Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-12811
2026-06-21
MEDIUM
4.3
A weakness has been identified in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint.…
CVE-2026-12809
2026-06-21
MEDIUM
6.3
A vulnerability was identified in Edimax BR-6478AC V2 1.23. Affected is the function wiz_5in1_redirect of the file /goform/wiz_5in1_redirect of the component POST Request Handler. Such manipulation of the…
CVE-2026-12806
2026-06-21
HIGH
8.8
A vulnerability has been found in Edimax BR-6478AC V2 1.23. The impacted element is the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the component POST Request Handler. The…
CVE-2026-12805
2026-06-21
MEDIUM
6.3
A flaw has been found in OFFIS DCMTK up to 3.7.0. The affected element is the function XMLNode::parseFile in the library ofstd/libsrc/ofxml.cc. Executing a manipulation can lead to…
CVE-2026-56412
2026-06-21
MEDIUM
4.9
libexpat before 2.8.2 does not consider XML_TOK_DATA_CHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation.…
CVE-2026-56411
2026-06-21
MEDIUM
6.9
xmlwf in libexpat before 2.8.2 has an integer overflow in endDoctypeDecl via NOTATION declarations.
CVE-2026-56410
2026-06-21
MEDIUM
6.9
xmlwf in libexpat before 2.8.2 has an integer overflow in resolveSystemId.
CVE-2026-56409
2026-06-21
MEDIUM
6.5
xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used.
CVE-2026-56408
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in copyString.
CVE-2026-56407
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in doProlog that is related to storeEntityValue and entity textLen.
CVE-2026-56406
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in XML_ParseBuffer because it lacked a check that was present in XML_Parse.
CVE-2026-56405
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in getAttributeId.
CVE-2026-56404
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in addBinding.
CVE-2026-56403
2026-06-21
MEDIUM
6.9
libexpat before 2.8.2 has an integer overflow in storeAtts.
CVE-2026-56397
2026-06-21
CRITICAL
9.6
SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve…
CVE-2026-56396
2026-06-21
HIGH
8.8
phpMyFAQ before 4.1.4 contains missing authorization vulnerabilities in editUser() and updateUserRights() endpoints that allow authenticated administrators to escalate privileges. Non-SuperAdmin users with edit_user permission can set is_superadmin flag…
CVE-2026-56394
2026-06-21
MEDIUM
6.5
Craft CMS from 4.0.0-RC1 contains an authenticated path traversal vulnerability in the assets/icon endpoint where the extension parameter is not validated before file existence checks. Attackers can bypass…
CVE-2026-56393
2026-06-21
MEDIUM
4.8
Craft CMS 4.x (>= 4.0.0-RC1, < 4.17.0-beta.1) and 5.x (>= 5.0.0-RC1, < 5.9.0-beta.1) contain multiple stored cross-site scripting vulnerabilities where settings names and field option labels are rendered…
CVE-2026-56385
2026-06-21
MEDIUM
4.3
Craft CMS versions >= 5.0.0-RC1, = 4.0.0-RC1,
CVE-2026-56384
2026-06-21
MEDIUM
4.3
Craft CMS contains a missing authorization vulnerability in the assets/preview-thumb endpoint. A Control Panel user without permission to view a target private asset can call the endpoint with…
CVE-2026-56383
2026-06-21
MEDIUM
4.8
Craft CMS contains a stored cross-site scripting (XSS) vulnerability in the editableTable.twig component when using the 'Row Heading' column type. The application fails to sanitize input within row…
CVE-2026-56381
2026-06-21
MEDIUM
4.8
Craft CMS from version 5.0.0-RC1 contains a stored cross-site scripting vulnerability in the User Permissions page where user group names are rendered without proper HTML escaping. Attackers with…
CVE-2026-56378
2026-06-21
LOW
3.7
ImageMagick before 7.1.2-15 (and 6.x before 6.9.13-40) contains a heap out-of-bounds read in the PCD coder's DecodeImage loop. A crafted PCD file can trigger a one-byte heap out-of-bounds…
CVE-2026-56316
2026-06-21
MEDIUM
5.3
Cap-go before 12.128.2 contains an information disclosure vulnerability in the OPTIONS /build/upload/:jobId/* endpoint that allows unauthenticated attackers to enumerate valid builder job IDs through observable response discrepancies. Attackers…
