critical configuration values (reconnect scripts, SSL certs, proxy…
CVE-2026-35462 2026-04-07 MEDIUM 4.3 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any…
CVE-2026-35461 2026-04-07 MEDIUM 5.0 Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no…
CVE-2026-35475 2026-04-06 N/A 0.0 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, the redirect parameter is taken directly from $_GET with no URL validation or whitelist check, then used…
CVE-2026-35472 2026-04-06 N/A 0.0 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, an Open Redirect vulnerability was identified in the /WeGIA/controle/control.php endpoint of the WeGIA application, specifically through the…
CVE-2026-35470 2026-04-06 HIGH 8.8 OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confronta_righe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The…
CVE-2026-35458 2026-04-07 N/A 0.0 Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access…
CVE-2026-35457 2026-04-07 HIGH 8.2 libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly…
CVE-2026-35405 2026-04-07 HIGH 7.5 libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can…
CVE-2026-35395 2026-04-06 HIGH 8.8 WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA (Web gerenciador para instituições assistenciais) contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The id_memorando parameter is…
CVE-2026-35187 2026-04-06 HIGH 7.7 pyLoad is a free and open-source download manager written in Python. In 0.5.0b3.dev96 and earlier, the parse_urls API function in src/pyload/core/api/__init__.py fetches arbitrary URLs server-side via get_url(url) (pycurl)…
CVE-2026-35182 2026-04-06 HIGH 8.8 Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for…
CVE-2026-35164 2026-04-06 HIGH 8.8 Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorController.php within the ckupload…
CVE-2026-35043 2026-04-06 HIGH 7.8 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the cloud deployment path in src/bentoml/_internal/cloud/deployment.py was not…
CVE-2026-35036 2026-04-06 HIGH 7.5 Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, Ech0 implements link preview (editor fetches a page title) through GET /api/website/title. That is…
CVE-2026-35030 2026-04-06 CRITICAL 9.1 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.83.0, when JWT authentication is enabled (enable_jwt_auth: true), the OIDC…
CVE-2026-34977 2026-04-06 N/A 0.0 Aperi'Solve is an open-source steganalysis web platform. Prior to 3.2.1, when uploading a JPEG, a user can specify an optional password to accompany the JPEG. This password is…
CVE-2026-34783 2026-04-06 HIGH 8.1 Ferret is a declarative system for working with web data. Prior to 2.0.0-alpha.4, a path traversal vulnerability in Ferret's IO::FS::WRITE standard library function allows a malicious website to…
CVE-2026-34951 2026-04-06 MEDIUM 6.1 Workbench is a suite of tools for administrators and developers to interact with Salesforce.com organizations via the Force.com APIs. Prior to 65.0.0, Workbench contains a reflected cross-site scripting…
CVE-2026-34940 2026-04-06 N/A 0.0 KubeAI is an AI inference operator for kubernetes. Prior to 0.23.2, the ollamaStartupProbeScript() function in internal/modelcontroller/engine_ollama.go constructs a shell command string using fmt.Sprintf with unsanitized model URL components…
CVE-2026-33227 2026-04-07 MEDIUM 4.3 Improper validation and restriction of a classpath path name vulnerability in Apache ActiveMQ Client, Apache ActiveMQ Broker, Apache ActiveMQ All. In two instances (when creating a Stomp consumer…
CVE-2026-34211 2026-04-06 HIGH 7.5 SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, the @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash…
CVE-2026-34148 2026-04-06 HIGH 7.5 Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Prior to 1.9.6, 1.10.5, 2.0.8, and 2.1.1, @fedify/fedify follows HTTP redirects recursively in its remote…
CVE-2026-30079 2026-04-07 N/A 0.0 In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is…
CVE-2026-30613 2026-04-06 MEDIUM 4.6 An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An…
CVE-2025-62818 2026-04-07 N/A 0.0 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920,…
CVE-2025-59440 2026-04-06 HIGH 7.5 An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500,…
CVE-2025-57835 2026-04-06 HIGH 7.5 An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500,…
CVE-2025-52909 2026-04-07 N/A 0.0 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect…
CVE-2026-5627 2026-04-07 CRITICAL 9.1 A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the…
« Anterior Página 331 de 4463 Siguiente »