Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59106 2026-01-26 N/A 0.0 The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle.…
CVE-2025-59105 2026-01-26 N/A 0.0 With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential…
CVE-2025-59104 2026-01-26 N/A 0.0 With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus,…
CVE-2025-59103 2026-01-26 N/A 0.0 The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was…
CVE-2025-59102 2026-01-26 N/A 0.0 The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration.…
CVE-2025-59101 2026-01-26 N/A 0.0 Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an…
CVE-2025-59100 2026-01-26 N/A 0.0 The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting,…
CVE-2025-59099 2026-01-26 N/A 0.0 The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker…
CVE-2025-59098 2026-01-26 N/A 0.0 The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool…
CVE-2025-59097 2026-01-26 N/A 0.0 The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba…
CVE-2025-59096 2026-01-26 N/A 0.0 The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally…
CVE-2025-59095 2026-01-26 N/A 0.0 The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses…
CVE-2025-59094 2026-01-26 N/A 0.0 A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable…
CVE-2025-59093 2026-01-26 N/A 0.0 Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated…
CVE-2025-59092 2026-01-26 N/A 0.0 An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services…
CVE-2025-59091 2026-01-26 N/A 0.0 Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for…
CVE-2025-59090 2026-01-26 N/A 0.0 On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to…
CVE-2025-41083 2026-01-26 N/A 0.0 Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification…
CVE-2025-41082 2026-01-26 N/A 0.0 Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can…
CVE-2026-1429 2026-01-26 MEDIUM 5.4 Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-1428 2026-01-26 HIGH 8.8 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1427 2026-01-26 HIGH 8.8 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1425 2026-01-26 MEDIUM 5.6 A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser.…
CVE-2026-1424 2026-01-26 MEDIUM 4.7 A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is…
CVE-2026-1423 2026-01-26 MEDIUM 6.3 A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to…
CVE-2026-1422 2026-01-26 HIGH 7.3 A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing…
CVE-2026-1421 2026-01-26 LOW 3.5 A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting.…
CVE-2026-1420 2026-01-26 HIGH 8.8 A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote…
CVE-2026-1419 2026-01-26 MEDIUM 4.7 A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of…
CVE-2026-1418 2026-01-26 MEDIUM 5.3 A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation…
CVE-2026-1417 2026-01-26 LOW 3.3 A weakness has been identified in GPAC up to 2.4.0. Affected by this issue is the function dump_isom_rtp of the file applications/mp4box/filedump.c. This manipulation causes null pointer dereference.…
CVE-2026-1416 2026-01-26 LOW 3.3 A security flaw has been discovered in GPAC up to 2.4.0. Affected by this vulnerability is the function DumpMovieInfo of the file applications/mp4box/filedump.c. The manipulation results in null…
CVE-2026-1415 2026-01-26 LOW 3.3 A vulnerability was identified in GPAC up to 2.4.0. Affected is the function gf_media_export_webvtt_metadata of the file src/media_tools/media_export.c. The manipulation of the argument Name leads to null pointer…
CVE-2026-1414 2026-01-26 MEDIUM 6.3 A vulnerability was determined in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This impacts the function getInformation of the file /equipment/get_Information of the component HTTP…
CVE-2026-1413 2026-01-26 MEDIUM 6.3 A vulnerability was found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. This affects the function portValidate of the file /fort/ip_and_port/port_validate of the component HTTP…
CVE-2026-1412 2026-01-26 HIGH 7.3 A vulnerability has been found in Sangfor Operation and Maintenance Security Management System up to 3.0.12. The impacted element is an unknown function of the file /fort/audit/get_clip_img of…
CVE-2026-1411 2026-01-26 MEDIUM 6.1 A flaw has been found in Beetel 777VR1 up to 01.00.09/01.00.09_55. The affected element is an unknown function of the component UART Interface. This manipulation causes improper access…
CVE-2026-1410 2026-01-26 MEDIUM 6.4 A vulnerability was detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. Impacted is an unknown function of the component UART Interface. The manipulation results in missing authentication. An attack…
CVE-2026-1409 2026-01-26 LOW 2.0 A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper…
CVE-2026-1408 2026-01-25 LOW 2.0 A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak…
CVE-2026-1407 2026-01-25 LOW 2.0 A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information…
CVE-2026-23013 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to…
CVE-2026-23012 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running,…
CVE-2026-23011 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found…
CVE-2026-23010 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved…
CVE-2026-23009 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running…
CVE-2026-23008 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so…
CVE-2026-23007 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully…
CVE-2026-23006 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was…
CVE-2026-23005 2026-01-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when…
« Anterior Página 386 de 4256 Siguiente »