Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-40067 2026-05-13 HIGH 7.5 When a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions which have reached End of…
CVE-2026-40061 2026-05-13 HIGH 8.7 When BIG-IP DNS is provisioned, a vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with the Resource…
CVE-2026-40060 2026-05-13 HIGH 7.5 When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which have…
CVE-2026-39459 2026-05-13 HIGH 7.2 A vulnerability exists in iControl REST and the TMOS Shell (tmsh) where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that…
CVE-2026-39458 2026-05-13 HIGH 7.5 When a BIG-IP DNS profile enabled with DNS cache is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software…
CVE-2026-39455 2026-05-13 HIGH 7.5 When the BIG-IP Configuration utility is configured to use Lightweight Directory Access Protocol (LDAP) authentication, undisclosed traffic can cause the httpd process to exhaust the available file descriptors.  Note: Software…
CVE-2026-35062 2026-05-13 MEDIUM 6.5 An authenticated iControl SOAP user may be able to obtain information of other accounts.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-34176 2026-05-13 HIGH 8.7 When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a…
CVE-2026-34019 2026-05-13 MEDIUM 5.3 When Bidirectional Forwarding Detection (BFD) is configured in Static and Dynamic routing protocols, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to stop processing BFD packets and…
CVE-2026-32673 2026-05-13 HIGH 8.7 A vulnerability exists in BIG-IP scripted monitors that may allow an authenticated attacker with the Resource Administrator or Administrator role to execute arbitrary system commands with higher privileges.…
CVE-2026-32643 2026-05-13 HIGH 8.7 A vulnerability exists in BIG-IP and BIG-IQ systems where a highly privileged, authenticated attacker with at least the Certificate Manager role can modify configuration objects that allow running…
CVE-2026-28758 2026-05-13 MEDIUM 4.4 When BIG-IP DNS is provisioned, a vulnerability exists in the gtm_add and bigip_add iControl REST commands that return the ssh-password parameter in cleartext in the iControl REST response and is also…
CVE-2026-24464 2026-05-13 MEDIUM 6.8 When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross…
CVE-2026-20916 2026-05-13 HIGH 8.1 An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system.  Note: Software versions which…
CVE-2026-44215 2026-05-12 MEDIUM 4.4 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The…
CVE-2026-42446 2026-05-12 MEDIUM 4.4 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is…
CVE-2026-42445 2026-05-12 LOW 3.3 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPaths…
CVE-2026-42444 2026-05-12 LOW 3.3 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method…
CVE-2026-42443 2026-05-12 LOW 3.3 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered…
CVE-2026-42442 2026-05-12 LOW 3.3 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered…
CVE-2026-42355 2026-05-12 LOW 3.3 NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a…
CVE-2026-8449 2026-05-12 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn.
CVE-2026-7168 2026-05-13 MEDIUM 5.3 Successfully using libcurl to do a transfer over a specific HTTP proxy (`proxyA`) with **Digest** authentication and then changing the proxy host to a second one (`proxyB`) for…
CVE-2026-7009 2026-05-13 MEDIUM 5.3 When curl is told to use the Certificate Status Request TLS extension, often referred to as *OCSP stapling*, to verify that the server certificate is valid, it fails…
CVE-2026-6888 2026-05-13 HIGH 7.2 Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify,…
CVE-2026-44874 2026-05-12 MEDIUM 4.9 A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system.…
CVE-2026-44871 2026-05-12 HIGH 7.2 Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could…
CVE-2026-44873 2026-05-12 MEDIUM 5.4 A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are…
CVE-2026-44872 2026-05-12 HIGH 7.2 A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files…
CVE-2026-44870 2026-05-12 HIGH 7.2 Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could…
CVE-2026-44869 2026-05-12 HIGH 7.2 Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute…
CVE-2026-44866 2026-05-12 HIGH 7.2 Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute…
CVE-2026-44853 2026-05-12 HIGH 7.2 Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to…
CVE-2026-44548 2026-05-12 HIGH 8.1 ChurchCRM is an open-source church management system. Prior to 7.3.2, top-level cross-site GET navigation from an attacker-controlled page to FundRaiserDelete.php, PropertyTypeDelete.php, or NoteDelete.php causes a logged-in ChurchCRM user…
CVE-2026-44547 2026-05-12 CRITICAL 9.6 ChurchCRM is an open-source church management system. From 7.2.0 to 7.2.2, The fix for CVE-2026-4058 is incomplete. The hardening commit was merged and then silently stripped from src/api/routes/public/public-user.php…
CVE-2026-44352 2026-05-12 N/A 0.0 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any…
CVE-2026-44260 2026-05-12 HIGH 8.1 efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfinder_checkRisk enforces…
CVE-2026-44259 2026-05-12 MEDIUM 4.6 efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or…
CVE-2026-44242 2026-05-12 LOW 3.7 Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where…
CVE-2026-44241 2026-05-12 HIGH 7.5 Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an…
CVE-2026-43948 2026-05-12 CRITICAL 9.9 wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit views in wger perform a gym-scope authorization check using Python object comparison…
CVE-2026-44011 2026-05-12 N/A 0.0 Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, Craft CMS which contains an input-handling flaw in a Yii object creation path…
CVE-2026-44010 2026-05-12 N/A 0.0 Craft CMS is a content management system (CMS). From 4.0.0 to before 4.17.12 and 5.9.18, the GraphQL Address element resolver (src/gql/resolvers/elements/Address.php) performs no schema scope filtering on top-level…
CVE-2026-43489 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does…
CVE-2026-43488 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error…
CVE-2026-43487 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing…
CVE-2026-43486 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep_get() value against the requested…
CVE-2026-43485 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to…
CVE-2026-43484 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield…
CVE-2026-43483 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is…
« Anterior Página 8 de 4294 Siguiente »