Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2020-36969	2026-01-28	HIGH	8.8	M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the…
CVE-2020-36968	2026-01-28	MEDIUM	6.5	M/Monit 3.7.4 contains an authentication vulnerability that allows authenticated attackers to retrieve user password hashes through an administrative API endpoint. Attackers can send requests to the /api/1/admin/users/list and…
CVE-2020-36967	2026-01-28	CRITICAL	9.8	Zortam Mp3 Media Studio 27.60 contains a buffer overflow vulnerability in the library creation file selection process that allows remote code execution. Attackers can craft a malicious text…
CVE-2020-36965	2026-01-28	HIGH	8.4	docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft…
CVE-2020-36964	2026-01-28	CRITICAL	9.8	YATinyWinFTP contains a denial of service vulnerability that allows attackers to crash the FTP service by sending a 272-byte buffer with a trailing space. Attackers can exploit the…
CVE-2020-36963	2026-01-28	HIGH	7.5	Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET…
CVE-2020-36962	2026-01-28	CRITICAL	9.8	Tendenci 12.3.1 contains a CSV formula injection vulnerability in the contact form message field that allows attackers to inject malicious formulas during export. Attackers can submit crafted payloads…
CVE-2020-36961	2026-01-28	CRITICAL	9.8	10-Strike Network Inventory Explorer 8.65 contains a buffer overflow vulnerability in exception handling that allows remote attackers to execute arbitrary code. Attackers can craft a malicious file with…
CVE-2020-36945	2026-01-28	HIGH	8.2	WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload ''…
CVE-2020-36944	2026-01-28	MEDIUM	4.0	ILIAS Learning Management System 4.3 contains a server-side request forgery vulnerability that allows attackers to read local files through portfolio PDF export functionality. Attackers can inject a script…
CVE-2020-36943	2026-01-28	HIGH	7.5	aSc TimeTables 2021.6.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting subject title fields with excessive data. Attackers can generate a…
CVE-2025-13471	2026-01-28	MEDIUM	5.3	The User Activity Log WordPress plugin through 2.2 does not properly handle failed login attempts in some cases, allowing unauthenticated users to set arbitrary options to 1 (for…
CVE-2026-24685	2026-01-28	N/A	0.0	OpenProject is an open-source, web-based project management software. Versions prior to 16.6.6 and 17.0.2 have an arbitrary file write vulnerability in OpenProject’s repository diff download endpoint (`/projects/:project_id/repository/diff.diff`) when…
CVE-2026-22243	2026-01-28	N/A	0.0	EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically…
CVE-2026-1522	2026-01-28	MEDIUM	5.3	A weakness has been identified in Open5GS up to 2.7.6. This vulnerability affects the function sgwc_s5c_handle_modify_bearer_response of the file src/sgwc/s5c-handler.c of the component SGWC. Executing a manipulation can…
CVE-2026-23553	2026-01-28	LOW	2.9	In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU…
CVE-2026-0818	2026-01-28	MEDIUM	4.3	CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. This vulnerability affects Thunderbird < 147.0.1 and Thunderbird < 140.7.1.
CVE-2025-65890	2026-01-28	N/A	0.0	A device-ID validation flaw in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) by calling flow.cuda.synchronize() with an invalid or out-of-range GPU device index.
CVE-2025-65889	2026-01-28	N/A	0.0	A type validation flaw in the flow.dstack() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-65888	2026-01-28	N/A	0.0	A dimension validation flaw in the flow.empty() component of OneFlow 0.9.0 allows attackers to cause a Denial of Service (DoS) via a negative or excessively large dimension value.
CVE-2025-65887	2026-01-28	N/A	0.0	A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.
CVE-2025-65886	2026-01-28	N/A	0.0	A shape mismatch vulnerability in OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted tensor shapes.
