Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-37186 2026-01-13 HIGH 7.8 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to…
CVE-2025-15056 2026-01-13 N/A 0.0 A lack of data validation vulnerability in the HTML export feature in Quill in allows Cross-Site Scripting (XSS). This issue affects Quill: 2.0.3.
CVE-2026-22818 2026-01-13 HIGH 8.2 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the…
CVE-2026-22817 2026-01-13 HIGH 8.2 Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.11.4, there is a flaw in Hono’s JWK/JWKS JWT verification middleware allowed the…
CVE-2026-22814 2026-01-13 N/A 0.0 @adonisjs/lucid is an SQL ORM for AdonisJS built on top of Knex. Prior to 21.8.2 and 22.0.0-next.6, there is a Mass Assignment vulnerability in AdonisJS Lucid which may…
CVE-2026-22809 2026-01-13 MEDIUM 4.4 tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the…
CVE-2026-21287 2026-01-13 HIGH 7.8 Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-68931 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, AES/CBC/PKCS5Padding lacks authentication, making it vulnerable to padding oracle attacks and…
CVE-2025-68925 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the code doesn't validate that the JWT header specifies "alg":"RS256". This…
CVE-2025-68704 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses java.util.Random() which is not cryptographically secure for timing attack…
CVE-2025-68703 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, the salt is derived from sha256Sum(passphrase). Two encryption operations with the…
CVE-2025-68702 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses padLeft(32, '0') when it should use padLeft(64, '0') because…
CVE-2025-68701 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability…
CVE-2025-68698 2026-01-13 N/A 0.0 Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses PKCS1Encoding which is vulnerable to Bleichenbacher padding oracle attacks.…
CVE-2025-37179 2026-01-13 MEDIUM 5.3 Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may…
CVE-2025-37178 2026-01-13 MEDIUM 5.3 Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may…
CVE-2025-37177 2026-01-13 MEDIUM 6.5 An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could…
CVE-2025-37176 2026-01-13 MEDIUM 6.5 A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful…
CVE-2025-37175 2026-01-13 HIGH 7.2 Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor…
CVE-2025-37174 2026-01-13 HIGH 7.2 Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious…
CVE-2025-37173 2026-01-13 HIGH 7.2 An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious…
CVE-2025-37172 2026-01-13 HIGH 7.2 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary…
CVE-2025-37171 2026-01-13 HIGH 7.2 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary…
CVE-2025-37170 2026-01-13 HIGH 7.2 Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary…
CVE-2025-37169 2026-01-13 HIGH 7.2 A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as…
CVE-2025-37168 2026-01-13 HIGH 8.2 Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote…
CVE-2026-22791 2026-01-13 MEDIUM 6.6 openCryptoki is a PKCS#11 library and tools for Linux and AIX. In 3.25.0 and 3.26.0, there is a heap buffer overflow vulnerability in the CKM_ECDH_AES_KEY_WRAP implementation allows an…
CVE-2026-21304 2026-01-13 HIGH 7.8 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-21288 2026-01-13 MEDIUM 5.5 Illustrator versions 29.8.3, 30.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash…
CVE-2026-21283 2026-01-13 HIGH 7.8 Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21281 2026-01-13 HIGH 7.8 InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21280 2026-01-13 HIGH 8.6 Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21278 2026-01-13 MEDIUM 5.5 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access…
CVE-2026-21277 2026-01-13 HIGH 7.8 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-21276 2026-01-13 HIGH 7.8 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21275 2026-01-13 HIGH 7.8 InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21274 2026-01-13 HIGH 7.8 Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An…
CVE-2026-21272 2026-01-13 HIGH 8.6 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability…
CVE-2026-21271 2026-01-13 HIGH 8.6 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21268 2026-01-13 HIGH 8.6 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21267 2026-01-13 HIGH 8.6 Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in…
CVE-2026-21226 2026-01-13 HIGH 7.5 Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
CVE-2025-68949 2026-01-13 MEDIUM 5.3 n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison.…
CVE-2025-68271 2026-01-13 CRITICAL 10.0 OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical…
CVE-2026-21265 2026-01-13 MEDIUM 6.4 Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to…
CVE-2026-21224 2026-01-13 HIGH 7.8 Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-21221 2026-01-13 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-21219 2026-01-13 HIGH 7.0 Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2026-20965 2026-01-13 HIGH 7.5 Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20963 2026-01-13 HIGH 8.8 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
« Anterior Página 99 de 3930 Siguiente »