Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40537 2026-01-28 HIGH 7.5 SolarWinds Web Help Desk was found to be susceptible to a hardcoded credentials vulnerability that, under certain situations, could allow access to administrative functions.
CVE-2025-40536 2026-01-28 HIGH 8.1 SolarWinds Web Help Desk was found to be susceptible to a security control bypass vulnerability that if exploited, could allow an unauthenticated attacker to gain access to certain…
CVE-2026-1466 2026-01-28 MEDIUM 6.1 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was…
CVE-2026-1310 2026-01-28 MEDIUM 5.3 The Simple calendar for Elementor plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.6.6. This is due to missing capability checks…
CVE-2026-1295 2026-01-28 MEDIUM 6.4 The Buy Now Plus – Buy Now buttons for Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'buynowplus' shortcode in all versions up to,…
CVE-2026-1244 2026-01-28 MEDIUM 6.4 The Forms Bridge – Infinite integrations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute in the 'financoop_campaign' shortcode in all versions up…
CVE-2026-0832 2026-01-28 HIGH 7.3 The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API…
CVE-2026-0825 2026-01-28 MEDIUM 5.3 The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the CSV export functionality in…
CVE-2025-9082 2026-01-28 MEDIUM 6.4 The WPBITS Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widget parameters in versions up to, and including, 1.8 due to insufficient…
CVE-2025-14039 2026-01-28 MEDIUM 6.4 The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and including, 1.1.1 due…
CVE-2025-12709 2026-01-28 MEDIUM 6.4 The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and…
CVE-2026-1298 2026-01-28 MEDIUM 5.3 The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on…
CVE-2026-1083 2026-01-28 MEDIUM 4.4 The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including,…
CVE-2025-8072 2026-01-28 MEDIUM 6.4 The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to…
CVE-2025-14610 2026-01-28 HIGH 7.2 The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not…
CVE-2026-24867 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24866 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24865 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24864 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24863 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24862 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24861 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24860 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24859 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-1514 2026-01-28 MEDIUM 6.5 Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
CVE-2026-1506 2026-01-28 HIGH 7.2 A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument…
CVE-2026-1505 2026-01-28 HIGH 7.2 A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os…
CVE-2026-24852 2026-01-28 MEDIUM 6.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer…
CVE-2026-24850 2026-01-28 MEDIUM 5.3 The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation…
CVE-2026-24842 2026-01-28 HIGH 8.2 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink…
CVE-2026-24841 2026-01-28 CRITICAL 9.9 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId`…
CVE-2026-24840 2026-01-28 HIGH 8.0 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154)…
CVE-2026-24839 2026-01-28 MEDIUM 4.7 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting…
CVE-2026-24838 2026-01-28 CRITICAL 9.1 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include…
CVE-2026-24837 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module…
CVE-2026-24836 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could…
CVE-2026-24833 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in…
CVE-2026-24785 2026-01-28 N/A 0.0 Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum…
CVE-2026-24784 2026-01-28 MEDIUM 6.8 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content…
CVE-2026-24134 2026-01-28 MEDIUM 6.5 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that…
CVE-2026-23830 2026-01-28 CRITICAL 10.0 SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox…
CVE-2025-67645 2026-01-28 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit…
CVE-2025-55292 2026-01-28 HIGH 8.2 Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their…
CVE-2025-54373 2026-01-28 N/A 0.0 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed…
CVE-2026-24910 2026-01-27 MEDIUM 5.9 In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for…
CVE-2026-24909 2026-01-27 MEDIUM 5.9 vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.
CVE-2026-24783 2026-01-27 HIGH 7.5 soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product…
CVE-2026-24779 2026-01-27 HIGH 7.1 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within…
CVE-2026-24778 2026-01-27 HIGH 8.8 Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that,…
CVE-2026-24793 2026-01-27 N/A 0.0 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue…
« Anterior Página 379 de 4255 Siguiente »