Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2016-20040 2026-03-28 HIGH 8.4 TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an…
CVE-2016-20039 2026-03-28 HIGH 8.4 Multi Emulator Super System 0.154-3.1 contains a buffer overflow vulnerability in the gamma parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers…
CVE-2016-20038 2026-03-28 HIGH 8.4 yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft…
CVE-2016-20037 2026-03-28 HIGH 8.4 xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries.…
CVE-2026-4995 2026-03-28 LOW 3.5 A vulnerability was determined in wandb OpenUI up to 1.0. Affected by this vulnerability is an unknown functionality of the file frontend/public/annotator/index.html of the component Window Message Event…
CVE-2025-9497 2026-03-28 N/A 0.0 Use of Hard-coded Credentials vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5.0.
CVE-2026-4994 2026-03-28 LOW 3.5 A vulnerability was found in wandb OpenUI up to 1.0/3.5-turb. Affected is the function generic_exception_handler of the file backend/openui/server.py of the component APIStatusError Handler. The manipulation of the…
CVE-2026-4993 2026-03-28 LOW 3.3 A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to…
CVE-2026-2442 2026-03-28 MEDIUM 5.3 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences ('CRLF Injection') in all versions up to,…
CVE-2026-23399 2026-03-28 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the…
CVE-2026-1307 2026-03-28 MEDIUM 6.5 The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including,…
CVE-2025-15445 2026-03-28 N/A 0.0 The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker…
CVE-2025-12886 2026-03-28 HIGH 7.2 The Oxygen Theme theme for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.0.8 via the laborator_calc_route AJAX action. This makes it…
CVE-2026-4987 2026-03-28 HIGH 7.5 The SureForms – Contact Form, Payment Form & Other Custom Form Builder plugin for WordPress is vulnerable to Payment Amount Bypass in all versions up to, and including,…
CVE-2026-1679 2026-03-28 HIGH 7.3 The eswifi socket offload driver copies user-provided payloads into a fixed buffer without checking available space; oversized sends overflow `eswifi->buf`, corrupting kernel memory (CWE-120). Exploit requires local code…
CVE-2026-4992 2026-03-27 MEDIUM 4.3 A flaw has been found in wandb OpenUI up to 1.0. This affects the function create_share/get_share of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation…
CVE-2026-4991 2026-03-27 LOW 3.5 A vulnerability was detected in QDOCS Smart School Management System up to 7.2. The impacted element is an unknown function of the file /admin/enquiry of the component Admission…
CVE-2026-4990 2026-03-27 HIGH 7.3 A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such…
CVE-2026-4988 2026-03-27 LOW 3.7 A security flaw has been discovered in Open5GS 2.7.6. This issue affects the function smf_gx_cca_cb/smf_gy_cca_cb/smf_s6b of the component CCA Message Handler. The manipulation results in denial of service.…
CVE-2026-4985 2026-03-27 MEDIUM 4.3 A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation…
CVE-2026-4976 2026-03-27 HIGH 8.8 A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow.…
CVE-2026-4973 2026-03-27 LOW 3.5 A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of…
CVE-2026-4972 2026-03-27 LOW 2.4 A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument…
CVE-2026-4971 2026-03-27 MEDIUM 4.3 A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible…
CVE-2026-4968 2026-03-27 MEDIUM 4.3 A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request…
CVE-2026-4966 2026-03-27 MEDIUM 6.3 A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/mod_room/index.php?view=edit. Executing a manipulation of the argument ID…
CVE-2026-4965 2026-03-27 HIGH 7.3 A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results…
CVE-2026-4964 2026-03-27 MEDIUM 6.3 A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation…
CVE-2026-4963 2026-03-27 MEDIUM 6.3 A weakness has been identified in huggingface smolagents 1.25.0.dev0. This affects the function evaluate_augassign/evaluate_call/evaluate_with of the file src/smolagents/local_python_executor.py of the component Incomplete Fix CVE-2025-9959. This manipulation causes code…
CVE-2026-4962 2026-03-27 HIGH 7.0 A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The…
CVE-2026-4961 2026-03-27 HIGH 8.8 A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation…
CVE-2026-4960 2026-03-27 HIGH 8.8 A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the…
CVE-2026-4954 2026-03-27 MEDIUM 6.3 A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint.…
CVE-2026-4953 2026-03-27 HIGH 7.3 A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a…
CVE-2026-4910 2026-03-27 HIGH 7.3 A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint.…
CVE-2026-4909 2026-03-27 LOW 2.4 A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross…
CVE-2026-4248 2026-03-27 HIGH 8.0 The Ultimate Member plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11.2. This is due to the '{usermeta:password_reset_link}' template tag…
CVE-2026-33996 2026-03-27 N/A 0.0 LibJWT is a C JSON Web Token Library. Starting in version 3.0.0 and prior to version 3.3.0, the JWK parsing for RSA-PSS did not protect against a NULL…
CVE-2026-33994 2026-03-27 N/A 0.0 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, a prototype pollution vulnerability exists in the…
CVE-2026-33993 2026-03-27 N/A 0.0 Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unserialize()` function in `locutus/php/var/unserialize` assigns deserialized keys to plain objects via…
CVE-2026-33992 2026-03-27 N/A 0.0 pyLoad is a free and open-source download manager written in Python. Prior to version 0.5.0b3.dev97, PyLoad's download engine accepts arbitrary URLs without validation, enabling Server-Side Request Forgery (SSRF)…
CVE-2026-33991 2026-03-27 HIGH 8.8 WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file `html/socio/sistema/deletar_tag.php` uses `extract($_REQUEST)` on line 14 and directly concatenates the `$id_tag` variable into SQL…
CVE-2026-33936 2026-03-27 MEDIUM 5.3 The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm)…
CVE-2026-34226 2026-03-27 HIGH 7.5 Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`)…
CVE-2026-33989 2026-03-27 HIGH 8.1 Mobile Next is an MCP server for mobile development and automation. Prior to version 0.0.49, the `@mobilenext/mobile-mcp` server contains a Path Traversal vulnerability in the `mobile_save_screenshot` and `mobile_start_screen_recording`…
CVE-2026-33981 2026-03-27 N/A 0.0 changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin,…
CVE-2026-33980 2026-03-27 HIGH 8.3 Azure Data Explorer MCP Server is a Model Context Protocol (MCP) server that enables AI assistants to execute KQL queries and explore Azure Data Explorer (ADX/Kusto) databases through…
CVE-2026-33979 2026-03-27 HIGH 8.2 Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A…
CVE-2026-33976 2026-03-27 CRITICAL 9.6 Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop and 3.3.17 on Android/iOS, a stored XSS in the Web Clipper rendering flow can be escalated to…
CVE-2026-33955 2026-03-27 HIGH 8.6 Notesnook is a note-taking app. Prior to version 3.3.11 on Web/Desktop, a cross-site scripting vulnerability stored in the note history comparison viewer can escalate to remote code execution…
« Anterior Página 60 de 4158 Siguiente »