Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2022-24380	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2022-22147	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2022-21130	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2021-3926	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8460	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8459	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8458	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8457	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8456	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8455	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8454	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8453	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2020-8452	2026-01-22	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.
CVE-2026-1331	2026-01-22	CRITICAL	9.8	MeetingHub developed by HAMASTAR Technology has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on…
CVE-2026-1330	2026-01-22	HIGH	7.5	MeetingHub developed by HAMASTAR Technology has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2026-24332	2026-01-22	MEDIUM	4.3	Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible (and not actually offline) because the response to a WebSocket API request includes the…
CVE-2020-8451	2026-01-22	N/A	0.0	Rejected reason: The reserved CVE was never used.
CVE-2026-0920	2026-01-22	CRITICAL	9.8	The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the…
CVE-2026-24049	2026-01-22	HIGH	7.1	wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file…
CVE-2025-71176	2026-01-22	MEDIUM	6.8	pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
CVE-2026-24055	2026-01-22	N/A	0.0	Langfuse is an open source large language model engineering platform. In versions 3.146.0 and below, the /api/public/slack/install endpoint initiates Slack OAuth using a projectId provided by the client…
CVE-2026-24042	2026-01-22	CRITICAL	9.4	Appsmith is a platform to build admin panels, internal tools, and dashboards. In versions 1.94 and below, publicly accessible apps allow unauthenticated users to execute unpublished (edit-mode) actions…
CVE-2026-24039	2026-01-22	MEDIUM	4.3	Horilla is a free and open source Human Resource Management System (HRMS). Version 1.4.0 has Improper Access Control, allowing low-privileged employees to self-approve documents they have uploaded. The…
CVE-2026-24038	2026-01-22	HIGH	8.1	Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the OTP handling logic has a flawed equality check that can be bypassed.…
CVE-2026-24037	2026-01-22	MEDIUM	4.8	Horilla is a free and open source Human Resource Management System (HRMS). In version 1.4.0, the has_xss() function attempts to block XSS by matching input against a set…
CVE-2026-24036	2026-01-22	MEDIUM	5.3	Horilla is a free and open source Human Resource Management System (HRMS). Versions 1.4.0 and above expose unpublished job postings through the /recruitment/recruitment-details// endpoint without authentication. The response…
CVE-2026-24035	2026-01-22	MEDIUM	4.3	Horilla is a free and open source Human Resource Management System (HRMS). An Improper Access Control vulnerability exists in Horilla HR Software starting in version 1.4.0 and prior…
CVE-2026-24034	2026-01-22	MEDIUM	5.4	Horilla is a free and open source Human Resource Management System (HRMS). In versions prior to 1.5.0, a cross-site scripting vulnerability can be triggered because the extension and…
CVE-2026-24010	2026-01-22	HIGH	8.8	Horilla is a free and open source Human Resource Management System (HRMS). A critical File Upload vulnerability in versions prior to 1.5.0, with Social Engineering, allows authenticated users…
CVE-2026-24006	2026-01-22	HIGH	7.5	Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack…
CVE-2026-24002	2026-01-22	CRITICAL	9.0	Grist is spreadsheet software using Python as its formula language. Grist offers several methods for running those formulas in a sandbox, for cases where the user may be…
CVE-2026-24001	2026-01-22	N/A	0.0	jsdiff is a JavaScript text differencing implementation. Prior to versions 8.0.3, 5.2.2, and 4.0.4, attempting to parse a patch whose filename headers contain the line break characters `\r`,…
CVE-2026-23992	2026-01-22	MEDIUM	5.9	go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, a compromised or misconfigured TUF repository can have the…
CVE-2026-23991	2026-01-22	MEDIUM	5.9	go-tuf is a Go implementation of The Update Framework (TUF). Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository (or any of its mirrors)…
CVE-2026-23967	2026-01-22	HIGH	7.5	sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature malleability vulnerability exists in the SM2 signature verification logic of the sm-crypto library…
CVE-2026-23966	2026-01-22	CRITICAL	9.1	sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A private key recovery vulnerability exists in the SM2 decryption logic of sm-crypto prior to…
CVE-2026-23965	2026-01-22	HIGH	7.5	sm-crypto provides JavaScript implementations of the Chinese cryptographic algorithms SM2, SM3, and SM4. A signature forgery vulnerability exists in the SM2 signature verification logic of sm-crypto prior to…
CVE-2026-23964	2026-01-22	MEDIUM	6.5	Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, an insecure direct object reference in the web push subscription…
CVE-2026-23963	2026-01-22	MEDIUM	4.3	Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18, the server does not enforce a maximum length for the…
CVE-2026-23962	2026-01-22	HIGH	7.5	Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, and v4.5.5 do not have a limit on the maximum number of…
CVE-2026-23959	2026-01-22	N/A	0.0	CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the `CustomerTransformerController` within the CoreShop admin panel. The…
CVE-2026-23961	2026-01-22	MEDIUM	5.3	Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows server administrators to suspend remote users to prevent interactions. However, some logic errors allow already-known…
CVE-2026-23958	2026-01-22	N/A	0.0	Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This…
CVE-2026-23957	2026-01-22	HIGH	7.5	seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding encoded array lengths by replacing them with an excessively large value…
CVE-2026-23956	2026-01-22	HIGH	7.5	seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, overriding RegExp serialization with extremely large patterns can exhaust JavaScript runtime memory…
CVE-2026-23699	2026-01-22	HIGH	7.2	AP180 series with firmware versions prior to AP_RGOS 11.9(4)B1P8 contains an OS command injection vulnerability. If this vulnerability is exploited, arbitrary commands may be executed on the devices.
CVE-2025-27380	2026-01-22	HIGH	7.6	HTML injection in Project Release in Altium Enterprise Server (AES) 7.0.3 on all platforms allows an authenticated attacker to execute arbitrary JavaScript in the victim’s browser via crafted…
CVE-2025-27379	2026-01-22	MEDIUM	6.8	A stored cross-site scripting (XSS) vulnerability in the BOM Viewer in Altium AES 7.0.3 allows an authenticated attacker to inject arbitrary JavaScript into the Description field of a…
CVE-2026-23952	2026-01-22	MEDIUM	6.5	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions 14.10.1 and below have a NULL pointer dereference vulnerability in the MSL (Magick Scripting…
CVE-2026-23951	2026-01-22	MEDIUM	5.5	SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow…

« Anterior Página 71 de 3924 Siguiente »