Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-25440
2026-06-15
MEDIUM
5.3
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
CVE-2026-25425
2026-06-15
HIGH
7.5
Unauthenticated Broken Access Control in User Registration
CVE-2026-24637
2026-06-15
HIGH
8.5
Contributor SQL Injection in PowerPress Podcasting
CVE-2026-23970
2026-06-15
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7
CVE-2025-69332
2026-06-15
MEDIUM
6.5
Subscriber Broken Access Control in Bookify
CVE-2025-68872
2026-06-15
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics
CVE-2025-68851
2026-06-15
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit
CVE-2025-68840
2026-06-15
HIGH
7.1
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO
CVE-2025-68049
2026-06-15
MEDIUM
6.3
Subscriber Broken Access Control in bunny.net
CVE-2025-60175
2026-06-15
MEDIUM
4.4
Administrator Server Side Request Forgery (SSRF) in PopAd
CVE-2025-59133
2026-06-15
HIGH
7.5
Custom role Insecure Direct Object References (IDOR) in Projectopia
CVE-2026-53705
2026-06-15
HIGH
7.6
A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 *…
CVE-2026-53704
2026-06-15
HIGH
7.1
A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name…
CVE-2026-53703
2026-06-15
HIGH
7.1
A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For…
CVE-2026-52722
2026-06-15
HIGH
7.1
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length…
CVE-2026-52721
2026-06-15
MEDIUM
5.3
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used…
CVE-2026-52720
2026-06-15
HIGH
8.8
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server…
CVE-2026-52719
2026-06-15
HIGH
7.1
An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it…
CVE-2026-52718
2026-06-15
MEDIUM
6.5
A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a…
CVE-2026-9595
2026-06-15
MEDIUM
5.3
Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it…
CVE-2026-5038
2026-06-15
MEDIUM
5.3
Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on…
CVE-2026-5079
2026-06-15
HIGH
7.5
Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses…
CVE-2026-44188
2026-06-15
MEDIUM
5.3
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If…
CVE-2026-11860
2026-06-15
N/A
0.0
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because…
CVE-2026-38065
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
CVE-2026-38064
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
CVE-2026-38063
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
CVE-2026-38062
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
CVE-2026-38061
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
CVE-2026-38060
2026-06-15
N/A
0.0
Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
CVE-2026-34030
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions,…
CVE-2026-34029
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and…
CVE-2026-34028
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download…
CVE-2026-34027
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value…
CVE-2026-34026
2026-06-15
N/A
0.0
Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without…
CVE-2026-34025
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with…
CVE-2026-34024
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible…
CVE-2026-34023
2026-06-15
N/A
0.0
The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user…
CVE-2026-34022
2026-06-15
N/A
0.0
The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can…
CVE-2026-34021
2026-06-15
N/A
0.0
The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication…
CVE-2026-9863
2026-06-15
HIGH
7.5
Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client…
CVE-2026-9862
2026-06-15
CRITICAL
9.8
Fortra's Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to…
CVE-2026-12057
2026-06-15
HIGH
8.6
When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded,…
CVE-2026-8683
2026-06-15
MEDIUM
6.5
Mattermost Desktop App versions
CVE-2026-6517
2026-06-15
MEDIUM
6.3
Mattermost Desktop App versions
CVE-2026-8358
2026-06-15
N/A
0.0
LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of…
CVE-2026-8357
2026-06-15
N/A
0.0
LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array…
CVE-2026-8356
2026-06-15
N/A
0.0
LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the…
CVE-2026-6047
2026-06-15
N/A
0.0
LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was…
CVE-2026-6045
2026-06-15
N/A
0.0
LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points…
« Anterior
Página 98 de 4528
Siguiente »
Page load link
Go to Top