Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-22537 2026-01-07 N/A 0.0 The lack of hardening of the system allows the user used to manage and maintain the charger to consult different files containing clear-text credentials or valuable information for…
CVE-2026-22536 2026-01-07 N/A 0.0 The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions
CVE-2026-22535 2026-01-07 N/A 0.0 An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics…
CVE-2026-20029 2026-01-07 MEDIUM 4.9 A vulnerability in the licensing features of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to…
CVE-2026-20027 2026-01-07 MEDIUM 5.3 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine…
CVE-2026-20026 2026-01-07 MEDIUM 5.8 Multiple Cisco products are affected by a vulnerability in the processing of DCE/RPC requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to…
CVE-2026-0643 2026-01-07 HIGH 7.3 A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation…
CVE-2026-0642 2026-01-07 LOW 2.4 A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name…
CVE-2025-67364 2026-01-07 HIGH 7.5 fast-filesystem-mcp version 3.4.0 contains a critical path traversal vulnerability in its file operation tools including fast_read_file. This vulnerability arises from improper path validation that fails to resolve symbolic…
CVE-2025-66837 2026-01-07 MEDIUM 6.8 A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware
CVE-2025-66786 2026-01-07 HIGH 7.5 OpenAirInterface CN5G AMF
CVE-2025-66838 2026-01-07 MEDIUM 6.5 In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker…
CVE-2025-65805 2026-01-07 HIGH 7.5 OpenAirInterface CN5G AMF
CVE-2025-61489 2026-01-07 MEDIUM 6.5 A command injection vulnerability in the shell_exec function of sonirico mcp-shell v0.3.1 allows attackers to execute arbitrary commands via supplying a crafted command string.
CVE-2025-4676 2026-01-07 HIGH 8.8 Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP…
CVE-2025-4675 2026-01-07 MEDIUM 6.5 Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K;…
CVE-2025-14719 2026-01-07 MEDIUM 4.9 The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor…
CVE-2025-12543 2026-01-07 CRITICAL 9.6 A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate…
CVE-2026-22542 2026-01-07 N/A 0.0 An attacker with access to the system's internal network can cause a denial of service on the system by making two concurrent connections through the Telnet service.
CVE-2026-22541 2026-01-07 N/A 0.0 The massive sending of ICMP requests causes a denial of service on one of the boards from the EVCharger that allows control the EV interfaces. Since the board…
CVE-2025-62327 2026-01-07 MEDIUM 4.9 In HCL DevOps Deploy 8.1.2.0 through 8.1.2.3, a user with LLM configuration privileges may be able to recover a credential previously saved for performing authenticated LLM Queries.
CVE-2026-22540 2026-01-07 N/A 0.0 The massive sending of ARP requests causes a denial of service on one board of the charger that allows control of the EV interfaces. Since the board must…
CVE-2025-49335 2026-01-07 MEDIUM 4.9 Server-Side Request Forgery (SSRF) vulnerability in minnur External Media allows Server Side Request Forgery.This issue affects External Media: from n/a through 1.0.36.
CVE-2025-68637 2026-01-07 CRITICAL 9.1 The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle…
CVE-2025-15479 2026-01-07 N/A 0.0 Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms ( on Windows and…
CVE-2025-14804 2026-01-07 HIGH 7.7 The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to…
CVE-2025-0980 2026-01-07 MEDIUM 6.4 Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid…
CVE-2026-0628 2026-01-07 HIGH 8.8 Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or…
CVE-2025-6225 2026-01-07 N/A 0.0 Kieback&Peter Neutrino-GLT product is used for building management. It's web component "SM70 PHWEB" is vulnerable to shell command injection via login form. The injected commands would execute with low…
CVE-2025-47552 2026-01-07 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37.
CVE-2025-46494 2026-01-07 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through 1.13.1.
CVE-2025-46434 2026-01-07 MEDIUM 6.5 Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro:…
CVE-2025-46256 2026-01-07 MEDIUM 6.4 Path Traversal: '.../...//' vulnerability in SigmaPlugin Advanced Database Cleaner PRO allows Path Traversal.This issue affects Advanced Database Cleaner PRO: from n/a through 3.2.10.
CVE-2025-32303 2026-01-07 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
CVE-2026-22162 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22161 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22160 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22159 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22158 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22157 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-22156 2026-01-07 N/A 0.0 Rejected reason: Not used
CVE-2026-20893 2026-01-07 HIGH 7.8 Origin validation error issue exists in Fujitsu Security Solution AuthConductor Client Basic V2 2.0.25.0 and earlier. If this vulnerability is exploited, an attacker who can log in to…
CVE-2026-0656 2026-01-07 HIGH 8.2 The iPaymu Payment Gateway for WooCommerce plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 2.0.2 via the 'check_ipaymu_response' function. This is…
CVE-2026-0650 2026-01-07 N/A 0.0 OpenFlagr versions prior to and including 1.1.18 contain an authentication bypass vulnerability in the HTTP middleware. Due to improper handling of path normalization in the whitelist logic, crafted…
CVE-2026-0649 2026-01-07 MEDIUM 4.7 A security vulnerability has been detected in invoiceninja up to 5.12.38. The affected element is the function copy of the file /app/Jobs/Util/Import.php of the component Migration Import. The…
CVE-2025-9611 2026-01-07 N/A 0.0 Microsoft Playwright MCP Server versions prior to 0.0.40 fails to validate the Origin header on incoming connections. This allows an attacker to perform a DNS rebinding attack via…
CVE-2025-69344 2026-01-07 MEDIUM 4.3 Missing Authorization vulnerability in ThemeHunk Oneline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Oneline Lite: from n/a through 6.6.
CVE-2025-69333 2026-01-07 MEDIUM 4.3 Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.8.1.1.
CVE-2025-69082 2026-01-07 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frenify Arlo arlo allows Reflected XSS.This issue affects Arlo: from n/a through 6.0.3.
CVE-2025-69081 2026-01-07 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Group Hope charity-is-hope allows PHP Local File Inclusion.This issue affects Hope:…
« Anterior Página 459 de 4268 Siguiente »