Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36422 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized…
CVE-2026-1014 2026-03-25 MEDIUM 6.5 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to exposure of sensitive information via JSON server response manipulation.
CVE-2026-33732 2026-03-26 MEDIUM 4.8 srvx is a universal server based on web standards. Prior to version 0.11.13, a pathname parsing discrepancy in srvx's `FastURL` allows middleware bypass on the Node.js adapter when…
CVE-2026-33504 2026-03-26 HIGH 7.2 Ory Hydra is an OAuth 2.0 Server and OpenID Connect Provider. Prior to version 26.2.0, the listOAuth2Clients, listOAuth2ConsentSessions, and listTrustedOAuth2JwtGrantIssuers Admin APIs in Ory Hydra are vulnerable to…
CVE-2026-33503 2026-03-26 HIGH 7.2 Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 26.2.0, the ListCourierMessages Admin API in Ory Kratos is vulnerable to SQL…
CVE-2026-33496 2026-03-26 HIGH 8.1 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33495 2026-03-26 MEDIUM 6.5 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Ory Oathkeeper is often…
CVE-2026-33494 2026-03-26 CRITICAL 10.0 ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0…
CVE-2026-33487 2026-03-26 HIGH 7.5 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one…
CVE-2026-33486 2026-03-26 MEDIUM 6.8 Roadiz is a polymorphic content management system based on a node system that can handle many types of services. A vulnerability in roadiz/documents prior to versions 2.7.9, 2.6.28,…
CVE-2026-33481 2026-03-26 MEDIUM 5.3 Syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Syft versions before v1.42.3 would not…
CVE-2026-33470 2026-03-26 MEDIUM 6.5 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In version 0.17.0, a low-privilege authenticated user restricted to one camera can access…
CVE-2026-33438 2026-03-26 MEDIUM 6.5 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of…
CVE-2026-33015 2026-03-26 MEDIUM 5.2 EVerest is an EV charging software stack. Prior to version 2026.02.0, even immediately after CSMS performs a RemoteStop (StopTransaction), the EVSE can return to `PrepareCharging` via the EV's…
CVE-2026-1015 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially…
CVE-2026-1262 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
CVE-2026-2483 2026-03-25 MEDIUM 5.4 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially…
CVE-2025-36438 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
CVE-2026-2484 2026-03-25 MEDIUM 4.3 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages
CVE-2026-2485 2026-03-25 MEDIUM 4.8 IBM Infosphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2026-32120 2026-03-25 MEDIUM 6.5 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, an Insecure Direct Object Reference (IDOR) vulnerability in the…
CVE-2026-33348 2026-03-25 HIGH 8.7 OpenEMR is a free and open source electronic health records and medical practice management application. Users with the `Notes - my encounters` role can fill Eye Exam forms in patient encounters. The…
CVE-2026-33909 2026-03-25 MEDIUM 5.9 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, several variables in the MedEx recall/reminder processing code are…
CVE-2025-36440 2026-03-25 MEDIUM 5.1 IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
CVE-2025-64646 2026-03-25 MEDIUM 6.2 IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
CVE-2025-64647 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2025-64648 2026-03-25 MEDIUM 5.9 IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
CVE-2026-33223 2026-03-25 MEDIUM 6.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, the NATS message header `Nats-Request-Info:` is supposed to…
CVE-2026-33222 2026-03-25 MEDIUM 4.9 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore…
CVE-2026-33247 2026-03-25 HIGH 7.4 NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, if a nats-server is run with static credentials…
CVE-2026-4867 2026-03-26 HIGH 7.5 Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period (.).…
CVE-2026-3116 2026-03-26 MEDIUM 4.9 Mattermost Plugins versions
CVE-2026-3115 2026-03-26 MEDIUM 4.3 Mattermost versions 11.2.x
CVE-2026-3114 2026-03-26 MEDIUM 6.5 Mattermost versions 11.4.x
CVE-2026-3113 2026-03-26 MEDIUM 5.0 Mattermost versions 11.4.x
CVE-2026-3112 2026-03-26 MEDIUM 6.8 Mattermost versions 11.4.x
CVE-2026-3109 2026-03-26 LOW 2.2 Mattermost Plugins versions
CVE-2026-3108 2026-03-26 HIGH 8.0 Mattermost versions 11.2.x
CVE-2026-34071 2026-03-26 MEDIUM 5.4 Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized…
CVE-2026-33636 2026-03-26 HIGH 7.6 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds…
CVE-2026-33468 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. Prior to version 0.28.14, Kysely's `DefaultQueryCompiler.sanitizeStringLiteral()` only escapes single quotes by doubling them (`'` → `''`) but does not escape…
CVE-2026-33442 2026-03-26 HIGH 8.1 Kysely is a type-safe TypeScript SQL query builder. In versions 0.28.12 and 0.28.13, the `sanitizeStringLiteral` method in Kysely's query compiler escapes single quotes (`'` → `''`) but does…
CVE-2026-33430 2026-03-26 HIGH 7.3 Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase…
CVE-2026-33416 2026-03-26 HIGH 7.5 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and…
CVE-2026-33402 2026-03-26 N/A 0.0 Sakai is a Collaboration and Learning Environment (CLE). In versions 23.0 through 23.4 and 25.0 through 25.1, group titles and description can contain cross-site scripting scripts. The patch…
CVE-2026-33009 2026-03-26 HIGH 8.2 EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB (potential memory corruption). This is triggered by an MQTT…
CVE-2026-32846 2026-03-26 N/A 0.0 OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the…
CVE-2026-29044 2026-03-26 MEDIUM 5.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, when WithdrawAuthorization is processed before the TransactionStarted event, AuthHandler determines `transaction_active=false` and only calls `withdraw_authorization_callback`. This path…
CVE-2026-27828 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to version 2026.02.0, ISO15118_chargerImpl::handle_session_setup uses v2g_ctx after it has been freed when ISO15118 initialization fails (e.g., no IPv6 link-local address).…
CVE-2026-27816 2026-03-26 N/A 0.0 EVerest is an EV charging software stack. Prior to versions to 2026.02.0, ISO15118_chargerImpl::handle_update_energy_transfer_modes copies a variable-length list into a fixed-size array of length 6 without bounds checking. With…
« Anterior Página 9 de 4099 Siguiente »