Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-54282 2026-06-22 LOW 3.7 Starlette is a lightweight ASGI framework/toolkit. Prior to 1.3.0, the HTTP request path is not validated before being used to reconstruct request.url. Because request.url is rebuilt by concatenating…
CVE-2026-54280 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of…
CVE-2026-54279 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose…
CVE-2026-54275 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused.…
CVE-2026-54274 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to…
CVE-2026-54273 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued.…
CVE-2026-54266 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests…
CVE-2026-53779 2026-06-22 HIGH 7.5 WebP Server Go through 0.14.4 contains a path traversal vulnerability on Windows that allows unauthenticated attackers to read files outside the configured IMG_PATH directory by sending requests with…
CVE-2026-53778 2026-06-22 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-53632 2026-06-22 N/A 0.0 launch-editor allows users to open files with line numbers in editor from Node.js. Prior to 2.14.1, the launch-editor NPM package accesses arbitrary paths including Windows UNC paths. When…
CVE-2026-53571 2026-06-22 N/A 0.0 Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the…
CVE-2026-53540 2026-06-22 LOW 3.7 Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the…
CVE-2026-50557 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the…
CVE-2026-50555 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting (XSS)…
CVE-2026-50269 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to…
CVE-2026-50169 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15 20.3.22, and 19.2.23, an issue in the…
CVE-2026-50168 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the…
CVE-2026-49356 2026-06-22 LOW 3.2 Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to…
CVE-2026-12725 2026-06-22 MEDIUM 5.9 A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest…
CVE-2026-11994 2026-06-22 N/A 0.0 Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in…
CVE-2024-51454 2026-06-22 MEDIUM 6.5 IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header…
CVE-2026-11373 2026-06-22 CRITICAL 9.1 Net::Statsite::Client versions through 1.1.0 for Perl allow metric injections. Net::Statsite::Client is a client for the statsite protocol, which is a variant of statsd. Newlines are not removed from…
CVE-2026-8157 2026-06-22 HIGH 8.8 The Vitepos WordPress plugin before 3.4.2 does not properly restrict the roles that can be assigned when creating new users via one of its REST API endpoints, allowing…
CVE-2026-7859 2026-06-22 MEDIUM 5.3 The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata,…
CVE-2026-6858 2026-06-22 HIGH 7.1 The Transbank Webpay WordPress plugin before 1.14.0 does not sanitize and escape logs to be displayed, allowing unauthenticated users to perform Stored XSS attacks against logged in administrator
CVE-2026-4259 2026-06-22 HIGH 7.1 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2026-4110 2026-06-22 MEDIUM 6.1 The ultimate-woocommerce-auction-pro WordPress plugin through 2.4.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2026-10530 2026-06-22 MEDIUM 5.3 The Pie Register WordPress plugin before 3.8.4.10 does not use sufficiently random values when generating its account verification tokens, allowing unauthenticated attackers to predict a valid token and…
CVE-2026-12549 2026-06-22 MEDIUM 4.8 The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request…
CVE-2026-41049 2026-06-22 N/A 0.0 Incorrect caching of authentication between different users of the  qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has…
CVE-2026-41048 2026-06-22 N/A 0.0 Incorrect caching of authentication between different polkit methods in qSnapper before version 1.3.3 allowed a local attacker to use functions like "restore from snapshot" even if only allowed…
CVE-2026-41047 2026-06-22 N/A 0.0 Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information.
CVE-2026-41046 2026-06-22 HIGH 7.3 A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause…
CVE-2026-41045 2026-06-22 HIGH 8.1 A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user.
CVE-2026-8823 2026-06-22 LOW 3.8 Mattermost versions 11.7.x
CVE-2026-9162 2026-06-22 MEDIUM 4.3 Mattermost versions 11.7.x
CVE-2026-8074 2026-06-22 LOW 3.8 Mattermost versions 11.7.x
CVE-2026-6673 2026-06-22 MEDIUM 6.4 Mattermost versions 11.7.x
CVE-2026-6062 2026-06-22 MEDIUM 6.4 Mattermost versions 11.7.x
CVE-2026-5139 2026-06-22 MEDIUM 5.4 Mattermost versions 11.7.x
CVE-2026-54283 2026-06-22 HIGH 7.5 Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource consumption while parsing form data. These limits are enforced for…
CVE-2026-54278 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into…
CVE-2026-54277 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request…
CVE-2026-54276 2026-06-22 N/A 0.0 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires…
CVE-2026-50184 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the…
CVE-2026-50171 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service…
CVE-2026-50170 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a vulnerability was discovered…
CVE-2026-46417 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery…
CVE-2026-54268 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS)…
CVE-2026-54267 2026-06-22 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in…
« Anterior Página 62 de 4528 Siguiente »