Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-65368	2026-01-15	MEDIUM	6.1	SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.
CVE-2025-60011	2026-01-15	MEDIUM	5.8	An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based…
CVE-2025-60007	2026-01-15	MEDIUM	5.5	A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges…
CVE-2025-60003	2026-01-15	HIGH	7.5	A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service…
CVE-2025-59961	2026-01-15	MEDIUM	5.5	An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user…
CVE-2025-59960	2026-01-15	HIGH	7.4	An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client…
CVE-2025-59959	2026-01-15	MEDIUM	5.5	An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges…
CVE-2025-52987	2026-01-15	MEDIUM	6.1	A clickjacking vulnerability exists in the web portal of Juniper Networks Paragon Automation (Pathfinder, Planner, Insights) due to the application's failure to set appropriate X-Frame-Options and X-Content-Type HTTP…
CVE-2026-23766	2026-01-15	MEDIUM	4.1	Istio through 1.28.2 allows iptables rule injection for changing firewall behavior via the traffic.sidecar.istio.io/excludeInterfaces annotation. NOTE: the reporter's position is "this doesn't represent a security vulnerability (pod creators…
CVE-2026-23746	2026-01-15	N/A	0.0	Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure…
CVE-2026-23622	2026-01-15	N/A	0.0	Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform…
CVE-2026-23527	2026-01-15	HIGH	8.9	H3 is a minimal H(TTP) framework built for high performance and portability. Prior to 1.15.5, there is a critical HTTP Request Smuggling vulnerability. readRawBody is doing a strict…
CVE-2026-23520	2026-01-15	CRITICAL	9.0	Arcane provides modern docker management. Prior to 1.13.0, Arcane has a command injection in the updater service. Arcane’s updater service supported lifecycle labels com.getarcaneapp.arcane.lifecycle.pre-update and com.getarcaneapp.arcane.lifecycle.post-update that allowed…
CVE-2026-23519	2026-01-15	N/A	0.0	RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to…
CVE-2026-23511	2026-01-15	MEDIUM	5.3	ZITADEL is an open source identity management platform. Prior to 4.9.1 and 3.4.6, a user enumeration vulnerability has been discovered in Zitadel's login interfaces. An unauthenticated attacker can…
CVE-2025-65349	2026-01-15	MEDIUM	5.4	A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to execute arbitrary scripts via a crafted…
CVE-2025-15265	2026-01-15	N/A	0.0	An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a to terminate the script and inject arbitrary JavaScript.…
CVE-2024-48077	2026-01-15	HIGH	7.5	An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue…
CVE-2026-22803	2026-01-15	N/A	0.0	SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental form remote function uses a binary data format containing…
CVE-2026-22775	2026-01-15	HIGH	7.5	Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.1.0 to 5.6.1, certain inputs can cause devalue.parse to…
CVE-2026-22774	2026-01-15	HIGH	7.5	Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From 5.3.0 to 5.6.1, certain inputs can cause devalue.parse to…
CVE-2026-22249	2026-01-15	HIGH	7.1	Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature (ZipSlip). In apps/server/src/integrations/import/utils/file.utils.ts,…
CVE-2026-0227	2026-01-15	N/A	0.0	A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue…
CVE-2025-70303	2026-01-15	MEDIUM	5.5	A heap overflow in the uncv_parse_config() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file.
CVE-2025-70302	2026-01-15	MEDIUM	5.5	A heap overflow in the ghi_dmx_declare_opid_bin() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-67647	2026-01-15	N/A	0.0	SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable to a server side request forgery (SSRF) and denial…
CVE-2025-13845	2026-01-15	N/A	0.0	CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file (SSD file) into Rapsody.
CVE-2025-13844	2026-01-15	N/A	0.0	CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file (SSD file) shared by the attacker into Rapsody.
CVE-2025-9014	2026-01-15	N/A	0.0	A Null Pointer Dereference vulnerability exists in the referer header check of the web portal of TP-Link TL-WR841N v14, caused by improper input validation. A remote, unauthenticated attacker can…
CVE-2025-70307	2026-01-15	HIGH	7.5	A stack overflow in the dump_ttxt_sample function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
CVE-2025-70299	2026-01-15	MEDIUM	6.5	A heap overflow in the avi_parse_input_file() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted AVI file.
CVE-2025-36911	2026-01-15	HIGH	7.1	In key-based pairing, there is a possible ID due to a logic error in the code. This could lead to remote (proximal/adjacent) information disclosure of user's conversations and…
CVE-2026-0823	2026-01-16	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-23714	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-23713	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-23712	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-23711	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-23710	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-23709	2026-01-16	N/A	0.0	Rejected reason: Not used
CVE-2026-1012	2026-01-15	N/A	0.0	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2026-23496	2026-01-15	MEDIUM	5.4	Pimcore Web2Print Tools Bundle adds tools for web-to-print use cases to Pimcore. Prior to 5.2.2 and 6.1.1, the application fails to enforce proper server-side authorization checks on the…
CVE-2026-23494	2026-01-15	MEDIUM	4.3	Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the application fails to enforce proper server-side authorization checks on the API endpoint…
CVE-2026-23493	2026-01-15	HIGH	8.6	Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, the http_error_log file stores the $_COOKIE and $_SERVER variables, which means sensitive information…
CVE-2025-70305	2026-01-15	MEDIUM	5.5	A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
CVE-2025-62193	2026-01-15	CRITICAL	9.8	Sites running NOAA PMEL Live Access Server (LAS) are vulnerable to remote code execution via specially crafted requests that include PyFerret expressions. By leveraging a SPAWN command, a…
CVE-2021-47773	2026-01-15	HIGH	7.8	Dynojet Power Core 2.3.0 contains an unquoted service path vulnerability in the DJ.UpdateService that allows local authenticated users to potentially execute code with elevated privileges. Attackers can exploit…
CVE-2021-47772	2026-01-15	CRITICAL	9.8	10-Strike Network Inventory Explorer Pro 9.31 contains a buffer overflow vulnerability in the text file import functionality that allows remote code execution. Attackers can craft a malicious text…
CVE-2021-47771	2026-01-15	MEDIUM	6.2	RDP Manager 4.9.9.3 contains a denial of service vulnerability in connection input fields that allows local attackers to crash the application. Attackers can add oversized entries in Verbindungsname…
CVE-2021-47769	2026-01-15	HIGH	7.2	Isshue Shopping Cart 3.5 contains a persistent cross-site scripting vulnerability in title input fields across stock, customer, and invoice modules. Attackers with privileged user accounts can inject malicious…
CVE-2021-47768	2026-01-15	MEDIUM	6.1	ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with…

« Anterior Página 92 de 3928 Siguiente »