Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-26965 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode path, `planar_decompress_plane_rle()` writes into `pDstData` at `((nYDst+y) * nDstSte... | 8.8 | HIGH | β | 0 |
| CVE-2026-26955 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline (e... | 8.8 | HIGH | β | 0 |
| CVE-2026-26271 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread in `freerdp_image_copy_from_icon_data()` (libfreerdp/codec/color.c) can be triggered by craf... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25997 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_clipboard_format_equal` reads freed `lastSentFormats` memory because `xf_clipboard_formats_free` (called f... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25959 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread cal... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25955 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reuses a cached `XImage` whose `data` pointer references a freed RDPGFX surfac... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25954 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_local_move_size` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` retur... | 7.5 | HIGH | β | 0 |
| CVE-2026-25953 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_AppUpdateWindowFromSurface` reads from a freed `xfAppWindow` because the RDPGFX DVC thread obtains a bare ... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25952 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_s... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-25942 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0β6) with a... | 7.5 | HIGH | β | 0 |
| CVE-2026-22721 VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative ac... | 6.2 | MEDIUM | β | 0 |
| CVE-2026-1747 GitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-rol... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-1725 GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sendin... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-1662 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denia... | 7.5 | HIGH | β | 0 |
| CVE-2026-1388 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regula... | 7.5 | HIGH | β | 0 |
| CVE-2026-0752 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauth... | 8.0 | HIGH | β | 0 |
| CVE-2026-0542 ServiceNow has addressed a remote code execution vulnerability that was identified in the ServiceNow AI platform. This vulnerability could enable an unauthenticated user, in certain circumstances, to... | N/A | NONE | β | 0 |
| CVE-2025-14511 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denia... | 7.5 | HIGH | β | 0 |
| CVE-2026-2636 This vulnerability is caused by a CWEβ159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-25941 FreeRDP is a free implementation of the Remote Desktop Protocol. Versions on the 2.x branch prior to to 2.11.8 and on the 3.x branch prior to 3.23.0 have an out-of-bounds read vulnerability in the Fre... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-25736 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-25735 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-25734 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-25733 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 hav... | 7.3 | HIGH | β | 0 |
| CVE-2026-25138 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, th... | 5.3 | MEDIUM | β | 0 |
| CVE-2026-25136 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability w... | 8.1 | HIGH | β | 0 |
| CVE-2026-22720 VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative action... | 8.0 | HIGH | β | 0 |
| CVE-2026-22719 VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this issue to execute arbitrary commands which may lead to remote code execution in VMw... | 8.1 | HIGH | KEV | 0 |
| CVE-2025-3525 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authen... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-14103 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-ro... | 4.3 | MEDIUM | β | 0 |
| CVE-2026-3221 Sensitive user account information is not encrypted in the database in Devolutions Server 2025.3.14 and earlier, which allows an attacker with access to the database to obtain sensitive user inform... | 4.9 | MEDIUM | β | 0 |
| CVE-2026-25930 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Layout-Based Form (LBF) printable view accepts `formid` and `visiti... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25929 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the document controllerβs `patient_picture` context serves the patientβ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25927 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the DICOM viewer state API (e.g. upload or state save/load) accepts a ... | 7.1 | HIGH | β | 0 |
| CVE-2026-25746 OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be explo... | 8.8 | HIGH | β | 0 |
| CVE-2026-25743 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, users with the "Forms administration" role can fill questionnaires ("fo... | 4.8 | MEDIUM | β | 0 |
| CVE-2026-25476 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the session expiration check in `library/auth.inc.php` runs only when `... | 7.5 | HIGH | β | 0 |
| CVE-2026-25220 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the Message Center accepts the URL parameter `show_all=yes` and passes ... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-25164 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the REST API route table in `apis/routes/_rest_routes_standard.inc.php`... | 8.1 | HIGH | β | 0 |
| CVE-2026-24908 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows ... | 9.9 | CRITICAL | β | 0 |
| CVE-2026-24890 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the patient portal signature e... | 8.1 | HIGH | β | 0 |
| CVE-2026-24487 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an authorization bypass vulnerability in the FHIR CareTeam resource end... | 6.5 | MEDIUM | β | 0 |
| CVE-2026-24005 Kruise provides automated management of large-scale applications on Kubernetes. Prior to versions 1.8.3 and 1.7.5, PodProbeMarker allows defining custom probes with TCPSocket or HTTPGet handlers. The ... | 0.0 | NONE | β | 0 |
| CVE-2026-23627 OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any au... | 8.8 | HIGH | β | 0 |
| CVE-2026-3194 A flaw has been found in Chia Blockchain 2.1.0. The affected element is the function send_transaction/get_private_key of the component RPC Server Master Passphrase Handler. This manipulation causes mi... | 4.5 | MEDIUM | β | 0 |
| CVE-2026-27850 Due to an improperly configured firewall rule, the router will accept any connection on the WAN port with the source port 5222, exposing all services which are normally only accessible through the loc... | 7.5 | HIGH | β | 0 |
| CVE-2026-27795 LangChain is a framework for building LLM-powered applications. Prior to version 1.1.8, a redirect-based Server-Side Request Forgery (SSRF) bypass exists in `RecursiveUrlLoader` in `@langchain/communi... | 4.1 | MEDIUM | β | 0 |
| CVE-2026-27794 LangGraph Checkpoint defines the base interface for LangGraph checkpointers. Prior to version 4.0.0, a Remote Code Execution vulnerability exists in LangGraph's caching layer when applications enable ... | 6.6 | MEDIUM | β | 0 |
| CVE-2026-27739 The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery (SSRF) vulnerability in the Ang... | N/A | NONE | β | 0 |
| CVE-2026-25554 OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c whe... | 6.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.