Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-65264	2026-01-27	MEDIUM	5.5	The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a…
CVE-2026-24883	2026-01-27	LOW	3.7	In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application…
CVE-2026-24882	2026-01-27	HIGH	8.4	In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
CVE-2026-24881	2026-01-27	HIGH	8.1	In GnuPG before 2.5.17, a crafted CMS (S/MIME) EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This…
CVE-2026-24398	2026-01-27	MEDIUM	4.8	Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP Restriction Middleware in Hono is vulnerable to an IP address…
CVE-2026-24116	2026-01-27	N/A	0.0	Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign`…
CVE-2026-23892	2026-01-27	N/A	0.0	OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API…
CVE-2026-22264	2026-01-27	HIGH	7.4	Suricata is a network IDS, IPS and NSM engine. Prior to version 8.0.3 and 7.0.14, an unsigned integer overflow can lead to a heap use-after-free condition when generating…
CVE-2026-22263	2026-01-27	MEDIUM	5.3	Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, inefficiency in http1 headers parsing can lead to slowdown over…
CVE-2026-22262	2026-01-27	MEDIUM	5.9	Suricata is a network IDS, IPS and NSM engine. While saving a dataset a stack buffer is used to prepare the data. Prior to versions 8.0.3 and 7.0.14,…
CVE-2026-22261	2026-01-27	LOW	3.7	Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, various inefficiencies in xff handling, especially for alerts not triggered in a tx,…
CVE-2026-0746	2026-01-27	MEDIUM	6.4	The AI Engine plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.3.2 via the 'get_audio' function. This makes it possible…
CVE-2020-36983	2026-01-27	HIGH	7.8	Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured…
CVE-2020-36982	2026-01-27	HIGH	7.8	Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted…
CVE-2020-36981	2026-01-27	HIGH	7.8	Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2020-36980	2026-01-27	HIGH	7.8	SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2020-36979	2026-01-27	HIGH	7.8	Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executables in the…
CVE-2020-36978	2026-01-27	MEDIUM	6.4	Froxlor Server Management Panel 0.10.16 contains a persistent cross-site scripting vulnerability in customer registration input fields. Attackers can inject malicious scripts through username, name, and firstname parameters to…
CVE-2020-36977	2026-01-27	HIGH	7.8	Wondershare Driver Install Service contains an unquoted service path vulnerability in the ElevationService executable that allows local attackers to potentially inject malicious code. Attackers can exploit the unquoted…
CVE-2020-36976	2026-01-27	HIGH	7.8	Acer Global Registration Service 1.0.0.3 contains an unquoted service path vulnerability in its service configuration that allows local users to potentially execute arbitrary code. Attackers can exploit the…
CVE-2020-36975	2026-01-27	HIGH	7.8	EPSON Status Monitor 3 version 8.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code by exploiting the service binary path. Attackers…
CVE-2020-36974	2026-01-27	HIGH	7.8	Realtek Andrea RT Filters 1.0.64.7 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the…
CVE-2026-23593	2026-01-27	HIGH	7.5	A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow…
CVE-2026-23592	2026-01-27	HIGH	7.2	Insecure file operations in HPE Aruba Networking Fabric Composerâ€™s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute…
CVE-2026-22260	2026-01-27	HIGH	7.5	Suricata is a network IDS, IPS and NSM engine. Starting in version 8.0.0 and prior to version 8.0.3, Suricata can crash with a stack overflow. Version 8.0.3 patches…
CVE-2026-1315	2026-01-27	N/A	0.0	By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated…
CVE-2026-0919	2026-01-27	N/A	0.0	The HTTP parser of Tapo C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code…
CVE-2026-0918	2026-01-27	N/A	0.0	The Tapo C220 v1 and C520WS v2 cameras’ HTTP service does not safely handle POST requests containing an excessively large Content-Length header. The resulting failed memory allocation triggers…
CVE-2025-33234	2026-01-27	HIGH	7.8	NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation…
CVE-2025-14911	2026-01-27	MEDIUM	6.5	User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
CVE-2026-24869	2026-01-27	HIGH	8.1	Use-after-free in the Layout: Scrolling and Overflow component. This vulnerability affects Firefox < 147.0.2.
CVE-2026-23881	2026-01-27	HIGH	7.7	Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have unbounded memory consumption in Kyverno's policy engine that allows…
CVE-2026-22259	2026-01-27	HIGH	7.5	Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, specially crafted traffic can cause Suricata to consume large amounts of memory while…
CVE-2026-22258	2026-01-27	HIGH	7.5	Suricata is a network IDS, IPS and NSM engine. Prior to versions 8.0.3 and 7.0.14, crafted DCERPC traffic can cause Suricata to expand a buffer w/o limits, leading…
CVE-2026-22039	2026-01-27	CRITICAL	9.9	Kyverno is a policy engine designed for cloud native platform engineering teams. Versions prior to 1.16.3 and 1.15.3 have a critical authorization boundary bypass in namespaced Kyverno Policy…
CVE-2026-22796	2026-01-27	MEDIUM	5.3	Issue summary: A type confusion vulnerability exists in the signature verification of signed PKCS#7 data where an ASN1_TYPE union member is accessed without first validating the type, causing…
CVE-2026-1483	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1482	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1481	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1480	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1479	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters…
CVE-2026-1478	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1477	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1476	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1475	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1474	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1473	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-1472	2026-01-27	N/A	0.0	An out-of-band SQL injection vulnerability (OOB SQLi) has been detected in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter…
CVE-2026-0705	2026-01-27	MEDIUM	6.7	Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354.
CVE-2025-69564	2026-01-27	N/A	0.0	code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate parameters.

« Anterior Página 41 de 3916 Siguiente »