Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-43204 2025-07-10 N/A 0.0 SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.  Requires an unlikely configuration where…
CVE-2024-42516 2025-07-10 N/A 0.0 HTTP response splitting in the core of Apache HTTP Server allows an attacker who can manipulate the Content-Type response headers of applications hosted or proxied by the server…
CVE-2025-6395 2025-07-10 MEDIUM 6.5 A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). When it reads certain settings from a template file, it can allow an attacker to…
CVE-2025-7425 2025-07-10 HIGH 7.8 A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the…
CVE-2025-7407 2025-07-10 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Netgear D6400 1.0.0.114. This affects an unknown part of the file diag.cgi. The manipulation of the argument host_name…
CVE-2025-53364 2025-07-10 MEDIUM 5.3 Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Starting in 5.3.0 and before 7.5.3 and 8.2.2, the Parse…
CVE-2025-46789 2025-07-10 MEDIUM 6.5 Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.
CVE-2025-46788 2025-07-10 HIGH 7.4 Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access.
CVE-2025-6211 2025-07-10 MEDIUM 6.5 A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach…
CVE-2025-7408 2025-07-10 LOW 3.5 A vulnerability has been found in SourceCodester Zoo Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/templates/animal_form_template.php. The manipulation of the…
CVE-2025-7370 2025-07-10 HIGH 7.5 A flaw was found in libsoup. A NULL pointer dereference vulnerability occurs in libsoup's cookie parsing functionality. When processing a cookie without a domain parameter, the soup_cookie_jar_add_cookie() function…
CVE-2025-7365 2025-07-10 MEDIUM 5.4 A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider (IdP) login, the attacker will subsequently…
CVE-2025-6236 2025-07-10 MEDIUM 4.8 The Hostel WordPress plugin before 1.1.5.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site…
CVE-2025-46835 2025-07-10 HIGH 8.5 Git GUI allows you to use the Git source control management tools via a GUI. When a user clones an untrusted repository and is tricked into editing a…
CVE-2025-6234 2025-07-10 MEDIUM 6.1 The Hostel WordPress plugin before 1.1.5.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2025-46334 2025-07-10 HIGH 8.6 Git GUI allows you to use the Git source control management tools via a GUI. A malicious repository can ship versions of sh.exe or typical textconv filter programs…
CVE-2025-44251 2025-07-10 N/A 0.0 Ecovacs Deebot T10 1.7.2 transmits Wi-Fi credentials in cleartext during the pairing process.
CVE-2025-38289 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Avoid potential ndlp use-after-free in dev_loss_tmo_callbk Smatch detected a potential use-after-free of an ndlp oject in…
CVE-2025-38279 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where…
CVE-2025-36090 2025-07-10 MEDIUM 4.3 IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain information about the application framework which could be used in reconnaissance to…
CVE-2025-27614 2025-07-10 HIGH 8.6 Gitk is a Tcl/Tk based Git history browser. Starting with 2.41.0, a Git repository can be crafted in such a way that with some social engineering a user…
CVE-2025-27613 2025-07-10 LOW 3.6 Gitk is a Tcl/Tk based Git history browser. Starting with 1.7.0, when a user clones an untrusted repository and runs gitk without additional command arguments, files for which…
CVE-2024-39752 2025-07-10 MEDIUM 6.8 IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers…
CVE-2024-38327 2025-07-10 MEDIUM 6.8 IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an…
CVE-2024-37524 2025-07-10 MEDIUM 5.3 IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the…
CVE-2024-36697 2025-07-10 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to execute arbitrary web scripts or HTML via a crafted payload…
CVE-2025-7424 2025-07-10 HIGH 7.8 A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during…
CVE-2025-5040 2025-07-10 HIGH 7.8 A maliciously crafted RTE file, when parsed through Autodesk Revit, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-5037 2025-07-10 HIGH 7.8 A maliciously crafted RFA file, when parsed through Autodesk Revit, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in…
CVE-2025-32990 2025-07-10 MEDIUM 6.5 A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file,…
CVE-2024-7650 2025-07-10 N/A 0.0 Improper Control of Generation of Code ('Code Injection') vulnerability in OpenText™ Directory Services allows Remote Code Inclusion. The vulnerability could allow access to the system via script injection.This…
CVE-2025-6948 2025-07-10 HIGH 8.7 An issue has been discovered in GitLab CE/EE affecting all versions from 17.11 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that, under certain conditions, could have…
CVE-2025-6168 2025-07-10 LOW 2.7 An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated maintainers to bypass group-level…
CVE-2025-5023 2025-07-10 HIGH 7.1 Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range…
CVE-2025-5022 2025-07-10 MEDIUM 6.5 Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between…
CVE-2025-4972 2025-07-10 LOW 2.7 An issue has been discovered in GitLab EE affecting all versions from 18.0 before 18.0.4 and 18.1 before 18.1.2 that could have allowed authenticated users with invitation privileges…
CVE-2025-3396 2025-07-10 MEDIUM 4.3 An issue has been discovered in GitLab EE affecting all versions from 13.3 before 17.11.6, 18.0 before 18.0.4, and 18.1 before 18.1.2 that could have allowed authenticated project…
CVE-2025-38348 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an…
CVE-2025-38347 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO:…
CVE-2025-38346 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG:…
CVE-2025-38345 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in…
CVE-2025-38344 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for…
CVE-2025-38343 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to…
CVE-2025-38342 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value…
CVE-2025-38341 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg()…
CVE-2025-38340 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix OOB memory read access in KUnit test KASAN reported out of bounds access - cs_dsp_mock_bin_add_name_or_info(),…
CVE-2025-38339 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: powerpc/bpf: fix JIT code size calculation of bpf trampoline arch_bpf_trampoline_size() provides JIT size of the BPF trampoline before…
CVE-2025-38338 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio() Sometimes, when a file was read while it was being truncated by…
CVE-2025-38337 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change…
CVE-2025-38336 2025-07-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard…
« Anterior Página 1000 de 4307 Siguiente »