Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33909 2026-03-25 MEDIUM 5.9 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are…
CVE-2025-36440 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
CVE-2025-64646 2026-03-25 MEDIUM 6.2 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
CVE-2025-64647 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2025-64648 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-33223 2026-03-25 MEDIUM 6.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to…
CVE-2026-33222 2026-03-25 MEDIUM 4.9 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore…
CVE-2026-33247 2026-03-25 HIGH 7.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials…
CVE-2026-4867 2026-03-26 HIGH 7.5 Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.).…
CVE-2026-3116 2026-03-26 MEDIUM 4.9 Mattermost Plugins versions
CVE-2026-3115 2026-03-26 MEDIUM 4.3 Mattermost versions 11.2.x
CVE-2026-3114 2026-03-26 MEDIUM 6.5 Mattermost versions 11.4.x
CVE-2026-3113 2026-03-26 MEDIUM 5.0 Mattermost versions 11.4.x
CVE-2026-3112 2026-03-26 MEDIUM 6.8 Mattermost versions 11.4.x
CVE-2026-3109 2026-03-26 LOW 2.2 Mattermost Plugins versions
CVE-2026-3108 2026-03-26 HIGH 8.0 Mattermost versions 11.2.x
CVE-2026-34071 2026-03-26 MEDIUM 5.4 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized…
CVE-2026-33636 2026-03-26 HIGH 7.6 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds…
CVE-2026-33468 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape…
CVE-2026-33442 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does…
CVE-2026-33430 2026-03-26 HIGH 7.3 Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase…
CVE-2026-33416 2026-03-26 HIGH 7.5 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and…
CVE-2026-33402 2026-03-26 N/A 0.0 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch…
CVE-2026-33009 2026-03-26 HIGH 8.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT…
CVE-2026-32846 2026-03-26 N/A 0.0 OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the…
CVE-2026-29044 2026-03-26 MEDIUM 5.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path…
CVE-2026-27828 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address).…
CVE-2026-27816 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With…
CVE-2026-27815 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_session_setup copies a variable-length payment_options list into a fixed-size array of length 2 without bounds checking.…
CVE-2026-27814 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race (C++ UB) triggered by an A 1-phase ↔ 3-phase switch request (`ac_switch_three_phases_while_charging`) during…
CVE-2026-27813 2026-03-26 MEDIUM 5.3 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to use-after-free. This is triggered by EV plug-in/unplug and RFID/RemoteStart/OCPP authorization events…
CVE-2026-26074 2026-03-26 HIGH 7.0 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::map` corruption. The trigger is CSMS GetLog/UpdateFirmware request (network) with…
CVE-2026-26073 2026-03-26 MEDIUM 5.9 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to possible `std::queue`/`std::deque` corruption. The trigger is powermeter public key update and…
CVE-2026-33246 2026-03-25 MEDIUM 6.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server offers a `Nats-Request-Info:` message header, providing information about a request. This is…
CVE-2026-33219 2026-03-25 MEDIUM 5.3 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a malicious client which can connect to the…
CVE-2026-33218 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, a client which can connect to the leafnode…
CVE-2026-33217 2026-03-25 HIGH 7.1 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs…
CVE-2026-33216 2026-03-25 HIGH 8.6 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, for MQTT deployments using usercodes/passwords: MQTT passwords are…
CVE-2026-29785 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled…
CVE-2026-27889 2026-03-25 HIGH 7.5 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.2.0 and prior to versions 2.11.14 and 2.12.5, a missing sanity…
CVE-2025-15101 2026-03-26 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Web management interface of certain ASUS router models. This vulnerability potentially allows actions to be performed with…
CVE-2026-27602 2026-03-25 HIGH 7.2 Modoboa is a mail hosting and management platform. Prior to version 2.7.1, `exec_cmd()` in `modoboa/lib/sysutils.py` always runs subprocess calls with `shell=True`. Since domain names flow directly into shell…
CVE-2026-33931 2026-03-26 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the…
CVE-2026-33934 2026-03-26 MEDIUM 4.3 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have a missing authorization check in `portal/sign/lib/show-signature.php` that allows…
CVE-2026-33932 2026-03-26 HIGH 7.6 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document…
CVE-2026-33918 2026-03-26 HIGH 7.6 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the billing file-download endpoint `interface/billing/get_claim_file.php` only verifies that the…
CVE-2026-33917 2026-03-26 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS…
CVE-2026-33915 2026-03-26 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the…
CVE-2026-33913 2026-03-25 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module…
CVE-2026-33912 2026-03-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that,…
« Anterior Página 69 de 4158 Siguiente »