Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-1499	2026-02-06	CRITICAL	9.8	The WP Duplicate plugin for WordPress is vulnerable to Missing Authorization leading to Arbitrary File Upload in all versions up to and including 1.1.8. This is due to…
CVE-2026-1252	2026-02-06	MEDIUM	6.4	The Events Listing Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Event URL' parameter in all versions up to, and including, 1.3.4 due to…
CVE-2026-2010	2026-02-06	MEDIUM	4.2	A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation…
CVE-2026-2009	2026-02-06	MEDIUM	6.3	A flaw has been found in SourceCodester Gas Agency Management System 1.0. This issue affects some unknown processing of the file /gasmark/php_action/createUser.php. Executing a manipulation can lead to…
CVE-2026-21626	2026-02-06	N/A	0.0	Access control settings for forum post custom fields are not applied to the JSON output type, leading to an ACL violation vector an information disclosure
CVE-2026-1279	2026-02-06	MEDIUM	6.4	The Employee Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'form_title' parameter in the `search_employee_directory` shortcode in all versions up to, and including, 1.2.1…
CVE-2026-2008	2026-02-06	MEDIUM	6.3	A vulnerability was detected in abhiphile fermat-mcp up to 47f11def1cd37e45dd060f30cdce346cbdbd6f0a. This vulnerability affects the function eqn_chart of the file fmcp/mpl_mcp/core/eqn_chart.py. Performing a manipulation of the argument equations results…
CVE-2026-2000	2026-02-06	MEDIUM	4.7	A vulnerability was found in DCN DCME-320 up to 20260121. Impacted is the function apply_config of the file /function/system/basic/bridge_cfg.php of the component Web Management Backend. Performing a manipulation…
CVE-2026-1998	2026-02-06	LOW	3.3	A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs…
CVE-2026-1909	2026-02-06	MEDIUM	6.4	The WaveSurfer-WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's audio shortcode in all versions up to, and including, 2.8.3 due to insufficient input…
CVE-2026-1888	2026-02-06	MEDIUM	6.4	The Docus – YouTube Video Playlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'docusplaylist' shortcode in all versions up to, and including, 1.0.6 due…
CVE-2026-1808	2026-02-06	MEDIUM	6.4	The Orange Confort+ accessibility toolbar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' parameter of the ocplus_button shortcode in all versions up…
CVE-2026-1401	2026-02-06	MEDIUM	6.4	The Tune Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via CSV import in all versions up to, and including, 1.6.3. This is due to insufficient…
CVE-2026-0521	2026-02-06	N/A	0.0	A reflected cross-site scripting (XSS) vulnerability in the PDF export functionality of the TYDAC AG MAP+ solution allows unauthenticated attackers to craft a malicious URL, that if visited…
CVE-2025-10753	2026-02-06	MEDIUM	5.3	The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 6.26.14. This is due…
CVE-2026-1991	2026-02-06	LOW	3.3	A vulnerability was detected in libuvc up to 0.0.7. Affected is the function uvc_scan_streaming of the file src/device.c of the component UVC Descriptor Handler. The manipulation results in…
CVE-2026-0598	2026-02-06	MEDIUM	4.2	A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs…
CVE-2026-1990	2026-02-06	LOW	3.3	A security vulnerability has been detected in oatpp up to 1.3.1. This impacts the function oatpp::data::type::ObjectWrapper::ObjectWrapper of the file src/oatpp/data/type/Type.hpp. The manipulation leads to null pointer dereference. Local…
CVE-2026-1979	2026-02-06	MEDIUM	5.3	A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can…
CVE-2026-1978	2026-02-06	MEDIUM	5.3	A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler.…
CVE-2026-1977	2026-02-06	MEDIUM	6.3	A security vulnerability has been detected in isaacwasserman mcp-vegalite-server up to 16aefed598b8cd897b78e99b907f6e2984572c61. Affected by this vulnerability is the function eval of the component visualize_data. Such manipulation of the…
CVE-2025-15566	2026-02-06	HIGH	8.8	A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the…
CVE-2026-1976	2026-02-06	MEDIUM	5.3	A weakness has been identified in Free5GC up to 4.1.0. Affected is the function SessionDeletionResponse of the component SMF. This manipulation causes null pointer dereference. The attack is…
