Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-43482 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which prevents scx_error() from triggering…
CVE-2026-43481 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsg_reply() genlmsg_reply() hands the reply skb to netlink, and netlink_unicast() consumes it…
CVE-2026-43480 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return…
CVE-2026-43479 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN…
CVE-2026-43478 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in…
CVE-2026-43477 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE…
CVE-2026-43476 2026-05-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead of…
CVE-2026-42854 2026-05-12 CRITICAL 9.8 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a Variable…
CVE-2026-42844 2026-05-12 N/A 0.0 Grav is a file-based Web platform. In Grav 2.0.0-beta.2, a low-privileged authenticated API user with api.media.write can abuse /api/v1/blueprint-upload to write an arbitrary YAML file into user/accounts/, then…
CVE-2026-39806 2026-05-13 N/A 0.0 Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in mtrudel bandit allows unauthenticated remote denial of service via worker process exhaustion. 'Elixir.Bandit.HTTP1.Socket':do_read_chunked_data!/5 in lib/bandit/http1/socket.ex terminates only when the…
CVE-2026-39803 2026-05-13 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The chunked clause of 'Elixir.Bandit.HTTP1.Socket':read_data/2 in lib/bandit/http1/socket.ex ignores…
CVE-2026-2725 2026-05-13 N/A 0.0 Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code…
CVE-2026-23827 2026-05-12 HIGH 7.5 A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful…
CVE-2026-23826 2026-05-12 HIGH 7.5 A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to…
CVE-2026-23825 2026-05-12 HIGH 7.5 Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected…
CVE-2026-42289 2026-05-12 HIGH 8.8 ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An…
CVE-2026-42288 2026-05-12 CRITICAL 10.0 ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized…
CVE-2026-42158 2026-05-12 N/A 0.0 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update…
CVE-2026-42157 2026-05-12 N/A 0.0 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a…
CVE-2026-42156 2026-05-12 N/A 0.0 Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious…
CVE-2026-41901 2026-05-12 CRITICAL 9.0 Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf. Although…
CVE-2026-44296 2026-05-12 HIGH 7.5 Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default).…
CVE-2026-44262 2026-05-12 CRITICAL 9.4 Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, request supplied data may…
CVE-2026-44258 2026-05-12 N/A 0.0 efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the…
CVE-2026-44257 2026-05-12 N/A 0.0 efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry name such…
CVE-2026-42545 2026-05-12 MEDIUM 5.9 Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header…
CVE-2026-42544 2026-05-12 HIGH 7.5 Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose…
CVE-2026-42855 2026-05-12 HIGH 7.5 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer Digest authentication implementation in arduino-esp32 computes the authentication…
CVE-2024-47091 2026-05-13 N/A 0.0 Privilege escalation in the mk_mysql agent plugin on Windows in Checkmk
CVE-2026-5146 2026-05-12 N/A 0.0 Improper access control in the notification management endpoints in Devolutions Server allows an unauthenticated attacker to modify or delete arbitrary user notification records via missing session validation. This…
CVE-2026-8407 2026-05-12 N/A 0.0 Missing authorization in the PAM module in Devolutions Server allows an authenticated user with a PAM license but no additional permissions to obtain OTP secret keys and recovery…
CVE-2026-8369 2026-05-13 N/A 0.0 Improper Input Validation in the NAT64 translator in The OpenThread Authors OpenThread before commit 26a882d on all platforms allows an attacker on the adjacent IPv4 network to inject…
CVE-2026-29204 2026-05-12 CRITICAL 9.1 Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the…
CVE-2026-8052 2026-05-12 MEDIUM 6.0 HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink…
CVE-2026-7474 2026-05-12 HIGH 8.8 HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability (CVE-2026-7474) is fixed in…
CVE-2026-6959 2026-05-12 MEDIUM 6.0 HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink…
CVE-2026-8108 2026-05-12 HIGH 7.8 The installation of Fuji Tellus adds a driver to the kernel which grants all users read and write permissions.
CVE-2026-35555 2026-05-12 MEDIUM 6.3 PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.
CVE-2026-33570 2026-05-12 MEDIUM 5.7 PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.
CVE-2026-26289 2026-05-12 HIGH 8.2 PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.
CVE-2026-35504 2026-05-12 MEDIUM 5.5 PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
CVE-2025-65088 2026-05-12 N/A 0.0 An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or…
CVE-2025-65087 2026-05-12 N/A 0.0 An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or…
CVE-2025-65086 2026-05-12 N/A 0.0 An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code…
CVE-2026-20767 2026-05-12 N/A 0.0 Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
CVE-2026-20714 2026-05-12 N/A 0.0 Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with…
CVE-2026-20914 2026-05-12 N/A 0.0 Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2026-20905 2026-05-12 N/A 0.0 Improper input validation for some Intel(R) QAT software drivers for Windows before version 2.6 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2026-20887 2026-05-12 N/A 0.0 Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated…
CVE-2026-20881 2026-05-12 N/A 0.0 Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
« Anterior Página 9 de 4294 Siguiente »