Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2020-36946 2026-01-27 HIGH 7.5 SyncBreeze 10.0.28 contains a denial of service vulnerability in the login endpoint that allows remote attackers to crash the service. Attackers can send an oversized payload in the…
CVE-2020-36941 2026-01-27 CRITICAL 9.8 Knockpy 4.1.1 contains a CSV injection vulnerability that allows attackers to inject malicious formulas into CSV reports through unfiltered server headers. Attackers can manipulate server response headers to…
CVE-2020-36940 2026-01-27 CRITICAL 9.8 Easy CD & DVD Cover Creator 4.13 contains a buffer overflow vulnerability in the serial number input field that allows attackers to crash the application. Attackers can generate…
CVE-2026-24740 2026-01-27 N/A 0.0 Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for…
CVE-2026-24738 2026-01-27 N/A 0.0 gmrtd is a Go library for reading Machine Readable Travel Documents (MRTDs). Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which…
CVE-2026-24736 2026-01-27 CRITICAL 9.1 Squidex is an open source headless content management system and content management hub. Versions of the application up to and including 7.21.0 allow users to define "Webhooks" as…
CVE-2025-21589 2026-01-27 CRITICAL 9.8 An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allows a network-based attacker to bypass authentication and take administrative control…
CVE-2025-12810 2026-01-27 N/A 0.0 Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25. A secret with "change password on check…
CVE-2026-24771 2026-01-27 MEDIUM 4.7 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting (XSS) vulnerability exists in the `ErrorBoundary` component of…
CVE-2026-24688 2026-01-27 N/A 0.0 pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a…
CVE-2026-24473 2026-01-27 N/A 0.0 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Serve static Middleware for the Cloudflare Workers adapter contains an information…
CVE-2026-24472 2026-01-27 MEDIUM 5.3 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, Cache Middleware contains an information disclosure vulnerability caused by improper handling…
CVE-2025-14988 2026-01-27 N/A 0.0 A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability…
CVE-2025-65264 2026-01-27 MEDIUM 5.5 The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a…
CVE-2026-24883 2026-01-27 LOW 3.7 In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application…
CVE-2026-24882 2026-01-27 HIGH 8.4 In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
CVE-2026-24881 2026-01-27 HIGH 8.1 In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This…
CVE-2026-24398 2026-01-27 MEDIUM 4.8 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address…
CVE-2026-24116 2026-01-27 N/A 0.0 Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign`…
CVE-2026-23892 2026-01-27 N/A 0.0 OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API…
CVE-2026-22264 2026-01-27 HIGH 7.4 Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating…
CVE-2026-22263 2026-01-27 MEDIUM 5.3 Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over…
CVE-2026-22262 2026-01-27 MEDIUM 5.9 Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14,…
CVE-2026-22261 2026-01-27 LOW 3.7 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx,…
CVE-2026-0746 2026-01-27 MEDIUM 6.4 The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible…
CVE-2020-36983 2026-01-27 HIGH 7.8 Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured…
CVE-2020-36982 2026-01-27 HIGH 7.8 Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted…
CVE-2020-36981 2026-01-27 HIGH 7.8 Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2020-36980 2026-01-27 HIGH 7.8 SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2020-36979 2026-01-27 HIGH 7.8 Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the…
CVE-2020-36978 2026-01-27 MEDIUM 6.4 Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to…
CVE-2020-36977 2026-01-27 HIGH 7.8 Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted…
CVE-2020-36976 2026-01-27 HIGH 7.8 Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the…
CVE-2020-36975 2026-01-27 HIGH 7.8 EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers…
CVE-2020-36974 2026-01-27 HIGH 7.8 Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the…
CVE-2026-23593 2026-01-27 HIGH 7.5 A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow…
CVE-2026-23592 2026-01-27 HIGH 7.2 Insecure file operations in HPE Aruba Networking Fabric Composer’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute…
CVE-2026-22260 2026-01-27 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches…
CVE-2026-1315 2026-01-27 N/A 0.0 By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated…
CVE-2026-0919 2026-01-27 N/A 0.0 The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code…
CVE-2026-0918 2026-01-27 N/A 0.0 The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers…
CVE-2025-33234 2026-01-27 HIGH 7.8 NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation…
CVE-2025-14911 2026-01-27 MEDIUM 6.5 User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
CVE-2026-24869 2026-01-27 HIGH 8.1 Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2.
CVE-2026-23881 2026-01-27 HIGH 7.7 Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows…
CVE-2026-22259 2026-01-27 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while…
CVE-2026-22258 2026-01-27 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading…
CVE-2026-22039 2026-01-27 CRITICAL 9.9 Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy…
CVE-2026-22796 2026-01-27 MEDIUM 5.3 Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing…
CVE-2026-1483 2026-01-27 N/A 0.0 An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
« Anterior Página 40 de 3915 Siguiente »