Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-24644	2026-01-24	N/A	0.0	Rejected reason: Not used
CVE-2026-24643	2026-01-24	N/A	0.0	Rejected reason: Not used
CVE-2026-24642	2026-01-24	N/A	0.0	Rejected reason: Not used
CVE-2026-24469	2026-01-24	HIGH	7.5	C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest…
CVE-2026-24422	2026-01-24	MEDIUM	5.3	phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The…
CVE-2026-24420	2026-01-24	MEDIUM	6.5	phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below allow an authenticated user without the dlattachment permission to download FAQ attachments due to a incomprehensive…
CVE-2025-13952	2026-01-24	N/A	0.0	A web page that contains unusual GPU shader code is loaded from the Internet into the GPU compiler process triggers a write use-after-free crash in the GPU shader…
CVE-2026-24421	2026-01-24	MEDIUM	6.5	phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions.…
CVE-2026-24412	2026-01-24	HIGH	8.8	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have aHeap Buffer Overflow vulnerability in the CIccTagXmlSegmentedCurve::ToXml() function.…
CVE-2026-24411	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in CIccTagXmlSegmentedCurve::ToXml(). This occurs when user-controllable…
CVE-2026-24410	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccProfileXml::ParseBasic().…
CVE-2026-24409	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior and Null Pointer Deference in CIccTagXmlFloatNum::ParseXml().…
CVE-2026-24401	2026-01-24	MEDIUM	6.5	Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a…
CVE-2026-24407	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have Undefined Behavior in icSigCalcOp(). This occurs when user-controllable…
CVE-2026-24406	2026-01-24	HIGH	8.8	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccTagNamedColor2::SetSize(). This…
CVE-2026-24405	2026-01-24	HIGH	8.8	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. Versions 2.3.1.1 and below have a Heap Buffer Overflow vulnerability in CIccMpeCalculator::Read(). This…
CVE-2026-24404	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, CIccXmlArrayType() contains a Null Pointer Dereference and Undefined…
CVE-2026-24403	2026-01-24	HIGH	7.1	iccDEV provides libraries and tools for interacting with, manipulating, and applying ICC color management profiles. In versions 2.3.1.1 and below, an integer overflow vulnerability exists in icValidateStatus CIccProfile::CheckHeader()…
CVE-2026-24402	2026-01-24	N/A	0.0	Rejected reason: GitHub cannot issue a CVE for this Security Advisory because this advisory includes information about more than one vulnerability. According to [rule 4.2.11 of the CVE…
CVE-2026-24399	2026-01-24	CRITICAL	9.3	ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an…
CVE-2026-22586	2026-01-24	N/A	0.0	Hard-coded Cryptographic Key vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules) allows Web Services Protocol…
CVE-2026-22585	2026-01-24	N/A	0.0	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement (CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage…
CVE-2026-22583	2026-01-24	N/A	0.0	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (CloudPagesUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud…
CVE-2026-22582	2026-01-24	N/A	0.0	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Salesforce Marketing Cloud Engagement (MicrositeUrl module) allows Web Services Protocol Manipulation. This issue affects Marketing Cloud…
CVE-2026-24474	2026-01-24	N/A	0.0	Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, `use_animated_open` formats a string for `eval` with an `id` that can be…
CVE-2026-24140	2026-01-24	LOW	2.7	MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below have a Mass Assignment vulnerability in the settings management functionality due to insufficient…
CVE-2026-24139	2026-01-24	N/A	0.0	MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete…
CVE-2026-24136	2026-01-24	N/A	0.0	Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated…
CVE-2026-24128	2026-01-24	N/A	0.0	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 7.0-milestone-2 through 16.10.11, 17.0.0-rc-1 through 17.4.4, and 17.5.0-rc-1 through 17.7.0…
CVE-2026-24127	2026-01-23	MEDIUM	5.4	Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and…
CVE-2026-0991	2026-01-23	N/A	0.0	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-12780	2026-01-23	N/A	0.0	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-24635	2026-01-23	HIGH	7.5	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in DevsBlink EduBlink Core edublink-core allows PHP Local File Inclusion.This issue affects EduBlink…
CVE-2026-24634	2026-01-23	MEDIUM	5.3	Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through
CVE-2026-24633	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in Passionate Brains Add Expires Headers & Optimized Minify add-expires-headers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Add Expires Headers & Optimized…
CVE-2026-24632	2026-01-23	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jagdish1o1 Delay Redirects delay-redirects allows DOM-Based XSS.This issue affects Delay Redirects: from n/a through
CVE-2026-24631	2026-01-23	MEDIUM	5.4	Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through
CVE-2026-24630	2026-01-23	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Design Stylish Cost Calculator stylish-cost-calculator allows Stored XSS.This issue affects Stylish Cost Calculator: from n/a through
CVE-2026-24629	2026-01-23	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ability, Inc Web Accessibility with Max Access accessibility-toolbar allows Stored XSS.This issue affects Web Accessibility with…
CVE-2026-24627	2026-01-23	MEDIUM	4.3	Missing Authorization vulnerability in Trusona Trusona for WordPress trusona allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trusona for WordPress: from n/a through
CVE-2026-24626	2026-01-23	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through
CVE-2026-24625	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects File Uploads Addon for WooCommerce: from…
CVE-2026-24619	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PopCash.Net Code Integration Tool: from n/a through
CVE-2026-24617	2026-01-23	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Iser Easy Modal easy-modal allows Stored XSS.This issue affects Easy Modal: from n/a through
CVE-2026-24616	2026-01-23	MEDIUM	6.5	Missing Authorization vulnerability in Damian WP Popups wp-popups-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Popups: from n/a through
CVE-2026-24615	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in themebeez Cream Magazine cream-magazine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cream Magazine: from n/a through
CVE-2026-24614	2026-01-23	MEDIUM	5.9	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from…
CVE-2026-24613	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ecwid Shopping Cart: from…
CVE-2026-24612	2026-01-23	MEDIUM	5.3	Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through
CVE-2026-24609	2026-01-23	HIGH	7.5	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes Laurent laurent allows PHP Local File Inclusion.This issue affects Laurent: from…

« Anterior Página 53 de 3921 Siguiente »