Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-23527 2026-01-15 HIGH 8.9 H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict…
CVE-2026-23520 2026-01-15 CRITICAL 9.0 Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed…
CVE-2026-23519 2026-01-15 N/A 0.0 RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to…
CVE-2026-23511 2026-01-15 MEDIUM 5.3 ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can…
CVE-2025-65349 2026-01-15 MEDIUM 5.4 A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted…
CVE-2025-15265 2026-01-15 N/A 0.0 An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript.…
CVE-2024-48077 2026-01-15 HIGH 7.5 An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue…
CVE-2026-22803 2026-01-15 N/A 0.0 SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing…
CVE-2026-22775 2026-01-15 HIGH 7.5 Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to…
CVE-2026-22774 2026-01-15 HIGH 7.5 Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to…
CVE-2026-22249 2026-01-15 HIGH 7.1 Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts,…
CVE-2026-0227 2026-01-15 N/A 0.0 A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue…
CVE-2025-70303 2026-01-15 MEDIUM 5.5 A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2025-70302 2026-01-15 MEDIUM 5.5 A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-67647 2026-01-15 N/A 0.0 SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial…
CVE-2025-13845 2026-01-15 N/A 0.0 CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
CVE-2025-13844 2026-01-15 N/A 0.0 CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.
CVE-2025-9014 2026-01-15 N/A 0.0 A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation.  A remote, unauthenticated attacker can…
CVE-2025-70307 2026-01-15 HIGH 7.5 A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2025-70299 2026-01-15 MEDIUM 6.5 A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
CVE-2025-36911 2026-01-15 HIGH 7.1 In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and…
CVE-2026-0823 2026-01-16 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-23714 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-23713 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-23712 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-23711 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-23710 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-23709 2026-01-16 N/A 0.0 Rejected reason: Not used
CVE-2026-1012 2026-01-15 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-23496 2026-01-15 MEDIUM 5.4 Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the…
CVE-2026-23494 2026-01-15 MEDIUM 4.3 Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint…
CVE-2026-23493 2026-01-15 HIGH 8.6 Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information…
CVE-2025-70305 2026-01-15 MEDIUM 5.5 A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
CVE-2025-62193 2026-01-15 CRITICAL 9.8 Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a…
CVE-2021-47773 2026-01-15 HIGH 7.8 Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit…
CVE-2021-47772 2026-01-15 CRITICAL 9.8 10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text…
CVE-2021-47771 2026-01-15 MEDIUM 6.2 RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname…
CVE-2021-47769 2026-01-15 HIGH 7.2 Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious…
CVE-2021-47768 2026-01-15 MEDIUM 6.1 ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with…
CVE-2021-47767 2026-01-15 HIGH 7.8 10-Strike Network Inventory Explorer Pro 9.31 contains an unquoted service path vulnerability in the srvInventoryWebServer service running with LocalSystem privileges. Attackers can exploit the unquoted path by placing…
CVE-2021-47755 2026-01-15 CRITICAL 9.8 Oliver Library Server v5 contains a file download vulnerability that allows unauthenticated attackers to access arbitrary system files through unsanitized input in the FileServlet endpoint. Attackers can exploit…
CVE-2021-47754 2026-01-15 MEDIUM 5.3 Arunna 1.0.0 contains a cross-site request forgery vulnerability that allows attackers to manipulate user profile settings without authentication. Attackers can craft a malicious form to change user details,…
CVE-2021-47753 2026-01-15 CRITICAL 9.8 phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a…
CVE-2021-47752 2026-01-15 HIGH 7.5 AWebServer GhostBuilding 18 contains a denial of service vulnerability that allows remote attackers to overwhelm the server by sending multiple concurrent HTTP requests. Attackers can generate high-volume requests…
CVE-2025-70298 2026-01-15 HIGH 8.2 GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
CVE-2025-61973 2026-01-15 HIGH 8.8 A local privilege escalation vulnerability exists during the installation of Epic Games Store via the Microsoft Store. A low-privilege user can replace a DLL file during the installation…
CVE-2026-23495 2026-01-15 MEDIUM 4.3 Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Prior to 2.2.3 and 1.7.16, the API endpoint for listing Predefined Properties in the Pimcore platform lacks adequate…
CVE-2026-22867 2026-01-15 HIGH 8.7 LaSuite Doc is a collaborative note taking, wiki and documentation platform. From 3.8.0 to 4.3.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Interlinking feature. When a…
CVE-2026-22265 2026-01-15 HIGH 7.5 Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to 8.2.8.2, command injection vulnerability exists in the log viewing functionality that allows authenticated…
CVE-2026-20076 2026-01-15 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against…
« Anterior Página 429 de 4265 Siguiente »