Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-33917 2026-03-26 HIGH 8.8 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajax_save CAMOS…
CVE-2026-33915 2026-03-26 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, five insurance company REST API routes are missing the…
CVE-2026-33913 2026-03-25 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated user with access to the Carecoordination module…
CVE-2026-33912 2026-03-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an authenticated attacker could craft a malicious form that,…
CVE-2026-33911 2026-03-25 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the POST parameter `title` is reflected back in a…
CVE-2026-33248 2026-03-25 MEDIUM 4.2 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with `verify_and_map`…
CVE-2026-33249 2026-03-25 MEDIUM 4.3 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Starting in version 2.11.0 and prior to versions 2.11.15 and 2.12.6, a valid client…
CVE-2026-29187 2026-03-25 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient…
CVE-2026-33910 2026-03-25 HIGH 7.2 OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the…
CVE-2026-33933 2026-03-26 MEDIUM 6.1 OpenEMR is a free and open source electronic health records and medical practice management application. Starting in version 7.0.2.1 and prior to version 8.0.0.3, a reflected cross-site scripting…
CVE-2026-34051 2026-03-26 MEDIUM 5.4 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 have an improper access control on the Import/Export functionality,…
CVE-2026-34053 2026-03-26 HIGH 7.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint `interface/forms/procedure_order/handle_deletions.php` allows…
CVE-2026-34055 2026-03-26 HIGH 8.1 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the legacy patient notes functions in `library/pnotes.inc.php` perform updates…
CVE-2026-29976 2026-03-26 MEDIUM 6.2 Buffer Overflow vulnerability in ZerBea hcxpcapngtool v. 7.0.1-43-g2ee308e allows a local attacker to obtain sensitive information via the getradiotapfield() function
CVE-2026-22790 2026-03-26 HIGH 8.8 EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads…
CVE-2026-34056 2026-03-26 HIGH 7.7 OpenEMR is a free and open source electronic health records and medical practice management application. A Broken Access Control vulnerability in OpenEMR up to and including version 8.0.0.3…
CVE-2026-4897 2026-03-26 MEDIUM 5.5 A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input…
CVE-2026-4247 2026-03-26 HIGH 7.5 When a challenge ACK is to be sent tcp_respond() constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should…
CVE-2026-33397 2026-03-26 N/A 0.0 The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x…
CVE-2026-33287 2026-03-26 HIGH 7.5 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the `replace_first` filter in LiquidJS uses JavaScript's `String.prototype.replace()` which interprets `$&`…
CVE-2026-29933 2026-03-26 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying…
CVE-2026-28298 2026-03-26 MEDIUM 5.9 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-28297 2026-03-26 MEDIUM 6.1 SolarWinds Observability Self-Hosted was found to be affected by a stored cross-site scripting vulnerability, which when exploited, can lead to unintended script execution.
CVE-2026-27664 2026-03-26 HIGH 7.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability…
CVE-2026-27663 2026-03-26 MEDIUM 6.5 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote…
CVE-2026-26072 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is EV SoC…
CVE-2026-26071 2026-03-26 MEDIUM 4.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::string` concurrent access. with heap-use-after-free possible. This is triggered by EVCCID…
CVE-2026-26070 2026-03-26 MEDIUM 4.6 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to `std::map` concurrent access (container/optional corruption possible). The trigger is an EV…
CVE-2026-26008 2026-03-26 HIGH 7.5 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have an out-of-bounds access (std::vector) that leads to possible remote crash/memory corruption. This is because the CSMS…
CVE-2026-23995 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN…
CVE-2026-24068 2026-03-26 HIGH 8.8 The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should…
CVE-2026-22593 2026-03-26 HIGH 8.4 EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length…
CVE-2014-125112 2026-03-26 CRITICAL 9.8 Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution. Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on…
CVE-2019-25650 2026-03-26 HIGH 8.4 River Past CamDo 3.7.6 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the…
CVE-2019-25649 2026-03-26 MEDIUM 5.5 River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized…
CVE-2019-25648 2026-03-26 MEDIUM 6.2 MyVideoConverter Pro 3.14 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying an excessively long string to the registration code input field.…
CVE-2018-25219 2026-03-26 HIGH 8.4 PassFab Excel Password Recovery 8.3.1 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the…
CVE-2018-25218 2026-03-26 HIGH 8.4 PassFab RAR Password Recovery 9.3.2 contains a structured exception handler (SEH) buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload. Attackers…
CVE-2018-25217 2026-03-26 HIGH 8.4 PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can…
CVE-2018-25216 2026-03-26 MEDIUM 6.2 AnyBurn 4.3 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the image file name field.…
CVE-2018-25215 2026-03-26 MEDIUM 5.5 Excel Password Recovery Professional 8.2.0.0 contains a local buffer overflow vulnerability that allows attackers to cause a denial of service by supplying an excessively long string to the…
CVE-2018-25214 2026-03-26 MEDIUM 6.2 MegaPing contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized payload to the Destination Address List field in the…
CVE-2018-25213 2026-03-26 HIGH 8.4 Nsauditor 3.0.28.0 contains a structured exception handling buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input to the DNS Lookup tool. Attackers…
CVE-2018-25212 2026-03-26 HIGH 8.4 Boxoft wav-wma Converter 1.0 contains a local buffer overflow vulnerability in structured exception handling that allows attackers to execute arbitrary code by crafting malicious WAV files. Attackers can…
CVE-2018-25211 2026-03-26 HIGH 7.8 Allok Video Splitter 3.1.1217 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service or execute arbitrary code by supplying an oversized string…
CVE-2026-4887 2026-03-26 MEDIUM 6.1 A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit…
CVE-2025-41027 2026-03-26 N/A 0.0 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter…
CVE-2025-41026 2026-03-26 N/A 0.0 Reflected Cross Site Scripting (XSS) vulnerabilities in GDTaller. These vulnerabilities allows an attacker execute JavaScript code in the victim's browser by sending a malicious URL in 'site' parameter…
CVE-2018-25210 2026-03-26 HIGH 8.2 WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL…
CVE-2018-25209 2026-03-26 HIGH 8.2 OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit…
« Anterior Página 70 de 4159 Siguiente »