Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2021-47776	2026-01-15	MEDIUM	5.3	Umbraco CMS v8.14.1 contains a server-side request forgery vulnerability that allows attackers to manipulate baseUrl parameters in multiple dashboard and help controller endpoints. Attackers can craft malicious requests…
CVE-2021-47775	2026-01-15	HIGH	8.4	YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler.…
CVE-2021-47774	2026-01-15	CRITICAL	9.8	Kingdia CD Extractor 3.0.2 contains a buffer overflow vulnerability in the registration name field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload exceeding…
CVE-2021-47766	2026-01-15	HIGH	7.1	Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based,…
CVE-2021-47765	2026-01-15	MEDIUM	6.2	AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating username and error report fields. Attackers can trigger the crash…
CVE-2021-47764	2026-01-15	MEDIUM	6.2	AbsoluteTelnet 11.24 contains a denial of service vulnerability that allows local attackers to crash the application by manipulating DialUp connection and license name fields. Attackers can generate a…
CVE-2021-47763	2026-01-15	HIGH	8.2	Aimeos 2021.10 LTS contains a SQL injection vulnerability in the json api 'sort' parameter that allows attackers to inject malicious database queries. Attackers can manipulate the sort parameter…
CVE-2021-47762	2026-01-15	HIGH	7.8	HTTPDebuggerPro 9.11 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path…
CVE-2021-47761	2026-01-15	HIGH	7.8	MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with…
CVE-2021-47760	2026-01-15	CRITICAL	9.8	TestLink versions 1.16 through 1.19 contain an unauthenticated file download vulnerability in the attachmentdownload.php endpoint. Attackers can download arbitrary files by iterating file IDs through the 'id' parameter…
CVE-2021-47759	2026-01-15	MEDIUM	6.2	MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command…
CVE-2021-47758	2026-01-15	HIGH	8.8	Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability that allows attackers to upload malicious PHP plugins through the module upload functionality. Authenticated attackers can…
CVE-2021-47757	2026-01-15	HIGH	8.8	Chikitsa Patient Management System 2.0.2 contains an authenticated remote code execution vulnerability in the backup restoration functionality. Authenticated attackers can upload a modified backup zip file with a…
CVE-2026-0992	2026-01-15	LOW	2.9	A flaw was found in the libxml2 library. This uncontrolled resource consumption vulnerability occurs when processing XML catalogs that contain repeated elements pointing to the same downstream catalog.…
CVE-2026-0990	2026-01-15	MEDIUM	5.9	A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry…
CVE-2026-0989	2026-01-15	LOW	3.7	A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth…
CVE-2025-71019	2026-01-15	HIGH	7.5	Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-70744	2026-01-15	HIGH	7.5	Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the cloneType parameter of the sub_65B5C function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2026-22646	2026-01-15	MEDIUM	4.3	Certain error messages returned by the application expose internal system details that should not be visible to end users, providing attackers with valuable reconnaissance information (like file paths,…
CVE-2026-22645	2026-01-15	MEDIUM	5.3	The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components.
CVE-2026-22644	2026-01-15	MEDIUM	5.3	Certain requests pass the authentication token in the URL as string query parameter, making it vulnerable to theft through server logs, proxy logs and Referer headers, which could…
CVE-2026-22643	2026-01-15	HIGH	8.3	In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects…
CVE-2026-22642	2026-01-15	MEDIUM	4.2	An open redirect vulnerability has been identified in Grafana OSS organization switching functionality. Prerequisites for exploitation: - Multiple organizations must exist in the Grafana instance - Victim must…
CVE-2026-22641	2026-01-15	MEDIUM	5.0	This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could…
CVE-2026-22640	2026-01-15	MEDIUM	5.5	An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint.…
CVE-2026-22639	2026-01-15	MEDIUM	4.3	Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed…
CVE-2026-22638	2026-01-15	HIGH	8.3	A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that…
CVE-2026-0897	2026-01-15	N/A	0.0	Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service (DoS) through…
CVE-2025-13859	2026-01-15	MEDIUM	6.4	The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in…
CVE-2025-13062	2026-01-15	HIGH	8.8	The Supreme Modules Lite plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.5.62. This is due to insufficient file type…
CVE-2025-12895	2026-01-15	MEDIUM	5.3	The Kalium 3 \| Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium_vc_contact_form_request() function…
CVE-2026-22920	2026-01-15	LOW	3.7	The device's passwords have not been adequately salted, making them vulnerable to password extraction attacks.
CVE-2026-22919	2026-01-15	LOW	3.8	An attacker with administrative access may inject malicious content into the login page, potentially enabling cross-site scripting (XSS) attacks, leading to the extraction of sensitive data.
CVE-2026-22918	2026-01-15	MEDIUM	4.3	An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, leading to the extraction of sensitive data.
CVE-2026-22917	2026-01-15	MEDIUM	4.3	Improper input handling in a system endpoint may allow attackers to overload resources, causing a denial of service.
CVE-2026-22916	2026-01-15	MEDIUM	4.3	An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or…
CVE-2026-22915	2026-01-15	MEDIUM	4.3	An attacker with low privileges may be able to read files from specific directories on the device, potentially exposing sensitive information.
CVE-2026-22914	2026-01-15	MEDIUM	4.3	An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation.
CVE-2026-22913	2026-01-15	MEDIUM	4.3	Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data.
CVE-2026-22912	2026-01-15	MEDIUM	4.3	Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting…
CVE-2026-22911	2026-01-15	MEDIUM	5.3	Firmware update files may expose password hashes for system accounts, which could allow a remote attacker to recover credentials and gain unauthorized access to the device.
CVE-2026-22910	2026-01-15	HIGH	7.5	The device is deployed with weak and publicly known default passwords for certain hidden user levels, increasing the risk of unauthorized access. This represents a high risk to…
CVE-2026-22909	2026-01-15	HIGH	7.5	Certain system functions may be accessed without proper authorization, allowing attackers to start, stop, or delete installed applications, potentially disrupting system operations.
CVE-2026-22908	2026-01-15	CRITICAL	9.1	Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality.
CVE-2026-22907	2026-01-15	CRITICAL	9.9	An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVE-2026-22637	2026-01-15	MEDIUM	6.8	The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make…
CVE-2026-0976	2026-01-15	LOW	3.7	A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may…
CVE-2026-0713	2026-01-15	HIGH	8.3	A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers…
CVE-2026-0712	2026-01-15	HIGH	7.6	An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect…
CVE-2025-14457	2026-01-15	LOW	3.7	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing ownership check in…

« Anterior Página 94 de 3929 Siguiente »