Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-2018 2026-02-06 HIGH 7.3 A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql…
CVE-2026-2017 2026-02-06 CRITICAL 9.8 A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler.…
CVE-2026-2016 2026-02-06 MEDIUM 5.3 A security vulnerability has been detected in happyfish100 libfastcommon up to 1.0.84. Affected by this vulnerability is the function base64_decode of the file src/base64.c. The manipulation leads to…
CVE-2026-1293 2026-02-06 MEDIUM 6.4 The Yoast SEO – Advanced SEO with real-time guidance and built-in AI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the `yoast-schema` block attribute in…
CVE-2026-2015 2026-02-06 MEDIUM 6.3 A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a…
CVE-2026-2014 2026-02-06 HIGH 7.3 A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID…
CVE-2026-2013 2026-02-06 HIGH 7.3 A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql…
CVE-2026-24928 2026-02-06 MEDIUM 5.8 Out-of-bounds write vulnerability in the file system module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24927 2026-02-06 MEDIUM 5.5 Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24924 2026-02-06 MEDIUM 6.1 Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24920 2026-02-06 MEDIUM 6.2 Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-2012 2026-02-06 HIGH 7.3 A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes…
CVE-2026-2011 2026-02-06 HIGH 7.3 A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results…
CVE-2026-24931 2026-02-06 MEDIUM 5.9 Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24930 2026-02-06 HIGH 8.4 UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24929 2026-02-06 MEDIUM 5.9 Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24926 2026-02-06 HIGH 8.4 Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24925 2026-02-06 HIGH 7.3 Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24923 2026-02-06 MEDIUM 6.3 Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24922 2026-02-06 MEDIUM 6.9 Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24921 2026-02-06 MEDIUM 4.8 Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2026-24919 2026-02-06 MEDIUM 6.0 Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24918 2026-02-06 MEDIUM 6.8 Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24917 2026-02-06 MEDIUM 6.5 UAF vulnerability in the security module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-24916 2026-02-06 MEDIUM 5.9 Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-24915 2026-02-06 MEDIUM 6.2 Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2026-24914 2026-02-06 MEDIUM 4.0 Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-21643 2026-02-06 CRITICAL 9.8 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.4 may allow an unauthenticated attacker to execute unauthorized code or…
CVE-2026-1785 2026-02-06 MEDIUM 4.3 The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on…
CVE-2026-1499 2026-02-06 CRITICAL 9.8 The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to…
CVE-2026-1252 2026-02-06 MEDIUM 6.4 The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to…
CVE-2026-2010 2026-02-06 MEDIUM 4.2 A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation…
CVE-2026-2009 2026-02-06 MEDIUM 6.3 A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to…
CVE-2026-21626 2026-02-06 N/A 0.0 Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-1279 2026-02-06 MEDIUM 6.4 The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1…
CVE-2026-2008 2026-02-06 MEDIUM 6.3 A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Performing a manipulation of the argument equations results…
CVE-2026-2000 2026-02-06 MEDIUM 4.7 A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation…
CVE-2026-1998 2026-02-06 LOW 3.3 A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs…
CVE-2026-1909 2026-02-06 MEDIUM 6.4 The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input…
CVE-2026-1888 2026-02-06 MEDIUM 6.4 The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due…
CVE-2026-1808 2026-02-06 MEDIUM 6.4 The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up…
CVE-2026-1401 2026-02-06 MEDIUM 6.4 The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient…
CVE-2026-0521 2026-02-06 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited…
CVE-2025-10753 2026-02-06 MEDIUM 5.3 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due…
CVE-2026-1991 2026-02-06 LOW 3.3 A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in…
CVE-2026-0598 2026-02-06 MEDIUM 4.2 A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs…
CVE-2026-1990 2026-02-06 LOW 3.3 A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local…
CVE-2026-1979 2026-02-06 MEDIUM 5.3 A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can…
CVE-2026-1978 2026-02-06 MEDIUM 5.3 A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler.…
CVE-2026-1977 2026-02-06 MEDIUM 6.3 A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the…
« Anterior Página 333 de 4238 Siguiente »