Búsqueda de CVEs

362.811 resultados
CVE-2026-10655MEDIUMUse-after-free race in SNTP async client when closing the socket while the socket service is still polling itEPSS 0.2%CVE-2026-10654LOWRFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth ClassicEPSS 0.1%CVE-2026-8864HIGHHP Fan Control App – Potential Escalation of PrivilegeEPSS 0.1%CVE-2026-10653MEDIUMNon-atomic `net_buf` reference counts cause double-free / free-list corruption under concurrent unrefEPSS 0.2%CVE-2026-9263MEDIUMOut-of-bounds read in Bluetooth Controller ISOAL framed RX reassembly leaks adjacent memory into host HCI ISO packetsEPSS 0.2%CVE-2026-49451HIGHMicrosoft.OpenAPI: Circular schema references may terminate OpenAPI parsingEPSS 0.7%CVE-2026-58377HIGHJeecgBoot 3.9.2 - Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret KeysEPSS 0.3%CVE-2026-58376HIGHDolibarr - SQL Injection via sqlfilters Parameter in Multiple REST API List EndpointsEPSS 0.2%CVE-2026-58375HIGHJimuReport 2.5.0 - Unauthenticated Report Export via /jmreport/auto/exportEPSS 0.5%CVE-2026-58373MEDIUMCVAT < 2.69.0 - Missing Authorization on Quality Reports parent_id Filter Leaks Cross-Organization Report ExistenceEPSS 0.2%CVE-2026-58372HIGHSeaweedFS < 4.34 - Cross-Bucket Object Deletion via DeleteObjects Request-Body KeysEPSS 0.8%CVE-2026-58371LOWSeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback ParameterEPSS 0.2%CVE-2026-58370CRITICALWoodpecker < 3.15.0 - GitLab Approval Gate Bypass via Spoofable Commit Author NameEPSS 0.5%CVE-2026-58369MEDIUMWoodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of ServiceEPSS 0.4%CVE-2026-58176HIGHRuoYi-Vue-Plus - Missing Authorization on Workflow Task Management EndpointsEPSS 0.3%CVE-2026-58174MEDIUMHermes WebUI < 0.51.521 - Cross-Profile Authorization Bypass via Unset Session Profile on ImportEPSS 0.3%CVE-2026-58173MEDIUMVibe-Trading < 0.1.10 - Path Traversal via Persistent Memory TypeEPSS 0.3%CVE-2026-58172CRITICALOcelot - IP Allow/Block List Bypass for WebSocket Upgrade RequestsEPSS 0.4%CVE-2026-58171LOWVibe-Trading < 0.1.10 - Path Traversal via Swarm Run IdentifierEPSS 0.3%CVE-2026-58170HIGHVibe-Trading < 0.1.10 - Path Traversal in Proposal Identifier Allows Forging Live Trading MandatesEPSS 0.4%