Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-15518 2026-03-23 N/A 0.0 Improper input handling in a wireless-control administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating…
CVE-2025-15517 2026-03-23 N/A 0.0 A missing authentication check in the HTTP server on TP-Link Archer NX200, NX210, NX500 and NX600 to certain cgi endpoints allows unauthenticated access intended for authenticated users. An…
CVE-2026-4775 2026-03-24 HIGH 7.8 A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF…
CVE-2026-32647 2026-03-24 HIGH 7.8 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX…
CVE-2026-28755 2026-03-24 MEDIUM 5.4 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_stream_ssl_module module due to the improper handling of revoked certificates when configured with the ssl_verify_client on and…
CVE-2026-28753 2026-03-24 LOW 3.7 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_mail_smtp_module module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled…
CVE-2026-27784 2026-03-24 HIGH 7.8 The 32-bit implementation of NGINX Open Source has a vulnerability in the ngx_http_mp4_module module, which might allow an attacker to over-read or over-write NGINX worker memory resulting in…
CVE-2026-27654 2026-03-24 HIGH 8.2 NGINX Open Source and NGINX Plus have a vulnerability in the ngx_http_dav_module module that might allow an attacker to trigger a buffer overflow to the NGINX worker process;…
CVE-2026-27651 2026-03-24 HIGH 7.5 When the ngx_mail_auth_http_module module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when (1) CRAM-MD5 or…
CVE-2026-33310 2026-03-24 HIGH 8.8 Intake is a package for finding, investigating, loading and disseminating data. Prior to version 2.0.9, the shell() syntax within parameter default values appears to be automatically expanded during…
CVE-2025-64998 2026-03-24 N/A 0.0 Exposure of session signing secret in Checkmk
CVE-2019-25647 2026-03-24 HIGH 8.8 PhreeBooks ERP 5.2.3 contains a remote code execution vulnerability in the image manager that allows authenticated attackers to upload and execute arbitrary PHP files by bypassing file extension…
CVE-2019-25646 2026-03-24 CRITICAL 9.8 Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL…
CVE-2019-25645 2026-03-24 MEDIUM 6.2 WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by processing malformed AVI files. Attackers can create a specially…
CVE-2019-25644 2026-03-24 MEDIUM 6.2 WinMPG Video Convert 9.3.5 and older versions contain a buffer overflow vulnerability in the registration dialog that allows local attackers to crash the application by supplying oversized input.…
CVE-2019-25643 2026-03-24 HIGH 8.2 eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send…
CVE-2019-25642 2026-03-24 HIGH 8.2 Bootstrapy CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. Attackers can inject SQL payloads…
CVE-2019-25641 2026-03-24 HIGH 8.2 Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST…
CVE-2019-25640 2026-03-24 HIGH 8.2 Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using…
CVE-2019-25639 2026-03-24 HIGH 8.2 Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject…
CVE-2019-25638 2026-03-24 HIGH 7.1 Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can…
CVE-2019-25637 2026-03-24 HIGH 8.4 X-NetStat Pro 5.63 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the EIP register through a 264-byte buffer overflow. Attackers…
CVE-2019-25636 2026-03-24 HIGH 8.2 Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send…
CVE-2019-25635 2026-03-24 HIGH 8.2 Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast,…
CVE-2019-25634 2026-03-24 HIGH 8.4 Base64 Decoder 1.1.2 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft…
CVE-2019-25633 2026-03-24 HIGH 8.4 AIDA64 Extreme 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input through the email preferences and…
CVE-2019-25632 2026-03-24 MEDIUM 6.2 phpFileManager 1.7.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the action, fm_current_dir, and filename parameters. Attackers can send GET…
CVE-2019-25631 2026-03-24 HIGH 8.4 AIDA64 Business 5.99.4900 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH pointers with malicious shellcode. Attackers can…
CVE-2019-25630 2026-03-24 HIGH 8.8 PhreeBooks ERP 5.2.3 contains an arbitrary file upload vulnerability in the Image Manager component that allows authenticated attackers to upload malicious files by submitting requests to the image…
CVE-2019-25629 2026-03-24 HIGH 8.4 AIDA64 Extreme 5.99.4900 contains a structured exception handler buffer overflow vulnerability in the logging functionality that allows local attackers to execute arbitrary code by supplying a malicious CSV…
CVE-2019-25628 2026-03-24 CRITICAL 9.8 Download Accelerator Plus DAP 10.0.6.0 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by crafting malicious URLs. Attackers can create…
CVE-2019-25627 2026-03-24 HIGH 8.4 FlexHEX 2.71 contains a local buffer overflow vulnerability in the Stream Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH)…
CVE-2019-25626 2026-03-24 HIGH 8.4 River Past Cam Do 3.7.6 contains a local buffer overflow vulnerability in the activation code input field that allows local attackers to execute arbitrary code by supplying a…
CVE-2026-4649 2026-03-24 N/A 0.0 Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446…
CVE-2026-3509 2026-03-24 HIGH 7.5 An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in…
CVE-2026-32642 2026-03-24 N/A 0.0 Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address…
CVE-2025-41660 2026-03-24 HIGH 8.8 A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
CVE-2026-4756 2026-03-24 HIGH 7.8 Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-4755 2026-03-24 CRITICAL 9.8 CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-4754 2026-03-24 MEDIUM 6.1 CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-33852 2026-03-24 HIGH 7.5 Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-4753 2026-03-24 CRITICAL 9.1 Out-of-bounds Read vulnerability in slajerek RetroDebugger.This issue affects RetroDebugger: before v0.64.72.
CVE-2026-4752 2026-03-24 MEDIUM 6.4 Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.
CVE-2026-4751 2026-03-24 MEDIUM 5.3 NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
CVE-2026-4750 2026-03-24 CRITICAL 9.1 Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
CVE-2026-4749 2026-03-24 MEDIUM 6.5 NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.
CVE-2026-33856 2026-03-24 HIGH 7.5 Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-33855 2026-03-24 MEDIUM 5.5 Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
CVE-2026-33854 2026-03-24 HIGH 8.8 Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
CVE-2026-33853 2026-03-24 MEDIUM 5.5 NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10.
« Anterior Página 41 de 4111 Siguiente »