Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-1453 2026-01-29 CRITICAL 9.8 A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker…
CVE-2025-69749 2026-01-29 MEDIUM 6.1 Cross Site Scripting vulnerability in tale v.2.0.5 allows an attacker to execute arbitrary code.
CVE-2025-71007 2026-01-28 HIGH 7.5 An input validation vulnerability in the oneflow.index_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-15548 2026-01-29 N/A 0.0 Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and…
CVE-2025-15543 2026-01-29 N/A 0.0 Improper link resolution in USB HTTP access path in VX800v v1.0 allows a crafted USB device to expose root filesystem contents, giving an attacker with physical access read‑only…
CVE-2025-15542 2026-01-29 N/A 0.0 Improper handling of exceptional conditions in VX800v v1.0 in SIP processing allows an attacker to flood the device with crafted INVITE messages, blocking all voice lines and causing…
CVE-2025-15541 2026-01-29 N/A 0.0 Improper link resolution in the VX800v v1.0 SFTP service allows authenticated adjacent attackers to use crafted symbolic links to access system files, resulting in high confidentiality impact and…
CVE-2025-13399 2026-01-29 N/A 0.0 A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful…
CVE-2026-24780 2026-01-29 N/A 0.0 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.44, AutoGPT Platform's block execution endpoints…
CVE-2026-24414 2026-01-29 N/A 0.0 The Icinga PowerShell Framework provides configuration and check possibilities to ensure integration and monitoring of Windows environments. In versions prior to 1.13.4, 1.12.4, and 1.11.2, permissions of the…
CVE-2026-24413 2026-01-29 N/A 0.0 Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate…
CVE-2026-24054 2026-01-29 N/A 0.0 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.26.0, when a…
CVE-2026-23896 2026-01-29 HIGH 7.2 immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing…
CVE-2026-1600 2026-01-29 MEDIUM 4.3 A vulnerability was identified in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The impacted element is an unknown function of the file /hungry/addtocart of the component…
CVE-2026-1599 2026-01-29 MEDIUM 4.3 A vulnerability was determined in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. The affected element is an unknown function of the file /hungry/placeorder of the component…
CVE-2026-1598 2026-01-29 LOW 3.5 A vulnerability was found in Bdtask Bhojon All-In-One Restaurant Management System up to 20260116. Impacted is an unknown function of the file /dashboard/home/profile of the component User Information…
CVE-2025-45160 2026-01-29 MEDIUM 5.4 A HTML injection vulnerability exists in the file upload functionality of Cacti
CVE-2025-15545 2026-01-29 N/A 0.0 The backup restore function does not properly validate unexpected or unrecognized tags within the backup file. When such a crafted file is restored, the injected tag is interpreted…
CVE-2026-1597 2026-01-29 MEDIUM 6.3 A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session…
CVE-2026-24888 2026-01-28 MEDIUM 6.5 Maker.js is a 2D vector line drawing and shape modeling for CNC and laser cutters. In versions up to and including 0.19.1, the `makerjs.extendObject` function copies properties from…
CVE-2026-24857 2026-01-28 N/A 0.0 `bulk_extractor` is a digital forensics exploitation tool. Starting in version 1.4, `bulk_extractor`’s embedded unrar code has a heap‑buffer‑overflow in the RAR PPM LZ decoding path. A crafted RAR…
CVE-2026-24767 2026-01-28 MEDIUM 4.9 NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, a blind Server-Side Request Forgery (SSRF) vulnerability exists in the `uploadViaURL` functionality due to an unprotected…
CVE-2026-1546 2026-01-28 MEDIUM 6.3 A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The…
CVE-2026-1545 2026-01-28 HIGH 7.3 A weakness has been identified in itsourcecode School Management System 1.0. The affected element is an unknown function of the file /course/index.php. Executing a manipulation of the argument…
CVE-2026-1544 2026-01-28 MEDIUM 6.3 A security flaw has been discovered in D-Link DIR-823X 250416. Impacted is the function sub_41E2A0 of the file /goform/set_mode. Performing a manipulation of the argument lan_gateway results in…
CVE-2025-71011 2026-01-29 MEDIUM 6.2 An input validation vulnerability in the flow.Tensor.new_empty/flow.Tensor.new_ones/flow.Tensor.new_zeros component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-71009 2026-01-29 MEDIUM 6.2 An input validation vulnerability in the flow.scatter/flow.scatter_add component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted indices.
