Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-23913 2026-01-20 N/A 0.0 Rejected reason: Not used
CVE-2026-23912 2026-01-20 N/A 0.0 Rejected reason: Not used
CVE-2026-23911 2026-01-20 N/A 0.0 Rejected reason: Not used
CVE-2026-23910 2026-01-20 N/A 0.0 Rejected reason: Not used
CVE-2026-23909 2026-01-20 N/A 0.0 Rejected reason: Not used
CVE-2025-14977 2026-01-20 HIGH 8.1 The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up…
CVE-2025-14348 2026-01-20 MEDIUM 5.3 The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to,…
CVE-2025-14798 2026-01-20 MEDIUM 5.3 The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. This makes it…
CVE-2025-14351 2026-01-20 MEDIUM 5.3 The Custom Fonts – Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCF_Google_Fonts_Compatibility' class…
CVE-2026-1051 2026-01-20 MEDIUM 4.3 The Newsletter – Send awesome emails from WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.1.0. This is due…
CVE-2025-14978 2026-01-20 MEDIUM 5.3 The PeachPay — Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing…
CVE-2026-23950 2026-01-20 HIGH 8.8 node-tar,a Tar for Node.js, has a race condition vulnerability in versions up to and including 7.5.3. This is due to an incomplete handling of Unicode path collisions in…
CVE-2026-23949 2026-01-20 HIGH 8.6 jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0…
CVE-2026-23876 2026-01-20 HIGH 8.1 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image…
CVE-2026-23874 2026-01-20 MEDIUM 5.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Versions prior to 7.1.2-13 have a stack overflow via infinite recursion in MSL (Magick Scripting…
CVE-2026-22770 2026-01-20 MEDIUM 6.5 ImageMagick is free and open-source software used for editing and manipulating digital images. The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. But, in versions…
CVE-2026-1203 2026-01-20 MEDIUM 5.6 A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing…
CVE-2026-1202 2026-01-20 HIGH 7.3 A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument…
CVE-2026-1197 2026-01-20 LOW 3.1 A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in…
CVE-2026-1196 2026-01-20 LOW 3.1 A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. Such manipulation of the argument ID leads to information disclosure.…
CVE-2026-1195 2026-01-20 MEDIUM 5.0 A weakness has been identified in MineAdmin 1.x/2.x. This impacts the function refresh of the file /system/refresh of the component JWT Token Handler. This manipulation causes insufficient verification…
CVE-2026-1194 2026-01-20 MEDIUM 5.3 A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be…
CVE-2025-15466 2026-01-20 MEDIUM 5.4 The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions…
CVE-2026-1193 2026-01-19 MEDIUM 6.3 A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper…
CVE-2026-1192 2026-01-19 HIGH 7.3 A vulnerability was determined in Tosei Online Store Management System ネット店舗管理システム 1.01. The affected element is an unknown function of the file /cgi-bin/imode_alldata.php. Executing a manipulation of the…
CVE-2026-1179 2026-01-19 HIGH 7.3 A vulnerability was detected in Yonyou KSOA 9.0. This affects an unknown part of the file /kmf/user_popedom.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2026-23944 2026-01-19 N/A 0.0 Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to version 1.13.2, unauthenticated requests could be proxied to remote environment agents, allowing access to…
CVE-2026-23885 2026-01-19 MEDIUM 6.6 Alchemy is an open source content management system engine written in Ruby on Rails. Prior to versions 7.4.12 and 8.0.3, the application uses the Ruby `eval()` function to…
CVE-2026-1178 2026-01-19 HIGH 7.3 A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter…
CVE-2026-1177 2026-01-19 HIGH 7.3 A weakness has been identified in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /kmf/save_folder.jsp of the component HTTP GET Parameter Handler.…
CVE-2026-23886 2026-01-19 MEDIUM 5.3 Swift W3C TraceContext is a Swift implementation of the W3C Trace Context standard, and Swift OTel is an OpenTelemetry Protocol (OTLP) backend for Swift Log, Swift Metrics, and…
CVE-2026-23880 2026-01-19 HIGH 7.3 OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored…
CVE-2026-23877 2026-01-19 N/A 0.0 Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal…
CVE-2026-23875 2026-01-19 N/A 0.0 CrawlChat is an open-source, AI-powered platform that transforms technical documentation into intelligent chatbots. Prior to version 0.0.8, a non-existing permission check for the CrawlChat's Discord bot allows non-manage…
CVE-2026-23849 2026-01-19 MEDIUM 5.3 File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the…
CVE-2026-23848 2026-01-19 MEDIUM 6.5 MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass…
CVE-2026-23844 2026-01-19 N/A 0.0 Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank…
CVE-2026-23837 2026-01-19 CRITICAL 9.8 MyTube is a self-hosted downloader and player for several video websites. A vulnerability present in version 1.7.65 and poetntially earlier versions allows unauthenticated users to bypass the mandatory…
CVE-2026-1176 2026-01-19 HIGH 7.3 A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID…
CVE-2026-1175 2026-01-19 MEDIUM 5.3 A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads…
CVE-2026-23852 2026-01-19 N/A 0.0 SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into…
CVE-2026-23851 2026-01-19 N/A 0.0 SiYuan is a personal knowledge management system. Versions prior to 3.5.4 contain a logic vulnerability in the /api/file/globalCopyFiles endpoint. The function allows authenticated users to copy files from…
CVE-2026-23850 2026-01-19 N/A 0.0 SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read (LFD). Version 3.5.4…
CVE-2026-23847 2026-01-19 N/A 0.0 SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG…
CVE-2026-23846 2026-01-19 HIGH 8.1 Tugtainer is a self-hosted app for automating updates of Docker containers. In versions prior to 1.16.1, the password authentication mechanism transmits passwords via URL query parameters instead of…
CVE-2026-21696 2026-01-19 N/A 0.0 Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider…
CVE-2026-1174 2026-01-19 MEDIUM 5.3 A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes…
CVE-2026-1173 2026-01-19 MEDIUM 5.3 A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query…
CVE-2025-69199 2026-01-19 N/A 0.0 Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling.…
CVE-2026-23878 2026-01-19 MEDIUM 6.5 HotCRP is conference review software. Starting in commit aa20ef288828b04550950cf67c831af8a525f508 and prior to commit ceacd5f1476458792c44c6a993670f02c984b4a0, authors with at least one submission on a HotCRP site could use the document…
« Anterior Página 83 de 3928 Siguiente »