Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-71149 2026-01-23 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions…
CVE-2025-71148 2026-01-23 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the…
CVE-2025-71147 2026-01-23 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it…
CVE-2025-71146 2026-01-23 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as…
CVE-2025-71145 2026-01-23 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a…
CVE-2025-13921 2026-01-23 MEDIUM 4.3 The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing…
CVE-2026-0914 2026-01-23 MEDIUM 6.4 The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due…
CVE-2025-4320 2026-01-23 CRITICAL 10.0 Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects…
CVE-2025-4319 2026-01-23 CRITICAL 9.4 Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue…
CVE-2025-14866 2026-01-23 HIGH 8.8 The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check…
CVE-2025-2204 2026-01-23 MEDIUM 4.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026.…
CVE-2026-22276 2026-01-23 MEDIUM 5.5 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access…
CVE-2026-22275 2026-01-23 MEDIUM 4.4 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with…
CVE-2026-22274 2026-01-23 MEDIUM 6.5 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker…
CVE-2026-22273 2026-01-23 HIGH 8.8 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with…
CVE-2025-46699 2026-01-23 MEDIUM 4.3 Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker…
CVE-2026-22271 2026-01-23 HIGH 7.5 Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could…
CVE-2026-1364 2026-01-23 CRITICAL 9.8 IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.
CVE-2026-1363 2026-01-23 CRITICAL 9.8 IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.
CVE-2026-24515 2026-01-23 LOW 2.9 In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-0603 2026-01-23 HIGH 8.3 A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the…
CVE-2024-11976 2026-01-23 HIGH 7.3 The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users…
CVE-2026-0927 2026-01-23 MEDIUM 5.3 The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in…
CVE-2025-14745 2026-01-23 MEDIUM 6.4 The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in…
CVE-2025-14069 2026-01-23 MEDIUM 6.4 The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to,…
CVE-2026-24342 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24341 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24340 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24339 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24338 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24337 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24336 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24335 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2026-24334 2026-01-23 N/A 0.0 Rejected reason: Not used
CVE-2025-67847 2026-01-23 HIGH 8.8 A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of…
CVE-2025-3839 2026-01-23 HIGH 8.0 A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit…
CVE-2025-15522 2026-01-23 MEDIUM 6.4 The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortcode in all versions…
CVE-2026-0796 2026-01-23 HIGH 7.2 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0795 2026-01-23 HIGH 7.2 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0794 2026-01-23 HIGH 8.1 ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio…
CVE-2026-0793 2026-01-23 HIGH 8.1 ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0792 2026-01-23 HIGH 8.1 ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…
CVE-2026-0791 2026-01-23 HIGH 8.1 ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…
CVE-2026-0790 2026-01-23 MEDIUM 5.3 ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP…
CVE-2026-0789 2026-01-23 MEDIUM 5.3 ALGO 8180 IP Audio Alerter Web UI Inclusion of Authentication Cookie in Response Body Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected…
CVE-2026-0788 2026-01-23 MEDIUM 5.3 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations…
CVE-2026-0787 2026-01-23 HIGH 8.1 ALGO 8180 IP Audio Alerter SAC Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP…
CVE-2026-0786 2026-01-23 HIGH 7.5 ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP…
CVE-2026-0785 2026-01-23 HIGH 7.5 ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP…
CVE-2026-0784 2026-01-23 HIGH 7.2 ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
« Anterior Página 394 de 4258 Siguiente »