Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-46932 2026-06-17 HIGH 7.1 Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged…
CVE-2026-45436 2026-06-17 MEDIUM 6.5 Subscriber Broken Access Control in WPBakery Page Builder
CVE-2026-42629 2026-06-17 HIGH 8.8 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-42357 2026-06-17 MEDIUM 6.5 Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to…
CVE-2026-40757 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Château
CVE-2026-40752 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Manufaktur Solutions
CVE-2026-41557 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
CVE-2026-40768 2026-06-17 HIGH 7.3 Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system
CVE-2026-40765 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in collectchat
CVE-2026-40641 2026-06-17 MEDIUM 4.8 Dell PowerFlex Manager, version(s) 4.6.0.1, contain(s) an Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading…
CVE-2026-40738 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Eldon
CVE-2026-40748 2026-06-17 CRITICAL 9.9 Subscriber Arbitrary File Upload in Kids Gift Shop
CVE-2026-40746 2026-06-17 CRITICAL 9.9 Subscriber Arbitrary File Upload in Restaurant Zone
CVE-2026-40735 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Reina
CVE-2026-40725 2026-06-17 CRITICAL 9.8 Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-40723 2026-06-17 MEDIUM 4.3 Subscriber Broken Access Control in Bricks Builder
CVE-2026-40721 2026-06-17 HIGH 7.5 Contributor Local File Inclusion in Element Pack Pro
CVE-2026-39590 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Atomlab
CVE-2026-39560 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Hiroshi
CVE-2026-39595 2026-06-17 MEDIUM 4.7 Author Broken Access Control in W3 Total Cache
CVE-2026-39582 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
CVE-2026-39573 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Mildhill
CVE-2026-39545 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Zermatt
CVE-2026-39445 2026-06-17 HIGH 8.1 Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
CVE-2026-35327 2026-06-17 HIGH 7.6 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35326 2026-06-17 HIGH 7.2 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high…
CVE-2026-35325 2026-06-17 HIGH 8.8 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35324 2026-06-17 HIGH 8.8 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35323 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35322 2026-06-17 HIGH 8.8 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35321 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low…
CVE-2026-35320 2026-06-17 CRITICAL 9.0 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows…
CVE-2026-35319 2026-06-17 CRITICAL 9.8 Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated…
CVE-2026-35312 2026-06-17 CRITICAL 9.8 Vulnerability in the Oracle Virtual Directory product of Oracle Fusion Middleware (component: Virtual Directory Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35311 2026-06-17 HIGH 8.8 Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-35162 2026-06-17 MEDIUM 4.3 Dell PowerFlex Manager, version(s) [Versions], contain(s) an Improper Access Control vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service.
CVE-2026-35065 2026-06-17 HIGH 8.8 Dell PowerFlex Manager, version(s) [Versions], contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code…
CVE-2026-34888 2026-06-17 HIGH 7.5 Unauthenticated Sensitive Data Exposure in Bricksforge
CVE-2026-32967 2026-06-17 CRITICAL 9.1 Incorrect Authorization vulnerability of `/v2` experimental interface in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the…
CVE-2026-32966 2026-06-17 CRITICAL 9.8 DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata Disclosure in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to…
CVE-2026-27410 2026-06-17 MEDIUM 6.5 Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions.
CVE-2026-25446 2026-06-17 CRITICAL 9.9 Subscriber Arbitrary File Upload in WishList Member X
CVE-2026-24611 2026-06-17 CRITICAL 9.1 Unauthenticated Broken Access Control in MetForm Pro
CVE-2026-24610 2026-06-17 MEDIUM 4.3 Subscriber Broken Access Control in MetForm Pro
CVE-2026-22342 2026-06-17 HIGH 8.8 Unauthenticated Cross Site Request Forgery (CSRF) in WordPress Dating Theme
CVE-2026-22339 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in WPJobster
CVE-2026-22338 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in EcoBlue
CVE-2026-22332 2026-06-17 CRITICAL 9.3 Unauthenticated SQL Injection in Tutor LMS Pro
CVE-2026-22330 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Right Way
CVE-2026-22283 2026-06-17 HIGH 7.5 Dell PowerFlex Manager, version(s) Version prior to 4.8, contain(s) an Inclusion of Functionality from Untrusted Control Sphere vulnerability. An unauthenticated attacker with remote access could potentially exploit this…
« Anterior Página 85 de 4532 Siguiente »