Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25697 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2026-25696 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2026-25695 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2026-25694 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2026-25693 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2026-25692 2026-02-06 N/A 0.0 Rejected reason: Not used
CVE-2020-37121 2026-02-05 MEDIUM 5.5 CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious…
CVE-2025-70792 2026-02-05 MEDIUM 6.1 Cross Site Scripting vulnerability in the "/admin/category/create" endpoint of Microweber 2.0.19. An attacker can manipulate the "rel_id" parameter in a crafted URL and lure a user with admin…
CVE-2025-70791 2026-02-05 MEDIUM 6.1 Cross Site Scripting vulnerability in the "/admin/order/abandoned" endpoint of Microweber 2.0.19. An attacker can manipulate the "orderDirection" parameter in a crafted URL and lure a user with admin…
CVE-2025-68722 2026-02-05 HIGH 8.8 Axigen Mail Server before 10.5.57 and 10.6.x before 10.6.26 contains a Cross-Site Request Forgery (CSRF) vulnerability in the WebAdmin interface through improper handling of the _s (breadcrumb) parameter.…
CVE-2025-68721 2026-02-05 CRITICAL 9.1 Axigen Mail Server before 10.5.57 contains an improper access control vulnerability in the WebAdmin interface. A delegated admin account with zero permissions can bypass access control checks and…
CVE-2025-12131 2026-02-05 N/A 0.0 A truncated 802.15.4 packet can lead to an assert, resulting in a denial of service.
CVE-2026-1301 2026-02-05 N/A 0.0 In builds with PubSub and JSON enabled, a crafted JSON message can cause the decoder to write beyond a heap-allocated array before authentication, reliably crashing the process and…
CVE-2025-15343 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Enforce.
CVE-2025-15342 2026-02-05 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Reputation.
CVE-2025-15341 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Benchmark.
CVE-2025-15340 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Comply.
CVE-2025-15339 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Discover.
CVE-2025-15338 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
CVE-2025-15337 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Patch.
CVE-2025-15336 2026-02-05 MEDIUM 6.5 Tanium addressed an incorrect default permissions vulnerability in Performance.
CVE-2025-15335 2026-02-05 MEDIUM 4.3 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15334 2026-02-05 MEDIUM 4.3 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15333 2026-02-05 MEDIUM 4.3 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15332 2026-02-05 MEDIUM 4.9 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15331 2026-02-05 MEDIUM 4.3 Tanium addressed an uncontrolled resource consumption vulnerability in Connect.
CVE-2025-15330 2026-02-05 HIGH 8.8 Tanium addressed an improper input validation vulnerability in Deploy.
CVE-2025-15329 2026-02-05 MEDIUM 4.9 Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15328 2026-02-05 MEDIUM 5.0 Tanium addressed an improper link resolution before file access vulnerability in Enforce.
CVE-2025-15327 2026-02-05 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Deploy.
CVE-2025-15326 2026-02-05 MEDIUM 4.3 Tanium addressed an improper access controls vulnerability in Patch.
CVE-2025-15325 2026-02-05 MEDIUM 6.3 Tanium addressed an improper input validation vulnerability in Discover.
CVE-2025-15324 2026-02-05 MEDIUM 6.6 Tanium addressed a documentation issue in Engage.
CVE-2025-15323 2026-02-05 LOW 3.7 Tanium addressed an improper certificate validation vulnerability in Tanium Appliance.
CVE-2025-15321 2026-02-05 LOW 2.7 Tanium addressed an improper input validation vulnerability in Tanium Appliance.
CVE-2025-15312 2026-02-05 MEDIUM 6.6 Tanium addressed an improper output sanitization vulnerability in Tanium Appliance.
CVE-2025-15311 2026-02-05 HIGH 7.8 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance.
CVE-2025-15289 2026-02-05 LOW 3.1 Tanium addressed an improper access controls vulnerability in Interact.
CVE-2026-1707 2026-02-05 HIGH 7.4 pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files.…
CVE-2025-58190 2026-02-05 N/A 0.0 The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted…
CVE-2025-47911 2026-02-05 N/A 0.0 The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML…
CVE-2025-15557 2026-02-05 N/A 0.0 An Improper Certificate Validation vulnerability in TP-Link Tapo H100 v1 and Tapo P100 v1 allows an on-path attacker on the same network segment to intercept and modify encrypted…
CVE-2025-15551 2026-02-05 N/A 0.0 The response coming from TP-Link Archer MR200 v5.2, C20 v6, TL-WR850N v3, and TL-WR845N v4 for any request is getting executed by the JavaScript function like eval directly…
CVE-2026-0715 2026-02-05 N/A 0.0 Moxa Arm-based industrial computers running Moxa Industrial Linux Secure use a device-unique bootloader password provided on the device. An attacker with physical access to the device could use this…
CVE-2026-0714 2026-02-05 N/A 0.0 A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU…
CVE-2025-69906 2026-02-05 N/A 0.0 Monstra CMS v3.0.4 contains an arbitrary file upload vulnerability in the Files Manager plugin. The application relies on blacklist-based file extension validation and stores uploaded files directly in…
CVE-2025-69619 2026-02-05 N/A 0.0 A path traversal in My Text Editor v1.6.2 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2025-68723 2026-02-05 N/A 0.0 Axigen Mail Server before 10.5.57 contains multiple stored Cross-Site Scripting (XSS) vulnerabilities in the WebAdmin interface. Three instances exist: (1) the log file name parameter in the Local…
CVE-2025-68643 2026-02-05 N/A 0.0 Axigen Mail Server before 10.5.57 allows stored Cross-Site Scripting (XSS) in the handling of the timeFormat account preference parameter. Attackers can exploit this by deploying a multi-stage attack.…
CVE-2020-37152 2026-02-05 N/A 0.0 PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser,…
« Anterior Página 7 de 3911 Siguiente »