Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25470 2026-06-17 CRITICAL 10.0 Improper Control of Generation of Code ('Code Injection') vulnerability in ACPT ACPT (Pro) - Custom Post Types Plugin for WordPress allows Remote Code Inclusion. This issue affects ACPT…
CVE-2026-25439 2026-06-17 HIGH 8.1 Unauthenticated Broken Authentication in Booknetic
CVE-2026-22343 2026-06-17 HIGH 8.6 Unauthenticated Broken Access Control in WordPress Dating Theme
CVE-2026-22340 2026-06-17 CRITICAL 9.3 Unauthenticated SQL Injection in WPJobster
CVE-2026-22334 2026-06-17 HIGH 7.5 Subscriber Arbitrary File Download in Woocommerce Book Price
CVE-2026-22331 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in AutoParts
CVE-2026-22327 2026-06-17 CRITICAL 9.9 Subscriber Arbitrary File Upload in Restaurt
CVE-2026-22325 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Promo
CVE-2026-12360 2026-06-17 HIGH 7.5 The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query parameter that is…
CVE-2026-12256 2026-06-17 HIGH 8.8 Contributor PHP Object Injection in Avada
CVE-2026-12165 2026-06-17 HIGH 8.8 The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and…
CVE-2026-12115 2026-06-17 MEDIUM 6.6 The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including,…
CVE-2025-69178 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Truemag
CVE-2025-69177 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Roneous
CVE-2025-69176 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in ITactics
CVE-2025-69173 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Tipsy
CVE-2025-69171 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Orpheus
CVE-2025-69168 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Spike
CVE-2025-69167 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Eros
CVE-2025-69165 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Choreo
CVE-2025-69163 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in WineShop
CVE-2025-69162 2026-06-17 HIGH 8.1 Unauthenticated Local File Inclusion in Grecko
CVE-2026-46914 2026-06-17 HIGH 7.1 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon…
CVE-2026-35303 2026-06-17 HIGH 8.8 Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-35285 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35284 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35283 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35282 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35281 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-35280 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows…
CVE-2026-8317 2026-06-17 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-46942 2026-06-17 HIGH 8.8 Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
CVE-2026-46940 2026-06-17 HIGH 8.8 Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-46939 2026-06-17 HIGH 8.1 Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows…
CVE-2026-46938 2026-06-17 HIGH 7.2 Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker…
CVE-2026-46937 2026-06-17 HIGH 8.8 Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low…
CVE-2026-46935 2026-06-17 HIGH 7.5 Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability…
CVE-2026-46934 2026-06-17 HIGH 7.5 Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability…
CVE-2026-46933 2026-06-17 CRITICAL 9.9 Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker…
CVE-2026-46958 2026-06-17 HIGH 7.5 Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged…
CVE-2026-12328 2026-06-16 HIGH 8.1 Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption…
CVE-2026-12329 2026-06-16 MEDIUM 5.3 Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.
CVE-2026-12330 2026-06-16 MEDIUM 5.4 Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.
CVE-2026-10635 2026-06-16 MEDIUM 6.3 On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node embedded inside the caller-owned…
CVE-2026-22313 2026-06-16 CRITICAL 9.1 The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker…
CVE-2026-22312 2026-06-16 HIGH 8.6 The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to…
CVE-2026-10303 2026-06-16 HIGH 7.4 In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used in challenge-file handling,…
CVE-2026-10748 2026-06-16 N/A 0.0 An authenticated user with the nx-licensing-create privilege can upload a specially crafted license file to execute arbitrary operating system commands as the Nexus process user in Sonatype Nexus…
CVE-2026-12313 2026-06-16 MEDIUM 4.7 Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
CVE-2026-48775 2026-06-16 MEDIUM 6.8 LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). In versions 4.1.0 and prior, the JsonPlusSerializer can reconstruct…
« Anterior Página 88 de 4528 Siguiente »