Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-25440 2026-06-15 MEDIUM 5.3 Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
CVE-2026-25425 2026-06-15 HIGH 7.5 Unauthenticated Broken Access Control in User Registration
CVE-2026-24637 2026-06-15 HIGH 8.5 Contributor SQL Injection in PowerPress Podcasting
CVE-2026-23970 2026-06-15 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7
CVE-2025-69332 2026-06-15 MEDIUM 6.5 Subscriber Broken Access Control in Bookify
CVE-2025-68872 2026-06-15 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics
CVE-2025-68851 2026-06-15 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit
CVE-2025-68840 2026-06-15 HIGH 7.1 Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO
CVE-2025-68049 2026-06-15 MEDIUM 6.3 Subscriber Broken Access Control in bunny.net
CVE-2025-60175 2026-06-15 MEDIUM 4.4 Administrator Server Side Request Forgery (SSRF) in PopAd
CVE-2025-59133 2026-06-15 HIGH 7.5 Custom role Insecure Direct Object References (IDOR) in Projectopia
CVE-2026-53705 2026-06-15 HIGH 7.6 A flaw was found in GStreamer's WavPack audio decoder in gst-plugins-good. When processing a specially crafted WavPack file, an integer overflow in the buffer size calculation (4 *…
CVE-2026-53704 2026-06-15 HIGH 7.1 A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package. When processing a RealMedia file containing a specially crafted FILEINFO metadata section, the demuxer parses variable-name…
CVE-2026-53703 2026-06-15 HIGH 7.1 A vulnerability was found in the GStreamer RealMedia demuxer (gst-plugins-ugly). When processing a RealMedia (.rm) file, the demuxer parses MDPR (media properties) chunks to configure audio streams. For…
CVE-2026-52722 2026-06-15 HIGH 7.1 A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length…
CVE-2026-52721 2026-06-15 MEDIUM 5.3 Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used…
CVE-2026-52720 2026-06-15 HIGH 8.8 A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server…
CVE-2026-52719 2026-06-15 HIGH 7.1 An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it…
CVE-2026-52718 2026-06-15 MEDIUM 6.5 A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gst_av1_parser_parse_tile_list_obu() function passes a byte count to a bit-reader API that expects a…
CVE-2026-9595 2026-06-15 MEDIUM 5.3 Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it…
CVE-2026-5038 2026-06-15 MEDIUM 5.3 Impact: multer versions 2.0.0-alpha.1 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on…
CVE-2026-5079 2026-06-15 HIGH 7.5 Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses…
CVE-2026-44188 2026-06-15 MEDIUM 5.3 A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If…
CVE-2026-11860 2026-06-15 N/A 0.0 Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because…
CVE-2026-38065 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_ims_on_with_apn via the ims_apn parameter.
CVE-2026-38064 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_dial_call via the dialNumber parameter.
CVE-2026-38063 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_radio_on_with_ia_apn via the ia parameter.
CVE-2026-38062 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_rat_mode via the ratMode parameter.
CVE-2026-38061 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_set_volume via the volume parameter.
CVE-2026-38060 2026-06-15 N/A 0.0 Tenda 5G03 V05.03.02.04 (Version 1.0) is vulnerable to Command injection in the function action_unlock_sim via the pin parameter.
CVE-2026-34030 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions,…
CVE-2026-34029 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a hard-coded cryptographic key in the SafeSystem.Infrastructure.Security.dll component. An attacker with access to the application files can reverse engineer the DLL and…
CVE-2026-34028 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, exposes web-accessible file paths that are not protected by an authorization scheme. An unauthenticated attacker can directly access HTTP endpoints to download…
CVE-2026-34027 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains insufficient server-side file type validation in the /safe/contract/uploadcustomdocuments endpoint. The application validates uploaded files based on the user-controlled HTTP Content-Type value…
CVE-2026-34026 2026-06-15 N/A 0.0 Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains a path traversal vulnerability in the documentName parameter of the /safe/selfservice/openselfservicedocument endpoint. The application constructs a file path using attacker-controlled input without…
CVE-2026-34025 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an IP restriction bypass vulnerability in the login process. The application restricts user logins based on the IP address associated with…
CVE-2026-34024 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible…
CVE-2026-34023 2026-06-15 N/A 0.0 The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains an incorrect authorization vulnerability in the WebSocket communication used by the SafeController WebMessageBroker. An authenticated attacker with valid low-privileged branch user…
CVE-2026-34022 2026-06-15 N/A 0.0 The Wertheim SafeController Family 65000, Controller 65000 - AssemblyVersion 6.11.8130.22319, uses weak custom cryptographic algorithms with hard-coded cryptographic keys to protect communication. An attacker in an adversary-in-the-middle position can…
CVE-2026-34021 2026-06-15 N/A 0.0 The Wertheim SafeController 5400, Controller 5400 - AssemblyVersion 6.11.8130.22320, uses RS-485 communication between the server and the microcontroller without cryptographic protection. An attacker with access to the communication…
CVE-2026-9863 2026-06-15 HIGH 7.5 Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client…
CVE-2026-9862 2026-06-15 CRITICAL 9.8 Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to…
CVE-2026-12057 2026-06-15 HIGH 8.6 When the application executes the JavaScript script embedded in the PDF within the sandbox, it fails to intercept some dangerous interfaces, which allows remote scripts to be loaded,…
CVE-2026-8683 2026-06-15 MEDIUM 6.5 Mattermost Desktop App versions
CVE-2026-6517 2026-06-15 MEDIUM 6.3 Mattermost Desktop App versions
CVE-2026-8358 2026-06-15 N/A 0.0 LibreOffice Calc can import tracked changes from a spreadsheet document. A heap buffer overflow existed when a document reused the same change identifier for two different kinds of…
CVE-2026-8357 2026-06-15 N/A 0.0 LibreOffice Calc compiles cell formulas when opening a spreadsheet. A heap buffer overflow existed when compiling a very long formula made up of many opening tokens. The array…
CVE-2026-8356 2026-06-15 N/A 0.0 LibreOffice can import presentations in the legacy binary PPT format. A stack buffer overflow existed when importing a colour-replacement record. Two fixed-size colour tables were filled from the…
CVE-2026-6047 2026-06-15 N/A 0.0 LibreOffice can import documents in the OOXML format (DOCX). A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was…
CVE-2026-6045 2026-06-15 N/A 0.0 LibreOffice can import EMF+ graphics, which may be embedded in documents. A heap buffer overflow existed when importing an EMF+ gradient brush. The number of gradient blend points…
« Anterior Página 98 de 4528 Siguiente »