Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-22329
2026-06-17
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Skillate
CVE-2026-22326
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Reprizo
CVE-2026-12348
2026-06-17
HIGH
7.4
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
CVE-2026-11311
2026-06-17
HIGH
8.1
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied…
CVE-2026-10850
2026-06-17
N/A
0.0
Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.
CVE-2026-11975
2026-06-17
N/A
0.0
Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without…
CVE-2025-69189
2026-06-17
HIGH
7.3
Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
CVE-2025-69166
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Gunslinger
CVE-2025-69158
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Granola
CVE-2025-69179
2026-06-17
CRITICAL
9.8
Unauthenticated Privilege Escalation in Support Ticket Management System
CVE-2025-69161
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Snowy
CVE-2025-69145
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Gat
CVE-2025-69130
2026-06-17
HIGH
8.8
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme
CVE-2025-69127
2026-06-17
CRITICAL
9.8
Unauthenticated PHP Object Injection in Plumbing
CVE-2025-69115
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme
CVE-2025-69106
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Imba
CVE-2025-60230
2026-06-17
CRITICAL
9.8
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
CVE-2025-69117
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Ingenioso
CVE-2025-62340
2026-06-17
LOW
3.1
HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period…
CVE-2025-60223
2026-06-17
HIGH
7.7
Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot
CVE-2024-47477
2026-06-17
MEDIUM
6.5
Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem…
CVE-2025-59554
2026-06-17
CRITICAL
9.3
Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
CVE-2025-59872
2026-06-17
MEDIUM
4.3
HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command…
CVE-2025-59560
2026-06-17
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Sonaar
CVE-2025-58953
2026-06-17
HIGH
8.1
Unauthenticated Local File Inclusion in Joly
CVE-2024-49269
2026-06-17
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in my flatonica
CVE-2024-37210
2026-06-17
MEDIUM
6.5
Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
CVE-2024-35648
2026-06-17
MEDIUM
4.3
Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.
CVE-2024-32729
2026-06-17
HIGH
7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot:…
CVE-2024-24709
2026-06-17
MEDIUM
4.3
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-48294
2026-06-17
HIGH
7.4
Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to…
CVE-2025-48571
2026-06-17
MEDIUM
4.3
In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead…
CVE-2026-0064
2026-06-17
MEDIUM
5.5
In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2026-0057
2026-06-17
LOW
3.3
In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to…
CVE-2026-28575
2026-06-17
MEDIUM
5.5
In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with…
CVE-2026-28576
2026-06-17
MEDIUM
5.5
In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution…
CVE-2026-28587
2026-06-17
MEDIUM
5.5
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no…
CVE-2026-12199
2026-06-17
HIGH
7.5
A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens…
CVE-2026-48776
2026-06-17
MEDIUM
4.2
LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL…
CVE-2026-47277
2026-06-17
MEDIUM
6.5
Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads…
CVE-2026-48788
2026-06-17
HIGH
8.2
Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability…
CVE-2026-48745
2026-06-17
CRITICAL
9.3
Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted…
CVE-2026-48782
2026-06-17
MEDIUM
6.8
Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be…
CVE-2026-48055
2026-06-17
CRITICAL
10.0
Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's…
CVE-2026-48797
2026-06-17
N/A
0.0
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control…
CVE-2026-55706
2026-06-17
MEDIUM
5.8
sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
CVE-2026-10094
2026-06-17
CRITICAL
9.8
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.
CVE-2026-47103
2026-06-17
CRITICAL
9.8
Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `` attributes…
CVE-2026-10641
2026-06-17
HIGH
7.1
Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND:…
CVE-2026-5667
2026-06-17
N/A
0.0
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan);…
« Anterior
Página 86 de 4532
Siguiente »
Page load link
Go to Top