Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-34155 2026-03-31 N/A 0.0 RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an…
CVE-2026-30310 2026-03-31 N/A 0.0 In its design for automatic terminal command execution, Sixth offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined…
CVE-2026-27854 2026-03-31 MEDIUM 4.8 An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases…
CVE-2026-32794 2026-03-30 MEDIUM 4.8 Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack…
CVE-2026-27853 2026-03-31 MEDIUM 5.9 An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code.…
CVE-2026-24030 2026-03-31 MEDIUM 5.3 An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of…
CVE-2026-24029 2026-03-31 MEDIUM 6.5 When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing…
CVE-2026-24028 2026-03-31 MEDIUM 5.3 An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The…
CVE-2026-0397 2026-03-31 LOW 3.1 When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and…
CVE-2026-0396 2026-03-31 LOW 3.1 An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have…
CVE-2026-5198 2026-03-31 HIGH 7.3 A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation…
CVE-2026-4267 2026-03-31 HIGH 7.2 The Query Monitor – The developer tools panel for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘$_SERVER['REQUEST_URI']’ parameter in all versions up to,…
CVE-2026-3191 2026-03-31 MEDIUM 5.4 The Minify HTML plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.12. This is due to missing or incorrect nonce…
CVE-2026-3139 2026-03-31 MEDIUM 4.3 The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up…
CVE-2026-32988 2026-03-31 HIGH 7.5 OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in fs-bridge staged writes where temporary file creation and population are not pinned to a verified parent directory. Attackers…
CVE-2026-32982 2026-03-31 HIGH 7.5 OpenClaw before 2026.3.13 contains an information disclosure vulnerability in the fetchRemoteMedia function that exposes Telegram bot tokens in error messages. When media downloads fail, the original Telegram file…
CVE-2026-32977 2026-03-31 MEDIUM 6.3 OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability in the fs-bridge writeFile commit step that uses an unanchored container path during the final move operation. An attacker…
CVE-2026-32976 2026-03-31 MEDIUM 6.5 OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing channel commands to mutate protected sibling-account configuration despite configWrites restrictions. Attackers with authorized access on one account can execute…
CVE-2026-32971 2026-03-31 HIGH 7.1 OpenClaw before 2026.3.11 contains an approval-integrity vulnerability in node-host system.run approvals that displays extracted shell payloads instead of the executed argv. Attackers can place wrapper binaries and induce…
CVE-2026-32970 2026-03-31 LOW 2.5 OpenClaw before 2026.3.11 contains a credential fallback vulnerability where unavailable local gateway.auth.token and gateway.auth.password SecretRefs are treated as unset, allowing fallback to remote credentials in local mode. Attackers…
CVE-2026-32921 2026-03-31 MEDIUM 6.3 OpenClaw before 2026.3.8 contains an approval bypass vulnerability in system.run where mutable script operands are not bound across approval and execution phases. Attackers can obtain approval for script…
CVE-2026-32917 2026-03-31 CRITICAL 9.8 OpenClaw before 2026.3.13 contains a remote command injection vulnerability in the iMessage attachment staging flow that allows attackers to execute arbitrary commands on configured remote hosts. The vulnerability…
CVE-2025-14213 2026-03-31 N/A 0.0 Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface (UI) to execute arbitrary…
CVE-2026-4400 2026-03-31 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in 1millionbot Millie chat that allows private conversations of other users being viewed by simply changing the conversation ID. The vulnerability is…
CVE-2026-4399 2026-03-31 N/A 0.0 Prompt injection vulnerability in 1millionbot Millie chatbot that occurs when a user manages to evade chat restrictions using Boolean prompt injection techniques (formulating a question in such a…
CVE-2026-34887 2026-03-31 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Kubio AI Page Builder allows Stored XSS.This issue affects Kubio AI Page Builder: from…
CVE-2026-5197 2026-03-31 MEDIUM 6.3 A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete_user.php. The manipulation of the argument ID results…
CVE-2026-4317 2026-03-31 N/A 0.0 SQL inyection (SQLi) vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically,…
CVE-2026-5201 2026-03-31 HIGH 7.5 A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when…
CVE-2026-5196 2026-03-31 MEDIUM 6.3 A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to…
CVE-2026-5195 2026-03-31 HIGH 7.3 A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead…
CVE-2026-3107 2026-03-31 N/A 0.0 Stored Cross-Site Scripting (XSS) in Teampass versions prior to 3.1.5.16, affecting the password manager's password import functionality at the endpoint 'redacted/index.php?page=items'. The application fails to properly sanitize and…
CVE-2026-3106 2026-03-31 N/A 0.0 Blind Cross-Site Scripting (XSS) in Teampass, versions prior to 3.1.5.16, within the password manager login functionality in the 'contraseña' parameter of the login form 'redacted/index.php'. During failed authentication…
CVE-2025-41357 2026-03-31 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious…
CVE-2025-41356 2026-03-31 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious…
CVE-2025-41355 2026-03-31 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious…
CVE-2025-10559 2026-03-31 HIGH 7.1 A Path Traversal vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to read or write…
CVE-2025-10553 2026-03-31 HIGH 8.7 A Stored Cross-site Scripting (XSS) vulnerability affecting Factory Resource Management in DELMIA Factory Resource Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute…
CVE-2025-10551 2026-03-31 HIGH 8.7 A Stored Cross-site Scripting (XSS) vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary…
CVE-2026-5186 2026-03-31 MEDIUM 5.3 A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This…
CVE-2026-5185 2026-03-31 MEDIUM 5.3 A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler.…
CVE-2026-5184 2026-03-31 MEDIUM 6.3 A vulnerability was identified in TRENDnet TEW-713RE up to 1.02. The impacted element is an unknown function of the file /goform/setSysAdm. The manipulation of the argument admuser leads…
CVE-2026-5183 2026-03-31 MEDIUM 6.3 A vulnerability was determined in TRENDnet TEW-713RE up to 1.02. The affected element is the function sub_421494 of the file /goform/addRouting. Executing a manipulation of the argument dest…
CVE-2026-5182 2026-03-31 HIGH 7.3 A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a…
CVE-2026-1877 2026-03-31 MEDIUM 6.1 The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation…
CVE-2026-1834 2026-03-31 MEDIUM 6.4 The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7…
CVE-2026-5181 2026-03-31 MEDIUM 6.3 A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such manipulation of the…
CVE-2026-5180 2026-03-31 HIGH 7.3 A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes…
CVE-2026-5179 2026-03-31 HIGH 7.3 A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in…
CVE-2026-4146 2026-03-31 MEDIUM 6.1 The Loco Translate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘update_href’ parameter in all versions up to, and including, 2.8.2 due to insufficient input…
« Anterior Página 54 de 4158 Siguiente »