CVE-2025-71008 2026-01-29 MEDIUM 6.2 A segmentation violation in the oneflow._oneflow_internal.autograd.Function.FunctionCtx.mark_non_differentiable component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-24897 2026-01-28 CRITICAL 10.0 Erugo is a self-hosted file-sharing platform. In versions up to and including 0.2.14, an authenticated low-privileged user can upload arbitrary files to any specified location due to insufficient…
CVE-2026-1594 2026-01-29 HIGH 7.3 A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_expenses.php. The manipulation of the…
CVE-2026-1593 2026-01-29 HIGH 7.3 A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit_expenses_query.php. Executing a manipulation of the…
CVE-2026-1549 2026-01-28 MEDIUM 4.3 A vulnerability was identified in jishenghua jshERP up to 3.6. Affected by this vulnerability is an unknown functionality of the file /jshERP-boot/plugin/uploadPluginConfigFile of the component PluginController. Such manipulation…
CVE-2026-1548 2026-01-28 MEDIUM 6.3 A flaw has been found in Totolink A7000R 4.1cu.4154. This impacts the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument url causes command injection. The…
CVE-2026-1547 2026-01-28 MEDIUM 6.3 A vulnerability was detected in Totolink A7000R 4.1cu.4154. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name results in command injection. It…
CVE-2025-71001 2026-01-28 MEDIUM 6.5 A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-71000 2026-01-28 HIGH 7.5 An issue in the flow.cuda.BoolTensor component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-70999 2026-01-28 HIGH 7.5 A GPU device-ID validation flaw in the flow.cuda.get_device_capability() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted device ID.
CVE-2025-68119 2026-01-28 HIGH 7.0 Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can…
CVE-2025-65891 2026-01-28 HIGH 7.5 A GPU device-ID validation flaw in OneFlow v0.9.0 allows attackers to trigger a Denial of Dervice (DoS) by invoking flow.cuda.get_device_properties() with an invalid or negative device index.
CVE-2025-61731 2026-01-28 HIGH 7.8 Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in…
CVE-2025-46306 2026-01-28 MEDIUM 5.5 The issue was addressed with improved bounds checks. This issue is fixed in macOS Tahoe 26, Keynote 15.1, iOS 26 and iPadOS 26. Processing a maliciously crafted Keynote…
CVE-2025-14975 2026-01-29 HIGH 8.1 The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any…
CVE-2025-14840 2026-01-28 HIGH 7.5 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before…
CVE-2020-37013 2026-01-29 HIGH 8.4 Audio Playback Recorder 3.2.2 contains a local buffer overflow vulnerability in the eject and registration parameters that allows attackers to execute arbitrary code. Attackers can craft malicious payloads…
CVE-2020-37012 2026-01-29 CRITICAL 9.8 Tea LaTex 1.0 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary shell commands through the /api.php endpoint. Attackers can craft a malicious LaTeX…
CVE-2020-37011 2026-01-29 HIGH 7.5 Gnome Fonts Viewer 3.34.0 contains a heap corruption vulnerability that allows attackers to trigger an out-of-bounds write by crafting a malicious TTF font file. Attackers can generate a…
CVE-2020-37010 2026-01-29 CRITICAL 9.8 BearShare Lite 5.2.5 contains a buffer overflow vulnerability in the Advanced Search keywords input that allows attackers to execute arbitrary code. Attackers can craft a specially designed payload…
CVE-2020-37009 2026-01-29 HIGH 8.8 MedDream PACS Server 6.8.3.751 contains an authenticated remote code execution vulnerability that allows authorized users to upload malicious PHP files. Attackers can exploit the uploadImage.php endpoint by authenticating…
CVE-2020-37008 2026-01-29 HIGH 7.5 EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input…
CVE-2020-37007 2026-01-29 MEDIUM 5.3 Liman 0.7 contains a cross-site request forgery vulnerability that allows attackers to manipulate user account settings without proper request validation. Attackers can craft malicious HTML forms to change…
« Anterior Página 373 de 4255 Siguiente »