Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33505 2026-03-26 HIGH 7.2 Ory Keto is am open source authorization server for managing permissions at scale. Prior to version 26.2.0, the GetRelationships API in Ory Keto is vulnerable to SQL injection…
CVE-2026-33491 2026-03-26 HIGH 7.8 Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows…
CVE-2026-33490 2026-03-26 LOW 3.7 H3 is a minimal H(TTP) framework. In versions 2.0.0-0 through 2.0.1-rc.16, the `mount()` method in h3 uses a simple `startsWith()` check to determine whether incoming requests fall under…
CVE-2026-33477 2026-03-26 MEDIUM 4.3 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In versiosn 2.3.7 through 3.10.0, the file snippet endpoint `/api/file/snippet.php` allows an authenticated user…
CVE-2026-33153 2026-03-26 N/A 0.0 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden `?debug=true` query…
CVE-2026-33152 2026-03-26 CRITICAL 9.1 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, Tandoor Recipes configures Django REST Framework with BasicAuthentication as…
CVE-2026-33469 2026-03-26 MEDIUM 6.5 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, an authenticated non-admin user can retrieve the full raw Frigate…
CVE-2026-33149 2026-03-26 HIGH 8.1 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Versions up to and including 2.5.3 set ALLOWED_HOSTS = '*' by default, which causes…
CVE-2026-33148 2026-03-26 MEDIUM 6.5 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the FDC (USDA FoodData Central) search endpoint constructs an…
CVE-2026-33014 2026-03-26 MEDIUM 5.2 EVerest is an EV charging software stack. Prior to version 2026.02.0, during RemoteStop processing, a delayed authorization response restores `authorized` back to true, defeating the `stop_transaction()` call condition…
CVE-2026-30463 2026-03-26 N/A 0.0 Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
CVE-2026-30458 2026-03-26 N/A 0.0 An issue in Daylight Studio FuelCMS v1.5.2 allows attackers to exfiltrate users' password reset tokens via a mail splitting attack.
CVE-2026-30457 2026-03-26 N/A 0.0 An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
CVE-2026-29969 2026-03-26 N/A 0.0 A cross-site scripting (XSS) vulnerability in the wff_cols_pref.css.aspx endpoint of staffwiki v7.0.1.19219 allows attackers to execute arbitrary Javascript in the context of the user's browser via a crafted…
CVE-2026-29905 2026-03-26 MEDIUM 6.5 Kirby CMS through 5.1.4 allows an authenticated user with 'Editor' permissions to cause a persistent Denial of Service (DoS) via a malformed image upload. The application fails to…
CVE-2026-30162 2026-03-26 MEDIUM 6.1 Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field.
CVE-2026-29934 2026-03-26 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability in the /admin/menus component of Lightcms v2.0 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying…
CVE-2026-29055 2026-03-26 MEDIUM 5.3 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the image processing pipeline in Tandoor Recipes explicitly skips…
CVE-2026-28503 2026-03-26 N/A 0.0 Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_folder()` action in `cookbook/views/api.py` (line 903) fetches a…
CVE-2026-26213 2026-03-26 N/A 0.0 thingino-firmware versions up to the firmware-2026-03-16 release contains an unauthenticated os command injection vulnerability in the WiFi captive portal CGI script that allows remote attackers to execute arbitrary…
CVE-2026-4274 2026-03-26 MEDIUM 5.4 Mattermost versions 11.2.x
CVE-2026-33914 2026-03-26 HIGH 7.2 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability…
CVE-2025-14807 2026-03-25 MEDIUM 6.5 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to…
CVE-2025-14808 2026-03-25 LOW 3.1 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request…
CVE-2025-14810 2026-03-25 MEDIUM 6.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive…
CVE-2025-14912 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially…
CVE-2025-14974 2026-03-25 MEDIUM 5.7 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
CVE-2025-36258 2026-03-25 HIGH 7.1 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user.
CVE-2025-36422 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized…
CVE-2026-1014 2026-03-25 MEDIUM 6.5 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
CVE-2026-33732 2026-03-26 MEDIUM 4.8 srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when…
CVE-2026-33504 2026-03-26 HIGH 7.2 Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to…
CVE-2026-33503 2026-03-26 HIGH 7.2 Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL…
CVE-2026-33496 2026-03-26 HIGH 8.1 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33495 2026-03-26 MEDIUM 6.5 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often…
CVE-2026-33494 2026-03-26 CRITICAL 10.0 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33487 2026-03-26 HIGH 7.5 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one…
CVE-2026-33486 2026-03-26 MEDIUM 6.8 Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28,…
CVE-2026-33481 2026-03-26 MEDIUM 5.3 Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not…
CVE-2026-33470 2026-03-26 MEDIUM 6.5 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access…
CVE-2026-33438 2026-03-26 MEDIUM 6.5 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of…
CVE-2026-33015 2026-03-26 MEDIUM 5.2 EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's…
CVE-2026-1015 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially…
CVE-2026-1262 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2026-2483 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
CVE-2025-36438 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVE-2026-2484 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
CVE-2026-2485 2026-03-25 MEDIUM 4.8 IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2026-32120 2026-03-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the…
CVE-2026-33348 2026-03-25 HIGH 8.7 OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The…
« Anterior Página 68 de 4158 Siguiente »