CVE-2025-58150	2026-01-28	HIGH	8.8	Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest…
CVE-2025-13919	2026-01-28	MEDIUM	5.4	Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a COM Hijacking vulnerability, which is a type…
CVE-2025-13918	2026-01-28	MEDIUM	6.7	Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a…
CVE-2025-13917	2026-01-28	HIGH	7.0	WSS Agent, prior to 9.8.5, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the…
CVE-2026-1539	2026-01-28	MEDIUM	5.8	A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the…
CVE-2026-1536	2026-01-28	MEDIUM	5.8	A flaw was found in libsoup. An attacker who can control the input for the Content-Disposition header can inject CRLF (Carriage Return Line Feed) sequences into the header…
CVE-2025-70336	2026-01-28	N/A	0.0	A Stored cross-site scripting (XSS) vulnerability in 'Create New Live Item' in PodcastGenerator 3.2.9 allows remote attackers to inject arbitrary script or HTML via the 'TITLE', 'SHORT DESCRIPTION'…
CVE-2025-69517	2026-01-28	N/A	0.0	An issue in Amidaware Inc Tactical RMM v1.3.1 and before allows a remote attacker to execute arbitrary code via the /api/tacticalrmm/apiv3/views.py component
CVE-2025-61140	2026-01-28	N/A	0.0	The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.
CVE-2025-57283	2026-01-28	N/A	0.0	The Node.js package browserstack-local 1.5.8 contains a command injection vulnerability. This occurs because the logfile variable is not properly sanitized in lib/Local.js.
CVE-2026-24858	2026-01-27	CRITICAL	9.8	An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.5, FortiAnalyzer 7.4.0 through 7.4.9, FortiAnalyzer 7.2.0 through 7.2.11, FortiAnalyzer 7.0.0…
CVE-2026-23014	2026-01-28	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for…
CVE-2026-1521	2026-01-28	MEDIUM	5.3	A security flaw has been discovered in Open5GS up to 2.7.6. This affects the function sgwc_s5c_handle_bearer_resource_failure_indication of the file src/sgwc/s5c-handler.c of the component SGWC. Performing a manipulation results…
CVE-2026-1520	2026-01-28	LOW	2.4	A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross…
CVE-2026-1513	2026-01-28	HIGH	7.1	billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding.
CVE-2026-21569	2026-01-28	HIGH	7.9	This High severity XXE (XML External Entity Injection) vulnerability was introduced in version 7.1.0 of Crowd Data Center and Server. This XXE (XML External Entity Injection) vulnerability, with…
CVE-2026-1237	2026-01-28	N/A	0.0	Vulnerable cross-model authorization in juju. If a charm's cross-model permissions are revoked or expire, a malicious user who is able to update database records can mint an invalid…
CVE-2026-1060	2026-01-28	MEDIUM	5.3	The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint…
CVE-2025-14795	2026-01-28	MEDIUM	4.3	The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation…
CVE-2026-1056	2026-01-28	CRITICAL	9.8	The Snow Monkey Forms plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'generate_user_dirpath' function in all versions up to,…
CVE-2025-14865	2026-01-28	MEDIUM	6.4	The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_protector' shortcode in all versions up to, and…
CVE-2020-36993	2026-01-28	MEDIUM	6.4	LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenu[title] and Surveymenu[parent_id]…
CVE-2020-36992	2026-01-28	HIGH	7.8	Nord VPN 6.31.13.0 contains an unquoted service path vulnerability in its nordvpn-service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary…
CVE-2020-36991	2026-01-28	HIGH	7.8	ShareMouse 5.0.43 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the insecure service path…
CVE-2020-36990	2026-01-28	HIGH	7.8	Input Director 1.4.3 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute code with elevated privileges. Attackers can exploit the…
CVE-2020-36989	2026-01-28	HIGH	7.8	ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the…
CVE-2020-36988	2026-01-28	MEDIUM	5.4	PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can…
CVE-2020-36987	2026-01-28	HIGH	7.8	Program Access Controller 1.2.0.0 contains an unquoted service path vulnerability in PACService.exe that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path…

« Anterior Página 36 de 3914 Siguiente »