Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-71155	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory corruption…
CVE-2025-71154	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure…
CVE-2025-71153	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the…
CVE-2025-71152	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net: dsa: properly keep track of conduit reference Problem description ------------------- DSA has a mumbo-jumbo of reference handling…
CVE-2025-71151	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without…
CVE-2025-71150	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but…
CVE-2025-71149	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions…
CVE-2025-71148	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the…
CVE-2025-71147	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it…
CVE-2025-71146	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as…
CVE-2025-71145	2026-01-23	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a…
CVE-2025-13921	2026-01-23	MEDIUM	4.3	The weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot plugin for WordPress is vulnerable to unauthorized modification or loss of data due to a missing…
CVE-2026-0914	2026-01-23	MEDIUM	6.4	The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due…
CVE-2025-4320	2026-01-23	CRITICAL	10.0	Authentication Bypass by Primary Weakness, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Authentication Bypass, Password Recovery Exploitation.This issue affects…
CVE-2025-4319	2026-01-23	CRITICAL	9.4	Improper Restriction of Excessive Authentication Attempts, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Birebirsoft Software and Technology Solutions Sufirmam allows Brute Force, Password Recovery Exploitation.This issue…
CVE-2025-14866	2026-01-23	HIGH	8.8	The Melapress Role Editor plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.1. This is due to a misconfigured capability check…
CVE-2025-2204	2026-01-23	MEDIUM	4.7	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting (XSS).This issue affects Tap&Sign: through 23012026.…
CVE-2026-22276	2026-01-23	MEDIUM	5.5	Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Storage of Sensitive Information vulnerability. A low privileged attacker with local access…
CVE-2026-22275	2026-01-23	MEDIUM	4.4	Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with…
CVE-2026-22274	2026-01-23	MEDIUM	6.5	Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability in the Fabric Syslog. An unauthenticated attacker…
CVE-2026-22273	2026-01-23	HIGH	8.8	Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with…
CVE-2025-46699	2026-01-23	MEDIUM	4.3	Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker…
CVE-2026-22271	2026-01-23	HIGH	7.5	Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains a Cleartext Transmission of Sensitive Information vulnerability. An unauthenticated attacker with remote access could…
CVE-2026-1364	2026-01-23	CRITICAL	9.8	IAQS and I6 developed by JNC has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly operate system administrative functionalities.
CVE-2026-1363	2026-01-23	CRITICAL	9.8	IAQS and I6 developed by JNC has a Client-Side Enforcement of Server-Side Security vulnerability, allowing unauthenticated remote attackers to gain administrator privileges by manipulating the web front-end.
CVE-2026-24515	2026-01-23	LOW	2.9	In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data.
CVE-2026-0603	2026-01-23	HIGH	8.3	A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the…
CVE-2024-11976	2026-01-23	HIGH	7.3	The The BuddyPress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 14.3.3. This is due to the software allowing users…
CVE-2026-0927	2026-01-23	MEDIUM	5.3	The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in…
CVE-2025-14745	2026-01-23	MEDIUM	6.4	The RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-rss-aggregator' shortcode in…
CVE-2025-14069	2026-01-23	MEDIUM	6.4	The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saswp_custom_schema_field' profile field in all versions up to,…
CVE-2026-24342	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24341	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24340	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24339	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24338	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24337	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24336	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24335	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2026-24334	2026-01-23	N/A	0.0	Rejected reason: Not used
CVE-2025-67847	2026-01-23	HIGH	8.8	A flaw was found in Moodle. An attacker with access to the restore interface could trigger server-side execution of arbitrary code. This is due to insufficient validation of…
CVE-2025-3839	2026-01-23	HIGH	8.0	A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit…
CVE-2025-15522	2026-01-23	MEDIUM	6.4	The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automator_discord_user_mapping shortcode in all versions…
CVE-2026-0796	2026-01-23	HIGH	7.2	ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0795	2026-01-23	HIGH	7.2	ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0794	2026-01-23	HIGH	8.1	ALGO 8180 IP Audio Alerter SIP Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio…
CVE-2026-0793	2026-01-23	HIGH	8.1	ALGO 8180 IP Audio Alerter InformaCast Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180…
CVE-2026-0792	2026-01-23	HIGH	8.1	ALGO 8180 IP Audio Alerter SIP INVITE Alert-Info Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…
CVE-2026-0791	2026-01-23	HIGH	8.1	ALGO 8180 IP Audio Alerter SIP INVITE Replaces Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of…
CVE-2026-0790	2026-01-23	MEDIUM	5.3	ALGO 8180 IP Audio Alerter Web UI Direct Request Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ALGO 8180 IP…

« Anterior Página 399 de 4263 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte