Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-15329 2026-02-05 MEDIUM 4.9 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15328 2026-02-05 MEDIUM 5.0 Tanium addressed an improper link resolution before file access vulnerability in Enforce.
CVE-2025-15327 2026-02-05 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Deploy.
CVE-2025-15326 2026-02-05 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Patch.
CVE-2025-15325 2026-02-05 MEDIUM 6.3 Tanium addressed an improper input validation vulnerability in Discover.
CVE-2025-15324 2026-02-05 MEDIUM 6.6 Tanium addressed a documentation issue in Engage.
CVE-2025-15323 2026-02-05 LOW 3.7 Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
CVE-2025-15321 2026-02-05 LOW 2.7 Tanium addressed an improper input validation vulnerability in Tanium Appliance.
CVE-2025-15312 2026-02-05 MEDIUM 6.6 Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
CVE-2025-15311 2026-02-05 HIGH 7.8 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
CVE-2025-15289 2026-02-05 LOW 3.1 Tanium addressed an improper access controls vulnerability in Interact.
CVE-2026-1707 2026-02-05 HIGH 7.4 pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files.…
CVE-2025-58190 2026-02-05 N/A 0.0 The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted…
CVE-2025-47911 2026-02-05 N/A 0.0 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML…
CVE-2025-15557 2026-02-05 N/A 0.0 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted…
CVE-2025-15551 2026-02-05 N/A 0.0 The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly…
CVE-2026-0715 2026-02-05 N/A 0.0 Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this…
CVE-2026-0714 2026-02-05 N/A 0.0 A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU…
CVE-2025-69906 2026-02-05 N/A 0.0 Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in…
CVE-2025-69619 2026-02-05 N/A 0.0 A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2025-68723 2026-02-05 N/A 0.0 Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local…
CVE-2025-68643 2026-02-05 N/A 0.0 Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack.…
CVE-2020-37152 2026-02-05 N/A 0.0 PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser,…
CVE-2020-37150 2026-02-05 HIGH 7.5 Edimax EW-7438RPn-v3 Mini 1.27 allows unauthenticated attackers to access the /wizard_reboot.asp page in unsetup mode, which discloses the Wi-Fi SSID and security key. Attackers can retrieve the wireless…
CVE-2020-37149 2026-02-05 HIGH 8.1 Edimax EW-7438RPn-v3 Mini 1.27 is vulnerable to cross-site request forgery (CSRF) that can lead to command execution. An attacker can trick an authenticated user into submitting a crafted…
CVE-2020-37148 2026-02-05 LOW 3.5 P5 FNIP-8x16A/FNIP-4xSH versions 1.0.20 and 1.0.11 suffer from a stored cross-site scripting vulnerability. Input passed to several GET/POST parameters is not properly sanitized before being returned to the…
CVE-2020-37145 2026-02-05 MEDIUM 4.3 HRSALE 1.1.8 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized administrative users through the employee registration form. Attackers can craft a malicious HTML page…
CVE-2020-37144 2026-02-05 MEDIUM 5.3 Exagate SYSGuard 6001 contains a cross-site request forgery vulnerability that allows attackers to create unauthorized admin accounts through a crafted HTML form. Attackers can trick users into submitting…
CVE-2020-37143 2026-02-05 HIGH 7.5 ProficySCADA for iOS 5.0.25920 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the password input field. Attackers can overwrite the password…
CVE-2020-37142 2026-02-05 HIGH 8.4 10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a…
CVE-2020-37140 2026-02-05 MEDIUM 5.5 Everest, later referred to as AIDA64, 5.50.2100 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating file open functionality. Attackers can…
CVE-2020-37139 2026-02-05 HIGH 8.4 Odin Secure FTP Expert 7.6.3 contains a local denial of service vulnerability that allows attackers to crash the application by manipulating site information fields. Attackers can generate a…
CVE-2020-37138 2026-02-05 CRITICAL 9.8 10-Strike Network Inventory Explorer 9.03 contains a buffer overflow vulnerability in the file import functionality that allows remote attackers to execute arbitrary code. Attackers can craft a malicious…
CVE-2020-37137 2026-02-05 MEDIUM 6.1 PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers…
CVE-2020-37136 2026-02-05 HIGH 7.5 ZOC Terminal 7.25.5 contains a denial of service vulnerability in the private key file input field that allows attackers to crash the application. Attackers can overwrite the private…
CVE-2020-37134 2026-02-05 HIGH 7.5 UltraVNC Viewer 1.2.4.0 contains a denial of service vulnerability that allows attackers to crash the application by manipulating VNC Server input. Attackers can generate a malformed 256-byte payload…
CVE-2020-37133 2026-02-05 HIGH 7.5 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in the Repeater Host configuration field that allows attackers to crash the application. Attackers can paste an overly long…
CVE-2020-37132 2026-02-05 MEDIUM 6.2 UltraVNC Launcher 1.2.4.0 contains a denial of service vulnerability in its password configuration properties that allows local attackers to crash the application. Attackers can paste an overly long…
CVE-2020-37131 2026-02-05 MEDIUM 6.2 Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can…
CVE-2020-37130 2026-02-05 HIGH 7.5 Nsauditor 3.2.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can create a malicious payload of…
CVE-2020-37129 2026-02-05 CRITICAL 9.8 Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file…
CVE-2020-37128 2026-02-05 MEDIUM 6.2 ZOC Terminal 7.25.5 contains a script processing vulnerability that allows local attackers to crash the application by loading a maliciously crafted REXX script file. Attackers can generate an…
CVE-2020-37127 2026-02-05 MEDIUM 5.5 Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of service by supplying excessive input. Attackers can trigger a…
CVE-2020-37126 2026-02-05 CRITICAL 9.8 Free Desktop Clock 3.0 contains a stack overflow vulnerability in the Time Zones display name input that allows attackers to overwrite Structured Exception Handler (SEH) registers. Attackers can…
CVE-2020-37125 2026-02-05 CRITICAL 9.8 Edimax EW-7438RPn-v3 Mini 1.27 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands through the /goform/mp endpoint. Attackers can exploit the vulnerability by…
CVE-2020-37124 2026-02-05 CRITICAL 9.8 B64dec 1.1.2 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) with crafted input. Attackers can leverage an egg…
CVE-2020-37123 2026-02-05 CRITICAL 9.8 Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in…
CVE-2020-37120 2026-02-05 CRITICAL 9.8 Rubo DICOM Viewer 2.0 contains a buffer overflow vulnerability in the DICOM server name input field that allows attackers to overwrite Structured Exception Handler (SEH). Attackers can craft…
CVE-2020-37119 2026-02-05 CRITICAL 9.8 Nsauditor 3.0.28 and 3.2.1.0 contains a buffer overflow vulnerability in the DNS Lookup tool that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a…
CVE-2020-37118 2026-02-05 LOW 3.5 P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add…
« Anterior Página 335 de 4238 Siguiente »