Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-22329 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Skillate
CVE-2026-22326 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Reprizo
CVE-2026-12348 2026-06-17 HIGH 7.4 Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.
CVE-2026-11311 2026-06-17 HIGH 8.1 When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied…
CVE-2026-10850 2026-06-17 N/A 0.0 Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.
CVE-2026-11975 2026-06-17 N/A 0.0 Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent fields, which are stored without…
CVE-2025-69189 2026-06-17 HIGH 7.3 Missing Authorization vulnerability in EMV JobBank allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobBank: from n/a through 1.2.3.
CVE-2025-69166 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Gunslinger
CVE-2025-69158 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Granola
CVE-2025-69179 2026-06-17 CRITICAL 9.8 Unauthenticated Privilege Escalation in Support Ticket Management System
CVE-2025-69161 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Snowy
CVE-2025-69145 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Gat
CVE-2025-69130 2026-06-17 HIGH 8.8 Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme
CVE-2025-69127 2026-06-17 CRITICAL 9.8 Unauthenticated PHP Object Injection in Plumbing
CVE-2025-69115 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in LuxMed | Medicine & Healthcare Doctor WordPress Theme
CVE-2025-69106 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Imba
CVE-2025-60230 2026-06-17 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
CVE-2025-69117 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Ingenioso
CVE-2025-62340 2026-06-17 LOW 3.1 HCL iControl was affected by Inadequate Session Timeout vulnerability. The vulnerability involves a security risk where a web application fails to automatically terminate user sessions after a period…
CVE-2025-60223 2026-06-17 HIGH 7.7 Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot
CVE-2024-47477 2026-06-17 MEDIUM 6.5 Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem…
CVE-2025-59554 2026-06-17 CRITICAL 9.3 Unauthenticated SQL Injection in Advanced Ads – Tracking < 3.0.7 versions.
CVE-2025-59872 2026-06-17 MEDIUM 4.3 HCL ZIE for Web is affetced by an Unrestricted File Upload vulnerability, If the server is configured to execute code, then it may be possible to obtain command…
CVE-2025-59560 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Sonaar
CVE-2025-58953 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Joly
CVE-2024-49269 2026-06-17 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in my flatonica
CVE-2024-37210 2026-06-17 MEDIUM 6.5 Missing Authorization vulnerability in ali2woo AliNext allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects AliNext: from n/a through 3.3.5.
CVE-2024-35648 2026-06-17 MEDIUM 4.3 Cross-Site request forgery (CSRF) vulnerability in Andy Moyle Emergency Password Reset allows Cross Site Request Forgery. This issue affects Emergency Password Reset: from n/a through 8.0.
CVE-2024-32729 2026-06-17 HIGH 7.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot:…
CVE-2024-24709 2026-06-17 MEDIUM 4.3 Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2026-48294 2026-06-17 HIGH 7.4 Adobe Acrobat PDF Extension (Chrome) versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to…
CVE-2025-48571 2026-06-17 MEDIUM 4.3 In multiple functions of btm_sec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead…
CVE-2026-0064 2026-06-17 MEDIUM 5.5 In multiple places, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges…
CVE-2026-0057 2026-06-17 LOW 3.3 In Contacts Provider, there is a possible way to access an incoming call's phone number and associated metadata due to a missing permission check. This could lead to…
CVE-2026-28575 2026-06-17 MEDIUM 5.5 In PackageInstaller.Session#transfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with…
CVE-2026-28576 2026-06-17 MEDIUM 5.5 In Contacts Provider, there is a possible way to access the contacts database due to SQL injection. This could lead to local information disclosure with no additional execution…
CVE-2026-28587 2026-06-17 MEDIUM 5.5 In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no…
CVE-2026-12199 2026-06-17 HIGH 7.5 A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. The server listens…
CVE-2026-48776 2026-06-17 MEDIUM 4.2 LangGraph Python SDK is used to connect to running LangGraph API servers, manage assistants, threads and stream runs from Python applications. Versions 0.3.14 and prior have unsafe URL…
CVE-2026-47277 2026-06-17 MEDIUM 6.5 Runtipi is a personal homeserver orchestrator. In versions 4.9.1 through 4.9.3, Runtipi serves marketplace app logos from files inside cloned app-store repositories through an unauthenticated endpoint, which leads…
CVE-2026-48788 2026-06-17 HIGH 8.2 Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability…
CVE-2026-48745 2026-06-17 CRITICAL 9.3 Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted…
CVE-2026-48782 2026-06-17 MEDIUM 6.8 Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. In versions 1.56.0 through 1.101.0, 2.0.0b1, and 2.0.0b2, the cloud-metadata blocklist could be…
CVE-2026-48055 2026-06-17 CRITICAL 10.0 Streambert is a cross-platform Electron Desktop App to stream and download any video media. In versions 2.4.0 and prior, a high-severity Zip Slip vulnerability was identified in Streambert's…
CVE-2026-48797 2026-06-17 N/A 0.0 Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the optional Reflex web UI exposes a training control…
CVE-2026-55706 2026-06-17 MEDIUM 5.8 sppp_pap_input in sys/net/if_spppsubr.c in OpenBSD before 076e2b1 allows authentication bypass via certain zero values for lengths.
CVE-2026-10094 2026-06-17 CRITICAL 9.8 A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.
CVE-2026-47103 2026-06-17 CRITICAL 9.8 Python StateMachine versions 3.0.0 before 3.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary code by supplying malicious SCXML documents containing crafted `` attributes…
CVE-2026-10641 2026-06-17 HIGH 7.1 Zephyr's Bluetooth Classic Hands-Free Profile (HFP) Hands-Free role parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND:…
CVE-2026-5667 2026-06-17 N/A 0.0 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners (for Japan and outside Japan); Wireless LAN Adapters for Room Air Conditioners (for Japan and outside Japan);…
« Anterior Página 86 de 4532 Siguiente »