Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-15080 2026-02-05 N/A 0.0 Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or…
CVE-2025-10314 2026-02-05 HIGH 8.8 Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing…
CVE-2025-11730 2026-02-05 HIGH 7.2 A post‑authentication command injection vulnerability in the Dynamic DNS (DDNS) configuration CLI command in Zyxel ATP series firmware versions from V5.35 through V5.41, USG FLEX series firmware versions…
CVE-2026-1898 2026-02-05 MEDIUM 6.3 A vulnerability was determined in WeKan up to 8.20. This affects an unknown part of the file packages/wekan-ldap/server/syncUser.js of the component LDAP User Sync. This manipulation causes improper…
CVE-2026-1897 2026-02-05 MEDIUM 4.3 A vulnerability was found in WeKan up to 8.20. Affected by this issue is some unknown functionality of the file server/methods/positionHistory.js of the component Position-History Tracking. The manipulation…
CVE-2026-1896 2026-02-05 MEDIUM 6.3 A vulnerability has been found in WeKan up to 8.20. Affected by this vulnerability is the function ComprehensiveBoardMigration of the file server/migrations/comprehensiveBoardMigration.js of the component Migration Operation Handler.…
CVE-2025-13192 2026-02-05 HIGH 8.2 The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in…
CVE-2019-25288 2026-02-05 HIGH 7.8 Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the…
CVE-2019-25287 2026-02-05 HIGH 7.8 Adaware Web Companion version 4.8.2078.3950 contains an unquoted service path vulnerability in the WCAssistantService that allows local users to potentially execute code with elevated privileges. Attackers can exploit…
CVE-2019-25286 2026-02-05 HIGH 7.8 GCafé 3.0 contains an unquoted service path vulnerability in the gbClientService that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted…
CVE-2019-25285 2026-02-05 HIGH 7.8 Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious…
CVE-2019-25283 2026-02-05 HIGH 7.8 Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables…
CVE-2019-25281 2026-02-05 HIGH 7.8 NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the…
CVE-2019-25276 2026-02-05 HIGH 7.8 Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers…
CVE-2019-25275 2026-02-05 HIGH 7.8 BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the…
CVE-2019-25274 2026-02-05 HIGH 7.8 ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary…
CVE-2019-25273 2026-02-05 HIGH 7.8 Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in…
CVE-2019-25272 2026-02-05 HIGH 7.8 TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in…
CVE-2019-25271 2026-02-05 HIGH 7.8 NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code…
CVE-2019-25269 2026-02-05 HIGH 7.8 Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated…
CVE-2019-25267 2026-02-05 HIGH 7.8 Wing FTP Server 6.0.7 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted…
CVE-2026-25585 2026-02-04 HIGH 7.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a…
CVE-2026-22038 2026-02-04 HIGH 8.1 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.46, the AutoGPT platform's Stagehand integration…
CVE-2026-1895 2026-02-04 MEDIUM 6.3 A flaw has been found in WeKan up to 8.20. Affected is the function applyWipLimit of the file models/lists.js of the component Attachment Storage Handler. Executing a manipulation…
CVE-2026-1894 2026-02-04 MEDIUM 6.3 A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the…
CVE-2025-62616 2026-02-04 N/A 0.0 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in SendDiscordFileBlock, the third-party library…
CVE-2025-62615 2026-02-04 N/A 0.0 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.34, in RSSFeedBlock, the third-party library…
CVE-2026-25584 2026-02-04 HIGH 7.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a…
CVE-2026-25583 2026-02-04 HIGH 7.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a…
CVE-2026-25582 2026-02-04 HIGH 7.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a…
CVE-2026-25579 2026-02-04 N/A 0.0 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, authenticated users can crash the Navidrome server by supplying an excessively large size…
CVE-2026-25578 2026-02-04 MEDIUM 6.1 Navidrome is an open source web-based music collection server and streamer. Prior to version 0.60.0, a cross-site scripting vulnerability in the frontend allows a malicious attacker to inject…
CVE-2026-25547 2026-02-04 N/A 0.0 @isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range…
CVE-2026-25546 2026-02-04 HIGH 7.8 Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote…
CVE-2026-25543 2026-02-04 N/A 0.0 HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template…
CVE-2026-25541 2026-02-04 N/A 0.0 Bytes is a utility library for working with bytes. From version 1.2.1 to before 1.11.1, Bytes is vulnerable to integer overflow in BytesMut::reserve. In the unique reclaim path…
CVE-2026-25540 2026-02-04 MEDIUM 6.5 Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via `Rails.cache. When AUTHORIZED_FETCH…
CVE-2026-25537 2026-02-04 N/A 0.0 jsonwebtoken is a JWT lib in rust. Prior to version 10.3.0, there is a Type Confusion vulnerability in jsonwebtoken, specifically, in its claim validation logic. When a standard…
CVE-2026-25536 2026-02-04 HIGH 7.1 MCP TypeScript SDK is the official TypeScript SDK for Model Context Protocol servers and clients. From version 1.10.0 to 1.25.3, cross-client response data leak when a single McpServer/Server…
CVE-2026-25526 2026-02-04 CRITICAL 9.8 JinJava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Prior to versions 2.7.6 and 2.8.3, JinJava is vulnerable to arbitrary Java…
CVE-2026-25523 2026-02-04 MEDIUM 5.3 Magento-lts is a long-term support alternative to Magento Community Edition (CE). Prior to version 20.16.1, the admin url can be discovered without prior knowledge of it's location by…
CVE-2026-25521 2026-02-04 N/A 0.0 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.0.39, a prototype pollution vulnerability exists in locutus. Despite a…
CVE-2026-25518 2026-02-04 MEDIUM 5.9 cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates. In versions from 1.18.0 to…
CVE-2026-1892 2026-02-04 MEDIUM 5.0 A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of…
CVE-2026-1884 2026-02-04 MEDIUM 4.7 A weakness has been identified in ZenTao up to 21.7.6-85642. The impacted element is the function fetchHook of the file module/webhook/model.php of the component Webhook Module. This manipulation…
CVE-2024-40685 2026-02-04 MEDIUM 4.3 IBM Operations Analytics – Log Analysis versions 1.3.5.0 through 1.3.8.3 and IBM SmartCloud Analytics – Log Analysis are vulnerable to a cross-site request forgery (CSRF) vulnerability that could…
CVE-2026-25519 2026-02-04 HIGH 8.1 OpenSlides is a free, web based presentation and assembly system for managing and projecting agenda, motions and elections of an assembly. Prior to version 4.2.29, OpenSlides supports local…
CVE-2026-25517 2026-02-04 N/A 0.0 Wagtail is an open source content management system built on Django. Prior to versions 6.3.6, 7.0.4, 7.1.3, 7.2.2, and 7.3, due to a missing permission check on the…
CVE-2026-25512 2026-02-04 N/A 0.0 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution (RCE) vulnerability in Group-Office. The…
CVE-2026-25511 2026-02-04 N/A 0.0 Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, an authenticated user within the System Administrator group can trigger a…
« Anterior Página 337 de 4238 Siguiente »