Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-22639 2026-01-15 MEDIUM 4.3 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed…
CVE-2026-22638 2026-01-15 HIGH 8.3 A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that…
CVE-2026-0897 2026-01-15 N/A 0.0 Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through…
CVE-2025-13859 2026-01-15 MEDIUM 6.4 The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in…
CVE-2025-13062 2026-01-15 HIGH 8.8 The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type…
CVE-2025-12895 2026-01-15 MEDIUM 5.3 The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function…
CVE-2026-22920 2026-01-15 LOW 3.7 The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.
CVE-2026-22919 2026-01-15 LOW 3.8 An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.
CVE-2026-22918 2026-01-15 MEDIUM 4.3 An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.
CVE-2026-22917 2026-01-15 MEDIUM 4.3 Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
CVE-2026-22916 2026-01-15 MEDIUM 4.3 An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or…
CVE-2026-22915 2026-01-15 MEDIUM 4.3 An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
CVE-2026-22914 2026-01-15 MEDIUM 4.3 An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.
CVE-2026-22913 2026-01-15 MEDIUM 4.3 Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.
CVE-2026-22912 2026-01-15 MEDIUM 4.3 Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting…
CVE-2026-22911 2026-01-15 MEDIUM 5.3 Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
CVE-2026-22910 2026-01-15 HIGH 7.5 The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to…
CVE-2026-22909 2026-01-15 HIGH 7.5 Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
CVE-2026-22908 2026-01-15 CRITICAL 9.1 Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
CVE-2026-22907 2026-01-15 CRITICAL 9.9 An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVE-2026-22637 2026-01-15 MEDIUM 6.8 The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make…
CVE-2026-0976 2026-01-15 LOW 3.7 A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may…
CVE-2026-0713 2026-01-15 HIGH 8.3 A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers…
CVE-2026-0712 2026-01-15 HIGH 7.6 An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect…
CVE-2025-14457 2026-01-15 LOW 3.7 The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in…
CVE-2025-14448 2026-01-15 MEDIUM 5.4 The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Multiple Checkbox and Multiple Select user profile fields in all versions up to,…
CVE-2026-23582 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23581 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23580 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23579 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23578 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23577 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23576 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23575 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-23574 2026-01-15 N/A 0.0 Rejected reason: Not used
CVE-2026-0600 2026-01-14 N/A 0.0 Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network…
CVE-2026-0421 2026-01-14 MEDIUM 6.5 A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in…
CVE-2025-14058 2026-01-14 LOW 3.2 A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device…
CVE-2025-13455 2026-01-14 HIGH 7.8 A vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to bypass ThinkPlus device authentication and enroll an untrusted fingerprint.
CVE-2025-13454 2026-01-14 MEDIUM 4.7 A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information.
CVE-2025-13453 2026-01-14 MEDIUM 6.8 A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on the drive.
CVE-2025-13154 2026-01-14 MEDIUM 5.5 An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated…
CVE-2025-12533 2026-01-14 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-12166 2026-01-14 HIGH 7.5 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions…
CVE-2026-0861 2026-01-14 HIGH 8.4 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in…
CVE-2026-0601 2026-01-14 N/A 0.0 A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring…
CVE-2025-14242 2026-01-14 MEDIUM 6.5 A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote,…
CVE-2026-23512 2026-01-14 HIGH 8.6 SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, there is a Untrusted Search Path vulnerability when Advanced Options setting is trigger. The application executes notepad.exe…
CVE-2026-23550 2026-01-14 CRITICAL 10.0 Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.
CVE-2026-0962 2026-01-14 MEDIUM 5.3 SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service
« Anterior Página 431 de 4265 Siguiente »