CVE-2026-56299
2026-06-21
MEDIUM
5.3
Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/* endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to…
CVE-2026-56253
2026-06-21
HIGH
7.5
Capgo before 12.128.2 contains an improper access control vulnerability in the public.get_org_members RPC function that allows unauthenticated attackers to enumerate organization members. Attackers can invoke the endpoint using…
CVE-2026-56251
2026-06-21
MEDIUM
6.5
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit…
CVE-2026-56242
2026-06-21
HIGH
7.5
Capgo before 12.128.2 contains an unauthenticated security definer RPC function get_identity_apikey_only that returns the owning user_id for supplied API keys, creating an API key validity oracle and user…
CVE-2026-56239
2026-06-21
HIGH
7.6
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.apply_usage_overage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks (no validation of…
CVE-2026-56236
2026-06-21
MEDIUM
6.1
Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to…
CVE-2025-71378
2026-06-21
HIGH
8.1
picklescan before 0.0.30 fails to detect cProfile.runctx function calls in pickle file reduce methods, allowing attackers to execute arbitrary code. Malicious pickle files bypass picklescan detection and execute…
CVE-2025-71357
2026-06-21
HIGH
8.1
picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.pyshell.ModifiedInterpreter.runcommand in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded…
CVE-2025-71351
2026-06-21
N/A
0.0
picklescan before 0.0.25 fails to detect malicious pickle files that use timeit.timeit() in the __reduce__ method, allowing remote code execution. Attackers can craft pickle files that import dangerous…
CVE-2025-71348
2026-06-21
HIGH
8.1
picklescan before 0.0.28 fails to detect malicious pickle files that invoke torch.utils._config_module.load_config function within reduce methods. Attackers can craft pickle files embedding arbitrary code that evades detection but…
CVE-2026-12799
2026-06-21
MEDIUM
4.3
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete…
CVE-2026-12798
2026-06-21
MEDIUM
6.3
A weakness has been identified in BerriAI litellm up to 1.82.2. Affected by this vulnerability is the function load_openapi_spec_async of the file litellm/proxy/_experimental/mcp_server/openapi_to_mcp_generator.py of the component MCP OpenAPI…
CVE-2026-12797
2026-06-21
MEDIUM
6.3
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation…
CVE-2026-12796
2026-06-21
MEDIUM
6.3
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function get_redirect_response_from_openid of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Authentication Flow. The manipulation leads…
CVE-2026-12795
2026-06-21
HIGH
7.3
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/management_endpoints/ui_sso.py of the component SSO Debug Flow. Executing a manipulation…
CVE-2026-12789
2026-06-21
MEDIUM
4.7
A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation…
CVE-2026-12788
2026-06-21
MEDIUM
6.3
A vulnerability was determined in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This…
CVE-2026-12787
2026-06-21
MEDIUM
6.3
A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument…
CVE-2026-12786
2026-06-21
HIGH
7.8
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component…
CVE-2026-52911
2026-06-21
N/A
0.0
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn->binding slowpath to bound sessions only When the binding SESSION_SETUP sets conn->binding = true, the flag…
CVE-2026-12784
2026-06-21
HIGH
7.8
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation…
CVE-2026-12782
2026-06-21
HIGH
7.8
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel…
CVE-2026-12781
2026-06-21
HIGH
7.8
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The…
CVE-2026-12780
2026-06-21
HIGH
7.8
A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can…
CVE-2026-12779
2026-06-21
HIGH
7.8
A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing…
CVE-2026-12778
2026-06-21
HIGH
7.8
A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation…
« Anterior
Página 65 de 4528
Siguiente »
Page load link
Go to Top