Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-55132	2026-01-20	LOW	2.8	A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`,…
CVE-2025-13878	2026-01-21	HIGH	7.5	Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and…
CVE-2026-23755	2026-01-21	N/A	0.0	D-Link D-View 8 versions 2.0.1.107 and below contain an uncontrolled search path vulnerability in the installer. When executed with elevated privileges via UAC, the installer attempts to load…
CVE-2026-23754	2026-01-21	N/A	0.0	D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve…
CVE-2021-47887	2026-01-21	HIGH	7.8	OKI Print Job Accounting 4.4.10 contains an unquoted service path vulnerability in the OkiJaSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…
CVE-2021-47886	2026-01-21	HIGH	7.8	Pingzapper 2.3.1 contains an unquoted service path vulnerability in the PingzapperSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in…
CVE-2021-47884	2026-01-21	HIGH	7.8	OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can…
CVE-2021-47883	2026-01-21	HIGH	7.8	Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted…
CVE-2021-47882	2026-01-21	HIGH	7.8	FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path…
CVE-2021-47880	2026-01-21	HIGH	7.8	Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted…
CVE-2021-47879	2026-01-21	HIGH	7.8	eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers…
CVE-2021-47878	2026-01-21	HIGH	7.8	eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can…
CVE-2021-47877	2026-01-21	HIGH	7.5	GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of…
CVE-2021-47876	2026-01-21	HIGH	7.5	GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate…
CVE-2021-47875	2026-01-21	CRITICAL	9.8	GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload…
CVE-2021-47874	2026-01-21	HIGH	7.8	VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit…
CVE-2021-47873	2026-01-21	HIGH	7.2	VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter…
CVE-2021-47872	2026-01-21	HIGH	7.1	SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parameter.…
CVE-2021-47871	2026-01-21	HIGH	8.8	Hestia Control Panel 1.3.2 contains an arbitrary file write vulnerability that allows authenticated attackers to write files to arbitrary locations using the API index.php endpoint. Attackers can exploit…
CVE-2021-47870	2026-01-21	N/A	0.0	GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be…
CVE-2021-47869	2026-01-21	HIGH	7.8	Brother BRAdmin Professional 3.75 contains an unquoted service path vulnerability in the BRA_Scheduler service that allows local users to potentially execute arbitrary code. Attackers can place a malicious…
CVE-2021-47868	2026-01-21	HIGH	7.8	WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the WPCommandFileService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted…
CVE-2021-47867	2026-01-21	HIGH	7.8	WIN-PACK PRO4.8 contains an unquoted service path vulnerability in the ScheduleService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted…
CVE-2021-47866	2026-01-21	HIGH	7.8	WIN-PACK PRO 4.8 contains an unquoted service path vulnerability in the GuardTourService that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the…
CVE-2021-47865	2026-01-21	HIGH	7.5	ProFTPD 1.3.7a contains a denial of service vulnerability that allows attackers to overwhelm the server by creating multiple simultaneous FTP connections. Attackers can repeatedly establish connections using threading…
CVE-2021-47864	2026-01-21	HIGH	7.8	OSAS Traverse Extension 11 contains an unquoted service path vulnerability in the TravExtensionHostSvc service running with LocalSystem privileges. Attackers can exploit the unquoted path to inject and execute…
CVE-2021-47863	2026-01-21	HIGH	7.8	MacPaw Encrypto 1.0.1 contains an unquoted service path vulnerability in its Encrypto Service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted…
CVE-2021-47862	2026-01-21	HIGH	7.8	Hi-Rez Studios 5.1.6.3 contains an unquoted service path vulnerability in the HiPatchService that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted path…
CVE-2021-47861	2026-01-21	HIGH	7.8	Event Log Explorer 4.9.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted…
CVE-2021-47860	2026-01-21	MEDIUM	5.3	GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. Attackers can craft a…
CVE-2021-47859	2026-01-21	HIGH	7.8	ActivIdentity 8.2 contains an unquoted service path vulnerability in the ac.sharedstore service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path…
CVE-2021-47858	2026-01-21	HIGH	7.2	Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address…
CVE-2021-47857	2026-01-21	HIGH	7.2	Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with…
CVE-2021-47855	2026-01-21	HIGH	7.2	Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes…
CVE-2021-47854	2026-01-21	CRITICAL	9.8	DD-WRT version 45723 contains a buffer overflow vulnerability in the UPNP network discovery service that allows remote attackers to potentially execute arbitrary code. Attackers can send crafted M-SEARCH…
CVE-2021-47853	2026-01-21	HIGH	8.8	phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload…
CVE-2021-47852	2026-01-21	HIGH	8.8	Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a…
CVE-2021-47851	2026-01-21	CRITICAL	9.8	Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to…
CVE-2021-47850	2026-01-21	HIGH	7.5	Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files…
CVE-2021-47849	2026-01-21	MEDIUM	6.2	Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system…
CVE-2021-47848	2026-01-21	HIGH	8.2	Blitar Tourism 1.0 contains an authentication bypass vulnerability that allows attackers to bypass login by injecting SQL code through the username parameter. Attackers can manipulate the login request…
CVE-2021-47846	2026-01-21	HIGH	8.2	Digital Crime Report Management System 1.0 contains a critical SQL injection vulnerability affecting multiple login pages that allows unauthenticated attackers to bypass authentication. Attackers can exploit the vulnerability…
CVE-2021-47830	2026-01-21	N/A	0.0	GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can…
CVE-2021-47817	2026-01-21	MEDIUM	5.4	OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious…
CVE-2021-47802	2026-01-21	HIGH	7.5	Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint…
CVE-2021-47778	2026-01-21	N/A	0.0	GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote…
CVE-2021-47770	2026-01-21	HIGH	8.8	OpenPLC v3 contains an authenticated remote code execution vulnerability that allows attackers with valid credentials to inject malicious code through the hardware configuration interface. Attackers can upload a…
CVE-2021-47748	2026-01-21	CRITICAL	9.8	Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql…
CVE-2021-47746	2026-01-21	HIGH	7.5	NodeBB Plugin Emoji 3.2.1 contains an arbitrary file write vulnerability that allows administrative users to write files to arbitrary system locations through the emoji upload API. Attackers with…
CVE-2026-20109	2026-01-21	MEDIUM	4.8	Multiple vulnerabilities in the web-based management interface of Cisco Packaged Contact Center Enterprise (Packaged CCE) and Cisco Unified Contact Center Enterprise (Unified CCE) could allow an authenticated, remote…

« Anterior Página 73 de 3924 Siguiente »