Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-0577 2026-01-04 MEDIUM 6.3 A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing manipulation can lead…
CVE-2025-14830 2026-01-04 MEDIUM 4.9 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through
CVE-2026-0576 2026-01-04 HIGH 7.3 A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing manipulation of…
CVE-2026-0575 2026-01-04 HIGH 7.3 A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such…
CVE-2026-0574 2026-01-04 MEDIUM 6.3 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes…
CVE-2025-3660 2026-01-04 MEDIUM 6.5 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing…
CVE-2025-3654 2026-01-04 MEDIUM 5.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers…
CVE-2025-3653 2026-01-04 HIGH 7.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification.…
CVE-2025-3652 2026-01-04 MEDIUM 5.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and…
CVE-2025-3646 2026-01-04 HIGH 7.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by…
CVE-2025-15115 2026-01-04 MEDIUM 6.5 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation…
CVE-2026-21652 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21651 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21650 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21649 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21648 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21647 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21646 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21645 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21644 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21484 2026-01-03 MEDIUM 5.3 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint…
CVE-2025-64125 2026-01-03 N/A 0.0 A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do…
CVE-2025-64124 2026-01-03 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller…
CVE-2025-64123 2026-01-02 N/A 0.0 Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
CVE-2025-64122 2026-01-02 N/A 0.0 Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.
CVE-2025-64121 2026-01-02 N/A 0.0 Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
CVE-2025-64120 2026-01-02 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller…
CVE-2025-64119 2026-01-02 N/A 0.0 A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.
CVE-2025-14072 2026-01-02 MEDIUM 5.3 The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.
CVE-2025-13456 2026-01-02 MEDIUM 6.1 The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2025-13153 2026-01-02 MEDIUM 6.1 The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users…
CVE-2025-12685 2026-01-02 MEDIUM 6.5 The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
CVE-2026-21483 2026-01-02 N/A 0.0 listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates.…
CVE-2026-21452 2026-01-02 HIGH 7.5 MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload…
CVE-2026-21451 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the…
CVE-2026-21450 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution…
CVE-2026-21449 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user.…
CVE-2026-21448 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection. When a normal customer orders any product, in the `add…
CVE-2026-21447 2026-01-02 HIGH 7.1 Bagisto is an open source laravel eCommerce platform. Prior to version 2.3.10, an Insecure Direct Object Reference vulnerability in the customer order reorder function allows any authenticated customer…
CVE-2026-21446 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. In versions on the 2.3 branch prior to 2.3.10, API routes remain active even after initial installation is complete. The…
CVE-2026-21445 2026-01-02 N/A 0.0 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0.dev45, multiple critical API endpoints in Langflow are missing authentication controls. The issue…
CVE-2026-0571 2026-01-02 MEDIUM 4.3 A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function createResponseEntity of the file warehouse\src\main\java\com\yeqifu\sys\common\AppFileUtils.java. The manipulation of the…
CVE-2026-21444 2026-01-02 MEDIUM 5.5 libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL…
CVE-2026-21440 2026-01-02 N/A 0.0 AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on…
CVE-2026-21433 2026-01-02 HIGH 7.7 Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An…
CVE-2026-21432 2026-01-02 N/A 0.0 Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As…
CVE-2026-21431 2026-01-02 N/A 0.0 Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As…
CVE-2026-21430 2026-01-02 N/A 0.0 Emlog is an open source website building system. In version 2.5.23, article creation functionality is vulnerable to cross-site request forgery (CSRF). This can lead to a user being…
CVE-2026-0570 2026-01-02 HIGH 7.3 A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing manipulation of the argument fname results in sql…
CVE-2026-0569 2026-01-02 HIGH 7.3 A vulnerability has been found in code-projects Online Music Site 1.0. This affects an unknown function of the file /Frontend/AlbumByCategory.php. Such manipulation of the argument ID leads to…
« Anterior Página 469 de 4268 Siguiente »