Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-21688 2026-01-07 HIGH 8.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21687 2026-01-07 HIGH 7.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21686 2026-01-07 HIGH 7.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21685 2026-01-07 HIGH 7.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21684 2026-01-07 HIGH 7.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21683 2026-01-07 HIGH 8.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21441 2026-01-07 N/A 0.0 urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather…
CVE-2026-22581 2026-01-08 N/A 0.0 Rejected reason: Not used
CVE-2026-22580 2026-01-08 N/A 0.0 Rejected reason: Not used
CVE-2026-22579 2026-01-08 N/A 0.0 Rejected reason: Not used
CVE-2026-22578 2026-01-08 N/A 0.0 Rejected reason: Not used
CVE-2026-22577 2026-01-08 N/A 0.0 Rejected reason: Not used
CVE-2026-0670 2026-01-07 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki - ProofreadPage Extension allows Cross-Site Scripting (XSS).This issue affects MediaWiki -…
CVE-2026-0669 2026-01-07 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension:…
CVE-2026-0668 2026-01-07 MEDIUM 5.3 Inefficient Regular Expression Complexity vulnerability in Wikimedia Foundation MediaWiki - VisualData Extension allows Regular Expression Exponential Blowup.This issue affects MediaWiki - VisualData Extension: 1.45.
CVE-2025-61492 2026-01-07 CRITICAL 10.0 A command injection vulnerability in the execute_command function of terminal-controller-mcp 0.1.7 allows attackers to execute arbitrary commands via a crafted input.
CVE-2026-21856 2026-01-07 HIGH 7.2 The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit…
CVE-2026-21855 2026-01-07 CRITICAL 9.3 The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, a reflected Cross Site Scripting (XSS) vulnerability in the toast…
CVE-2026-21854 2026-01-07 CRITICAL 9.8 The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any…
CVE-2026-21492 2026-01-06 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-22539 2026-01-07 N/A 0.0 As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6.
CVE-2026-21680 2026-01-07 MEDIUM 6.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2…
CVE-2026-21679 2026-01-07 HIGH 8.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21678 2026-01-07 HIGH 7.8 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21506 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21505 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined…
CVE-2026-21504 2026-01-07 MEDIUM 6.6 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21503 2026-01-07 MEDIUM 6.1 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined…
CVE-2026-21502 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21501 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21500 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21499 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21498 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21497 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21496 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2026-21495 2026-01-07 MEDIUM 5.5 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable…
CVE-2025-66560 2026-01-07 MEDIUM 5.9 Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of…
CVE-2026-0618 2026-01-07 MEDIUM 6.1 Cross-site Scripting vulnerability in Devolutions PowerShell Universal.This issue affects Powershell Universal: before 4.5.6, before 5.6.13.
CVE-2025-67366 2026-01-07 HIGH 7.5 @sylphxltd/filesystem-mcp v0.5.8 is an MCP server that provides file content reading functionality. Version 0.5.8 of filesystem-mcp contains a critical path traversal vulnerability in its "read_content" tool. This vulnerability…
CVE-2025-66686 2026-01-07 MEDIUM 6.1 A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url”…
CVE-2025-61782 2026-01-07 MEDIUM 5.4 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.3, an open redirect vulnerability exists in the OpenCTI platform's SAML…
CVE-2025-58441 2026-01-07 N/A 0.0 Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, there is a blind server-side request forgery vulnerability. The vulnerability allows attackers to send…
CVE-2025-4677 2026-01-07 MEDIUM 6.5 Insufficient Session Expiration vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue…
CVE-2026-22544 2026-01-07 N/A 0.0 An attacker with a network connection could detect credentials in clear text.
CVE-2026-22543 2026-01-07 N/A 0.0 The credentials required to access the device's web server are sent in base64 within the HTTP headers. Since base64 is not considered a strong cipher, an attacker could…
CVE-2026-22537 2026-01-07 N/A 0.0 The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for…
CVE-2026-22536 2026-01-07 N/A 0.0 The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions
CVE-2026-22535 2026-01-07 N/A 0.0 An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics…
CVE-2026-20029 2026-01-07 MEDIUM 4.9 A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to…
CVE-2026-20027 2026-01-07 MEDIUM 5.3 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine…
« Anterior Página 457 de 4267 Siguiente »