CVE-2026-1975	2026-02-06	MEDIUM	5.3	A security flaw has been discovered in Free5GC up to 4.1.0. This impacts the function identityTriggerType of the file pfcp_reports.go. The manipulation results in null pointer dereference. The…
CVE-2026-1228	2026-02-06	MEDIUM	4.3	The Timeline Block – Beautiful Timeline Builder for WordPress (Vertical & Horizontal Timelines) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,…
CVE-2026-1974	2026-02-06	MEDIUM	5.3	A vulnerability was identified in Free5GC up to 4.1.0. This affects the function ResolveNodeIdToIp of the file internal/sbi/processor/datapath.go of the component SMF. The manipulation leads to denial of…
CVE-2026-1973	2026-02-06	MEDIUM	5.3	A vulnerability was determined in Free5GC up to 4.1.0. The impacted element is the function establishPfcpSession of the component SMF. Executing a manipulation can lead to null pointer…
CVE-2026-1972	2026-02-06	MEDIUM	5.3	A vulnerability was found in Edimax BR-6208AC 2_1.02. The affected element is the function auth_check_userpass2. Performing a manipulation of the argument Username/Password results in use of default credentials.…
CVE-2026-1971	2026-02-06	LOW	2.4	A vulnerability has been found in Edimax BR-6288ACL up to 1.12. Impacted is the function wiz_WISP24gmanual of the file wiz_WISP24gmanual.asp. Such manipulation of the argument manualssid leads to…
CVE-2026-23623	2026-02-06	MEDIUM	5.3	Collabora Online is a collaborative online office suite based on LibreOffice technology. Prior to Collabora Online Development Edition version 25.04.08.2 and prior to Collabora Online versions 23.05.20.1, 24.04.17.3,…
CVE-2026-24302	2026-02-05	HIGH	8.6	Azure Arc Elevation of Privilege Vulnerability
CVE-2026-24300	2026-02-05	CRITICAL	9.8	Azure Front Door Elevation of Privilege Vulnerability
CVE-2026-21532	2026-02-05	HIGH	8.2	Azure Function Information Disclosure Vulnerability
CVE-2026-0391	2026-02-05	MEDIUM	6.5	User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-68458	2026-02-05	LOW	3.7	Webpack is a module bundler. From version 5.49.0 to before 5.104.1, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) can be bypassed to fetch resources from hosts outside…
CVE-2025-68157	2026-02-05	LOW	3.7	Webpack is a module bundler. From version 5.49.0 to before 5.104.0, when experiments.buildHttp is enabled, webpack’s HTTP(S) resolver (HttpUriPlugin) enforces allowedUris only for the initial URL, but does…
CVE-2025-32393	2026-02-05	N/A	0.0	AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to autogpt-platform-beta-v0.6.32, there is a DoS vulnerability…
CVE-2026-25815	2026-02-05	LOW	3.2	Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption…
CVE-2026-1970	2026-02-05	LOW	3.5	A flaw has been found in Edimax BR-6258n up to 1.18. This issue affects the function formStaDrvSetup of the file /goform/formStaDrvSetup. This manipulation of the argument submit-url causes…
CVE-2026-1964	2026-02-05	MEDIUM	4.3	A vulnerability was determined in WeKan up to 8.20. This impacts an unknown function of the file models/boards.js of the component REST Endpoint. This manipulation causes improper access…
CVE-2026-1963	2026-02-05	MEDIUM	6.3	A vulnerability was found in WeKan up to 8.20. This affects an unknown function of the file models/attachments.js of the component Attachment Storage. The manipulation results in improper…
CVE-2026-1962	2026-02-05	MEDIUM	6.3	A vulnerability has been found in WeKan up to 8.20. The impacted element is an unknown function of the file server/attachmentMigration.js of the component Attachment Migration. The manipulation…
CVE-2026-0106	2026-02-05	CRITICAL	9.3	In vpu_mmap of vpu_ioctl, there is a possible arbitrary address mmap due to a missing bounds check. This could lead to local escalation of privilege with no additional…
CVE-2026-25698	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25697	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25696	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25695	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25694	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25693	2026-02-06	N/A	0.0	Rejected reason: Not used
CVE-2026-25692	2026-02-06	N/A	0.0	Rejected reason: Not used

« Anterior Página 6 de 3911 Siguiente »