Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-22697 2026-01-10 HIGH 7.5 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-22027 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-22026 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-22025 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-22024 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-22023 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-21900 2026-01-10 N/A 0.0 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-21899 2026-01-10 MEDIUM 4.7 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-21898 2026-01-10 HIGH 8.2 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2026-21897 2026-01-10 HIGH 7.3 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2025-15501 2026-01-09 CRITICAL 9.8 A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the file /isomp-protocol/protocol/getCmd. This manipulation of the argument…
CVE-2026-22584 2026-01-09 N/A 0.0 Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.
CVE-2026-0830 2026-01-09 HIGH 7.8 Processing specially crafted workspace folder names could allow for arbitrary command injection in the Kiro GitLab Merge-Request helper in Kiro IDE before version 0.6.18 when opening maliciously crafted…
CVE-2025-62487 2026-01-09 LOW 3.5 ### Details On October 1, 2025, Palantir discovered that images uploaded through the Dossier front-end app were not being marked correctly with the proper security levels. The regression…
CVE-2025-60538 2026-01-09 MEDIUM 6.5 A lack of rate limiting in the login page of shiori v1.7.4 and below allows attackers to bypass authentication via a brute force attack.
CVE-2025-67811 2026-01-09 MEDIUM 6.5 Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized…
CVE-2025-67810 2026-01-09 MEDIUM 6.5 In Area9 Rhapsode 1.47.3, an authenticated attacker can exploit the operation, url, and filename parameters via POST request to read arbitrary files from the server filesystem. Fixed in…
CVE-2025-66715 2026-01-09 MEDIUM 6.5 A DLL hijacking vulnerability in Axtion ODISSAAS ODIS v1.8.4 allows attackers to execute arbitrary code via a crafted DLL file.
CVE-2025-67070 2026-01-09 HIGH 8.2 A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery…
CVE-2025-46299 2026-01-09 MEDIUM 4.3 A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2,…
CVE-2025-46298 2026-01-09 N/A 0.0 The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe…
CVE-2025-46297 2026-01-09 N/A 0.0 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected files within an App…
CVE-2025-46286 2026-01-09 MEDIUM 4.3 A logic issue was addressed with improved validation. This issue is fixed in iOS 26.2 and iPadOS 26.2. Restoring from a backup may prevent passcode from being required…
CVE-2025-15500 2026-01-09 CRITICAL 9.8 A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /isomp-protocol/protocol/getHis of the component HTTP…
CVE-2025-51626 2026-01-09 MEDIUM 6.5 SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint.
CVE-2025-15499 2026-01-09 HIGH 8.8 A vulnerability has been found in Sangfor Operation and Maintenance Management System up to 3.0.8. This vulnerability affects the function uploadCN of the file VersionController.java. The manipulation of…
CVE-2026-22713 2026-01-09 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki…
CVE-2026-22712 2026-01-09 N/A 0.0 Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki…
CVE-2026-22710 2026-01-09 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikibase Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki…
CVE-2025-15496 2026-01-09 MEDIUM 6.3 A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. This manipulation of the argument sort causes sql injection.…
CVE-2025-15495 2026-01-09 MEDIUM 4.7 A vulnerability was found in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/editsite.php. The manipulation of the argument image results in unrestricted…
CVE-2025-15494 2026-01-09 MEDIUM 6.3 A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to…
CVE-2025-15493 2026-01-09 MEDIUM 6.3 A flaw has been found in RainyGao DocSys up to 2.02.36. The impacted element is an unknown function of the file src/com/DocSystem/mapping/ReposAuthMapper.xml. Executing a manipulation of the argument…
CVE-2025-15492 2026-01-09 MEDIUM 6.3 A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. Performing a manipulation of the argument searchWord…
CVE-2020-36875 2026-01-09 N/A 0.0 AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing…
CVE-2026-0817 2026-01-09 MEDIUM 5.3 Missing Authorization vulnerability in Wikimedia Foundation MediaWiki - CampaignEvents extension allows Privilege Abuse.This issue affects MediaWiki - CampaignEvents extension: 1.45, 1.44, 1.43, 1.39.
CVE-2025-64093 2026-01-09 CRITICAL 10.0 Remote Code Execution vulnerability that allows unauthenticated attackers to inject arbitrary commands into the hostname of the device.
CVE-2025-64092 2026-01-09 HIGH 7.5 This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database.
CVE-2025-64091 2026-01-09 HIGH 8.6 This vulnerability allows authenticated attackers to execute commands via the NTP-configuration of the device.
CVE-2025-64090 2026-01-09 CRITICAL 10.0 This vulnerability allows authenticated attackers to execute commands via the hostname of the device.
CVE-2026-22198 2026-01-09 N/A 0.0 GestSup versions up to and including 3.2.56 contain a pre-authentication stored cross-site scripting (XSS) vulnerability in the API error logging functionality. By sending an API request with a…
CVE-2026-22197 2026-01-09 N/A 0.0 GestSup versions up to and including 3.2.56 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are…
CVE-2026-22196 2026-01-09 N/A 0.0 GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without…
CVE-2026-22195 2026-01-09 N/A 0.0 GestSup versions up to and including 3.2.56 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization,…
CVE-2026-22194 2026-01-09 N/A 0.0 GestSup versions up to and including 3.2.56 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can…
CVE-2025-70161 2026-01-09 N/A 0.0 EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization.…
CVE-2025-69542 2026-01-09 N/A 0.0 A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP…
CVE-2025-69426 2026-01-09 N/A 0.0 The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is…
CVE-2025-69425 2026-01-09 N/A 0.0 The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) expose a command execution service on TCP port 2004 running with root privileges. Authentication to this service relies…
CVE-2025-67004 2026-01-09 N/A 0.0 An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or…
« Anterior Página 449 de 4266 Siguiente »