Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-42290 2026-05-13 HIGH 7.8 protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing…
CVE-2026-42266 2026-05-13 HIGH 8.8 jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. From 4.0.0 to 4.5.6, the allow-list of extensions that can be installed…
CVE-2025-32425 2026-05-13 N/A 0.0 AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to…
CVE-2025-29338 2026-05-13 N/A 0.0 NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
CVE-2024-51395 2026-05-13 N/A 0.0 Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.
CVE-2026-42338 2026-05-12 N/A 0.0 ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before embedding it…
CVE-2024-55045 2026-05-13 N/A 0.0 Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
CVE-2026-36742 2026-05-13 N/A 0.0 Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode).
CVE-2025-28344 2026-05-13 N/A 0.0 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
CVE-2025-28343 2026-05-13 N/A 0.0 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.
CVE-2026-36741 2026-05-13 N/A 0.0 U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Command Injection. The Network Time Protocol (NTP) configuration interface does not properly sanitize user-supplied input. An authenticated…
CVE-2026-36738 2026-05-13 N/A 0.0 U-SPEED AC1200 Gigabit Wi-Fi Router (Model: T18-21K) V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms.…
CVE-2026-31156 2026-05-13 N/A 0.0 A path injection vulnerability exists in OpenPLC v3 (2c82b0e79c53f8c1f1458eee15fec173400d6e1a) as the binary program compiled from glue_generator.cpp does not perform any validation on the file path parameters passed via…
CVE-2026-8367 2026-05-13 MEDIUM 4.8 aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they…
CVE-2026-6282 2026-05-13 HIGH 8.1 A potential improper file path validation vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user to move or access files…
CVE-2026-6281 2026-05-13 HIGH 8.8 A potential vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow a remote authenticated user on the local network to execute arbitrary commands on…
CVE-2026-42946 2026-05-13 MEDIUM 6.5 A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module modules that may result in excessive memory allocation or an over-read of data. When scgi_pass or uwsgi_pass is configured, an unauthenticated attacker with man-in-the-middle…
CVE-2026-42937 2026-05-13 MEDIUM 6.5 Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view…
CVE-2026-42934 2026-05-13 MEDIUM 4.8 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering ("off") directives are configured, unauthenticated attackers can…
CVE-2026-42930 2026-05-13 HIGH 8.7 When running in Appliance mode, an authenticated attacker assigned the 'Administrator' role may be able to bypass Appliance mode restrictions on a BIG-IP system.  Note: Software versions which…
CVE-2026-42926 2026-05-13 MEDIUM 5.8 When NGINX Open Source is configured to proxy HTTP/2 traffic by setting proxy_http_version to 2, and also uses proxy_set_body, an attacker may be able to inject frame headers and…
CVE-2026-42924 2026-05-13 HIGH 8.7 An authenticated attacker with the Resource Administrator or Administrator role can create SNMP configuration objects through iControl SOAP resulting in privilege escalation.  Note: Software versions which have reached…
CVE-2026-42920 2026-05-13 HIGH 7.5 When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.…
CVE-2026-42919 2026-05-13 MEDIUM 6.7 A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross…
CVE-2026-42781 2026-05-13 MEDIUM 6.5 When embedded Packet Velocity Acceleration (ePVA) acceleration is configured, undisclosed local ethernet traffic can cause an increase in ePVA and Traffic Management Microkernel (TMM) resource utilization.  Note: Software versions…
CVE-2026-42780 2026-05-13 MEDIUM 4.9 A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.  Note: Software versions…
CVE-2026-42409 2026-05-13 HIGH 7.5 When an HTTP/2 profile and an iRule containing the HTTP::redirect or HTTP::respond command are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to…
CVE-2026-42408 2026-05-13 MEDIUM 4.4 When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed TMOS Shell (tmsh) command that may allow a highly privileged authenticated attacker to view sensitive information.  Note: Software…
CVE-2026-42406 2026-05-13 HIGH 8.7 A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running…
CVE-2026-42063 2026-05-13 MEDIUM 4.9 A vulnerability exists in iControl SOAP where an authenticated attacker with the Resource Administrator or Administrator role can download sensitive files.  Note: Software versions which have reached End of…
CVE-2026-42058 2026-05-13 MEDIUM 4.3 An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.  Note: Software versions which have reached End…
CVE-2026-41959 2026-05-13 MEDIUM 6.5 Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to…
CVE-2026-41957 2026-05-13 HIGH 8.8 An authenticated remote code execution vulnerability through undisclosed vectors exists in the BIG-IP and BIG-IQ Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS)…
CVE-2026-41956 2026-05-13 HIGH 7.5 When a classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End…
CVE-2026-41954 2026-05-13 MEDIUM 4.9 Sensitive information disclosure vulnerability exists in the undisclosed iControl REST endpoint and TMOS Shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to…
CVE-2026-41953 2026-05-13 HIGH 8.7 A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation.  Note: Software…
CVE-2026-41227 2026-05-13 HIGH 7.5 On an HTTP/2 virtual server with Layer 7 DoS Protection configured, undisclosed traffic can result in an increase in memory consumption causing the Traffic Management Microkernel (TMM) process…
CVE-2026-41225 2026-05-13 CRITICAL 9.1 A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note:…
CVE-2026-41219 2026-05-13 MEDIUM 6.5 An improper sanitization vulnerability exists in the BIG-IP QKView utility that allows a low-privileged attacker to read sensitive information from a QKView file.  Note: Software versions which have…
CVE-2026-41218 2026-05-13 HIGH 7.5 When BIG-IP PEM iRules are configured on a virtual server (iRules using commands starting with CLASSIFICATION::, CLASSIFY::, PEM::, PSC::, and the urlcatquery command), undisclosed traffic can cause the…
CVE-2026-41217 2026-05-13 HIGH 7.9 A vulnerability exists in an undisclosed BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with resource administrator or administrator role to execute arbitrary system commands…
CVE-2026-40703 2026-05-13 MEDIUM 5.4 A cross-site request forgery (CSRF) vulnerability exists in the dashboard of the BIG-IP Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
CVE-2026-40701 2026-05-13 MEDIUM 4.8 NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_ssl_module module when the ssl_verify_client directive is set to "on" or "optional," and the ssl_ocsp directive is set to "on"…
CVE-2026-40698 2026-05-13 HIGH 8.7 A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can create SNMP configuration objects through iControl…
CVE-2026-40631 2026-05-13 HIGH 8.7 An authenticated attacker with the Resource Administrator or Administrator role can modify configuration objects through iControl SOAP resulting in privilege escalation.  Note: Software versions which have reached End…
CVE-2026-40629 2026-05-13 HIGH 7.5 When SSL profiles are configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing new client connections.  Note: Software versions which have reached End…
CVE-2026-40618 2026-05-13 HIGH 7.5 When an SSL profile is configured on a virtual server on BIG-IP Virtual Edition (VE) without Intel QuickAssist Technology (QAT) or on BIG-IP hardware platforms with the database…
CVE-2026-40460 2026-05-13 MEDIUM 6.5 When NGINX Plus or NGINX Open Source are configured to use the HTTP/3 QUIC module, an attacker may be able to spoof their source IP address allowing for bypass…
CVE-2026-40435 2026-05-13 MEDIUM 5.3 When configured, IP-based access restrictions for httpd do not cover all endpoints, which may allow connections from blocked addresses.  Note: Software versions which have reached End of Technical Support (EoTS)…
CVE-2026-40423 2026-05-13 HIGH 7.5 When a SIP profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End…
« Anterior Página 7 de 4294 Siguiente »