Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33298 2026-03-24 HIGH 7.8 llama.cpp is an inference of several LLM models in C/C++. Prior to b7824, an integer overflow vulnerability in the `ggml_nbytes` function allows an attacker to bypass memory validation…
CVE-2026-33290 2026-03-24 MEDIUM 4.3 WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user (including a custom role with zero…
CVE-2026-22739 2026-03-24 HIGH 8.6 Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend,…
CVE-2026-4615 2026-03-24 HIGH 7.3 A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql…
CVE-2026-4614 2026-03-24 MEDIUM 6.3 A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This…
CVE-2026-4613 2026-03-24 HIGH 7.3 A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection.…
CVE-2026-4056 2026-03-24 MEDIUM 5.4 The User Registration & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Content Access Rules REST API…
CVE-2026-4021 2026-03-24 HIGH 8.1 The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due…
CVE-2026-4001 2026-03-24 CRITICAL 9.8 The Woocommerce Custom Product Addons Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.4.1 via the custom pricing formula…
CVE-2026-3533 2026-03-24 HIGH 8.8 The Jupiter X Core plugin for WordPress is vulnerable to limited file uploads due to missing authorization on import_popup_templates() function as well as insufficient file type validation in…
CVE-2026-33286 2026-03-24 CRITICAL 9.1 Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that…
CVE-2026-33252 2026-03-24 HIGH 7.1 The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.1, the Go SDK's Streamable HTTP transport accepted browser-generated cross-site `POST` requests without validating the `Origin` header…
CVE-2026-33250 2026-03-24 HIGH 7.5 Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use…
CVE-2026-33211 2026-03-24 CRITICAL 9.6 Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 1.0.0 and prior to versions 1.0.1, 1.3.3, 1.6.1, 1.9.2, and 1.10.2, the Tekton Pipelines git…
CVE-2026-4306 2026-03-23 HIGH 7.5 The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping…
CVE-2026-4066 2026-03-23 MEDIUM 4.3 The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up…
CVE-2026-3225 2026-03-23 MEDIUM 4.3 The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function…
CVE-2026-33168 2026-03-23 N/A 0.0 Action View provides conventions and helpers for building web pages with the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when a blank string is used as…
CVE-2026-33167 2026-03-23 N/A 0.0 Action Pack is a Rubygem for building web applications on the Rails framework. In versions on the 8.1 branch prior to 8.1.2.1, the debug exceptions page does not…
CVE-2026-33046 2026-03-23 N/A 0.0 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX…
CVE-2026-2412 2026-03-23 MEDIUM 6.5 The Quiz and Survey Master (QSM) plugin for WordPress is vulnerable to SQL Injection via the 'merged_question' parameter in all versions up to, and including, 10.3.5. This is…
CVE-2026-4681 2026-03-23 N/A 0.0 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data. This…
CVE-2026-4612 2026-03-23 HIGH 7.3 A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation…
CVE-2026-4611 2026-03-23 HIGH 7.2 A flaw has been found in TOTOLINK X6000R 9.4.0cu.1360_B20241207/9.4.0cu.1498_B20250826. Affected by this issue is the function setLanCfg of the file /usr/sbin/shttpd. Executing a manipulation of the argument Hostname…
CVE-2026-33634 2026-03-23 N/A 0.0 Trivy is a security scanner. On March 19, 2026, a threat actor used compromised credentials to publish a malicious Trivy v0.69.4 release, force-push 76 of 77 version tags…
CVE-2026-29111 2026-03-23 MEDIUM 5.5 systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version…
CVE-2026-27646 2026-03-23 MEDIUM 5.3 OpenClaw versions prior to 2026.3.7 contain a sandbox escape vulnerability in the /acp spawn command that allows authorized sandboxed sessions to initialize host-side ACP runtime. Attackers can bypass…
CVE-2026-24516 2026-03-23 HIGH 8.8 A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in…
CVE-2026-32912 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-28483 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-28455 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-22173 2026-03-23 N/A 0.0 Rejected reason: This CVE ID has been rejected.
CVE-2026-33478 2026-03-23 CRITICAL 10.0 WWBN AVideo is an open source video platform. In versions up to and including 26.0, multiple vulnerabilities in AVideo's CloneSite plugin chain together to allow a completely unauthenticated…
CVE-2026-32845 2026-03-23 HIGH 8.4 cgltf version 1.15 and prior contain an integer overflow vulnerability in the cgltf_validate() function when validating sparse accessors that allows attackers to trigger out-of-bounds reads by supplying crafted…
CVE-2026-4593 2026-03-23 MEDIUM 6.3 A flaw has been found in erupts erupt bis 1.13.3. Affected by this vulnerability is the function EruptDataQuery of the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java of the component MCP Tool Interface.…
CVE-2026-33507 2026-03-23 HIGH 8.8 WWBN AVideo is an open source video platform. In versions up to and including 26.0, the `objects/pluginImport.json.php` endpoint allows admin users to upload and install plugin ZIP files…
CVE-2026-33502 2026-03-23 CRITICAL 9.3 WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in `plugin/Live/test.php` allows any remote user to…
« Anterior Página 44 de 4112 Siguiente »