Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12709 2026-01-28 MEDIUM 6.4 The Interactions – Create Interactive Experiences in the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via event selectors in all versions up to, and…
CVE-2026-1298 2026-01-28 MEDIUM 5.3 The Easy Replace Image plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.5.2. This is due to missing capability checks on…
CVE-2026-1083 2026-01-28 MEDIUM 4.4 The Appointment Hour Booking – Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form field configuration parameters in all versions up to, and including,…
CVE-2025-8072 2026-01-28 MEDIUM 6.4 The Target Video Easy Publish plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder_img’ parameter in all versions up to, and including, 3.8.8 due to…
CVE-2025-14610 2026-01-28 HIGH 7.2 The TableMaster for Elementor plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.6. This is due to the plugin not…
CVE-2026-24867 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24866 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24865 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24864 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24863 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24862 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24861 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24860 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-24859 2026-01-28 N/A 0.0 Rejected reason: Not used
CVE-2026-1514 2026-01-28 MEDIUM 6.5 Official Document Management System developed by 2100 Technology has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to modify front-end code to read all official documents.
CVE-2026-1506 2026-01-28 HIGH 7.2 A vulnerability was determined in D-Link DIR-615 4.10. Impacted is an unknown function of the file /adv_mac_filter.php of the component MAC Filter Configuration. This manipulation of the argument…
CVE-2026-1505 2026-01-28 HIGH 7.2 A vulnerability was found in D-Link DIR-615 4.10. This issue affects some unknown processing of the file /set_temp_nodes.php of the component URL Filter. The manipulation results in os…
CVE-2026-24852 2026-01-28 MEDIUM 6.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, a heap buffer…
CVE-2026-24850 2026-01-28 MEDIUM 5.3 The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation…
CVE-2026-24842 2026-01-28 HIGH 8.2 node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink…
CVE-2026-24841 2026-01-28 CRITICAL 9.9 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a critical command injection vulnerability exists in Dokploy's WebSocket endpoint `/docker-container-terminal`. The `containerId`…
CVE-2026-24840 2026-01-28 HIGH 8.0 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, a hardcoded credential in the provided installation script (located at https://dokploy.com/install.sh, line 154)…
CVE-2026-24839 2026-01-28 MEDIUM 4.7 Dokploy is a free, self-hostable Platform as a Service (PaaS). In versions prior to 0.26.6, the Dokploy web interface is vulnerable to Clickjacking attacks due to missing frame-busting…
CVE-2026-24838 2026-01-28 CRITICAL 9.1 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include…
CVE-2026-24837 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module…
CVE-2026-24836 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could…
CVE-2026-24833 2026-01-28 HIGH 7.6 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in…
CVE-2026-24785 2026-01-28 N/A 0.0 Clatter is a no_std compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum…
CVE-2026-24784 2026-01-28 MEDIUM 6.8 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content…
CVE-2026-24134 2026-01-28 MEDIUM 6.5 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that…
CVE-2026-23830 2026-01-28 CRITICAL 10.0 SandboxJS is a JavaScript sandboxing library. Versions prior to 0.8.26 have a sandbox escape vulnerability due to `AsyncFunction` not being isolated in `SandboxFunction`. The library attempts to sandbox…
CVE-2025-67645 2026-01-28 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit…
CVE-2025-55292 2026-01-28 HIGH 8.2 Meshtastic is an open source mesh networking solution. In the current Meshtastic architecture, a Node is identified by their NodeID, generated from the MAC address, rather than their…
CVE-2025-54373 2026-01-28 N/A 0.0 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a vulnerability where sensitive data is unintentionally revealed…
CVE-2026-24910 2026-01-27 MEDIUM 5.9 In Bun before 1.3.5, the default trusted dependencies list (aka trust allow list) can be spoofed by a non-npm package in the case of a matching name (for…
CVE-2026-24909 2026-01-27 MEDIUM 5.9 vlt before 1.0.0-rc.10 mishandles path sanitization for tar, leading to path traversal during extraction.
CVE-2026-24783 2026-01-27 HIGH 7.5 soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate product…
CVE-2026-24779 2026-01-27 HIGH 7.1 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.14.1, a Server-Side Request Forgery (SSRF) vulnerability exists in the `MediaConnector` class within…
CVE-2026-24778 2026-01-27 HIGH 8.8 Ghost is an open source content management system. In Ghost versions 5.43.0 through 5.12.04 and 6.0.0 through 6.14.0, an attacker was able to craft a malicious link that,…
CVE-2026-24793 2026-01-27 N/A 0.0 Out-of-bounds Write, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in azerothcore azerothcore-wotlk (deps/zlib modules). This vulnerability is associated with program files inflate.C. This issue…
CVE-2026-24770 2026-01-27 CRITICAL 9.8 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In version 0.23.1 and possibly earlier versions, the MinerU parser contains a "Zip Slip" vulnerability, allowing an attacker to overwrite…
CVE-2026-24765 2026-01-27 HIGH 7.8 PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage…
CVE-2026-24748 2026-01-27 N/A 0.0 Kargo manages and automates the promotion of software artifacts. Prior to versions 1.8.7, 1.7.7, and 1.6.3, a bug was found with authentication checks on the `GetConfig()` API endpoint.…
CVE-2026-24747 2026-01-27 HIGH 8.8 PyTorch is a Python package that provides tensor computation. Prior to version 2.10.0, a vulnerability in PyTorch's `weights_only` unpickler allows an attacker to craft a malicious checkpoint file…
CVE-2026-24741 2026-01-27 HIGH 8.1 ConvertXis a self-hosted online file converter. In versions prior to 0.17.0, the `POST /delete` endpoint uses a user-controlled `filename` value to construct a filesystem path and deletes it…
CVE-2026-1504 2026-01-27 MEDIUM 6.5 Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:…
CVE-2025-15467 2026-01-27 N/A 0.0 Issue summary: Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. Impact summary: A stack buffer overflow may lead to a crash,…
CVE-2020-36949 2026-01-27 HIGH 7.5 TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a…
CVE-2020-36948 2026-01-27 CRITICAL 9.8 VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user…
CVE-2020-36947 2026-01-27 HIGH 7.1 LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by…
« Anterior Página 39 de 3915 Siguiente »