Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2020-36958 2026-01-26 HIGH 7.8 Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path…
CVE-2020-36957 2026-01-26 HIGH 7.8 PDF Complete 3.5.310.2002 contains an unquoted service path vulnerability in its pdfsvc.exe service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with elevated…
CVE-2020-36956 2026-01-26 MEDIUM 6.4 Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload…
CVE-2020-36955 2026-01-26 MEDIUM 6.4 Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can…
CVE-2020-36954 2026-01-26 MEDIUM 6.4 Xeroneit Library Management System 3.1 contains a stored cross-site scripting vulnerability in the Book Category feature that allows administrators to inject malicious scripts. Attackers can insert a payload…
CVE-2020-36953 2026-01-26 HIGH 7.8 MiniTool ShadowMaker 3.2 contains an unquoted service path vulnerability in the MTAgentService that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in…
CVE-2025-70982 2026-01-26 CRITICAL 9.9 Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data.
CVE-2025-67274 2026-01-26 HIGH 7.5 An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module…
CVE-2025-50537 2026-01-26 MEDIUM 5.5 Stack overflow vulnerability in eslint before 9.26.0 when serializing objects with circular references in eslint/lib/shared/serialization.js. The exploit is triggered via the RuleTester.run() method, which validates test cases and…
CVE-2020-36952 2026-01-26 HIGH 7.8 IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service…
CVE-2025-59109 2026-01-26 N/A 0.0 The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface.…
CVE-2026-24656 2026-01-26 LOW 3.7 Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this…
CVE-2025-27821 2026-01-26 HIGH 7.3 Out-of-bounds Write vulnerability in Apache Hadoop HDFS native client. This issue affects Apache Hadoop: from 3.2.0 before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes…
CVE-2016-15057 2026-01-26 CRITICAL 9.9 ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers…
CVE-2025-14973 2026-01-26 MEDIUM 6.8 The Recipe Card Blocks Lite WordPress plugin before 3.4.13 does not sanitize and escape a parameter before using it in a SQL statement, allowing contributors and above to…
CVE-2025-14316 2026-01-26 HIGH 7.1 The AhaChat Messenger Marketing WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2026-1284 2026-01-26 HIGH 7.8 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary…
CVE-2026-1283 2026-01-26 HIGH 7.8 A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute…
CVE-2025-59108 2026-01-26 N/A 0.0 By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced.
CVE-2025-59107 2026-01-26 N/A 0.0 Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP…
CVE-2025-59106 2026-01-26 N/A 0.0 The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle.…
CVE-2025-59105 2026-01-26 N/A 0.0 With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential…
CVE-2025-59104 2026-01-26 N/A 0.0 With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable). Thus,…
CVE-2025-59103 2026-01-26 N/A 0.0 The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was…
CVE-2025-59102 2026-01-26 N/A 0.0 The web server of the Access Manager offers a functionality to download a backup of the local database stored on the device. This database contains the whole configuration.…
CVE-2025-59101 2026-01-26 N/A 0.0 Instead of typical session tokens or cookies, it is verified on a per-request basis if the originating IP address has once successfully logged in. As soon as an…
CVE-2025-59100 2026-01-26 N/A 0.0 The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting,…
CVE-2025-59099 2026-01-26 N/A 0.0 The Access Manager is using the open source web server CompactWebServer written in C#. This web server is affected by a path traversal vulnerability, which allows an attacker…
CVE-2025-59098 2026-01-26 N/A 0.0 The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool…
CVE-2025-59097 2026-01-26 N/A 0.0 The exos 9300 application can be used to configure Access Managers (e.g. 92xx, 9230 and 9290). The configuration is done in a graphical user interface on the dormakaba…
CVE-2025-59096 2026-01-26 N/A 0.0 The default password for the extended admin user mode in the application U9ExosAdmin.exe ("Kaba 9300 Administration") is hard-coded in multiple locations as well as documented in the locally…
CVE-2025-59095 2026-01-26 N/A 0.0 The program libraries (DLL) and binaries used by exos 9300 contain multiple hard-coded secrets. One notable example is the function "EncryptAndDecrypt" in the library Kaba.EXOS.common.dll. This algorithm uses…
CVE-2025-59094 2026-01-26 N/A 0.0 A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable…
CVE-2025-59093 2026-01-26 N/A 0.0 Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated…
CVE-2025-59092 2026-01-26 N/A 0.0 An RPC service, which is part of exos 9300, is reachable on port 4000, run by the process FSMobilePhoneInterface.exe. This service is used for interprocess communication between services…
CVE-2025-59091 2026-01-26 N/A 0.0 Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for…
CVE-2025-59090 2026-01-26 N/A 0.0 On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to…
CVE-2025-41083 2026-01-26 N/A 0.0 Vulnerability in Altitude Authentication Service and Altitude Communication Server v8.5.3290.0 by Altitude, where manipulation of Host header in HTTP requests allows redirection to an arbitrary URL or modification…
CVE-2025-41082 2026-01-26 N/A 0.0 Illegal HTTP request traffic vulnerability (CL.0) in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can…
CVE-2026-1429 2026-01-26 MEDIUM 5.4 Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-1428 2026-01-26 HIGH 8.8 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1427 2026-01-26 HIGH 8.8 Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1425 2026-01-26 MEDIUM 5.6 A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser.…
CVE-2026-1424 2026-01-26 MEDIUM 4.7 A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is…
CVE-2026-1423 2026-01-26 MEDIUM 6.3 A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /admin_pic.php. Executing a manipulation can lead to…
CVE-2026-1422 2026-01-26 HIGH 7.3 A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing…
CVE-2026-1421 2026-01-26 LOW 3.5 A vulnerability has been found in code-projects Online Examination System 1.0. Affected is an unknown function of the component Add Pages. Such manipulation leads to cross site scripting.…
CVE-2026-1420 2026-01-26 HIGH 8.8 A flaw has been found in Tenda AC23 16.03.07.52. This impacts an unknown function of the file /goform/WifiExtraSet. This manipulation of the argument wpapsk_crypto causes buffer overflow. Remote…
CVE-2026-1419 2026-01-26 MEDIUM 4.7 A weakness has been identified in D-Link DCS700l 1.03.09. Affected is an unknown function of the file /setDayNightMode of the component Web Form Handler. Executing a manipulation of…
CVE-2026-1418 2026-01-26 MEDIUM 5.3 A security vulnerability has been detected in GPAC up to 2.4.0. This affects the function gf_text_import_srt_bifs of the file src/scene_manager/text_to_bifs.c of the component SRT Subtitle Import. Such manipulation…
« Anterior Página 46 de 3917 Siguiente »