Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-47982
2025-07-08
HIGH
7.8
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47981
2025-07-08
CRITICAL
9.8
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2025-47980
2025-07-08
MEDIUM
6.2
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-47978
2025-07-08
MEDIUM
6.5
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2025-47976
2025-07-08
HIGH
7.8
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47975
2025-07-08
HIGH
7.0
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47973
2025-07-08
HIGH
7.8
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47972
2025-07-08
HIGH
8.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.
CVE-2025-47971
2025-07-08
HIGH
7.8
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47178
2025-07-08
HIGH
8.0
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to execute code over an adjacent network.
CVE-2025-47159
2025-07-08
HIGH
7.8
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-47109
2025-07-08
MEDIUM
5.5
After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2025-43587
2025-07-08
MEDIUM
5.5
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability…
CVE-2025-43580
2025-07-08
MEDIUM
5.5
Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that could result in application denial-of-service. An attacker could…
CVE-2025-33054
2025-07-08
HIGH
8.1
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-3648
2025-07-08
N/A
0.0
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability…
CVE-2025-26636
2025-07-08
MEDIUM
5.5
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-21195
2025-07-08
MEDIUM
6.0
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
CVE-2025-21168
2025-07-08
MEDIUM
5.5
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability…
CVE-2025-21167
2025-07-08
MEDIUM
5.5
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability…
CVE-2025-21166
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-21165
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-21164
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2024-36357
2025-07-08
MEDIUM
5.6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across…
CVE-2024-36350
2025-07-08
MEDIUM
5.6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.
CVE-2024-36349
2025-07-08
LOW
3.8
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
CVE-2024-36348
2025-07-08
LOW
3.8
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in…
CVE-2025-7148
2025-07-07
LOW
3.5
A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of…
CVE-2025-7147
2025-07-07
HIGH
7.3
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /login.php.…
CVE-2025-7144
2025-07-07
LOW
2.4
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component…
CVE-2025-7143
2025-07-07
LOW
2.4
A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component…
CVE-2025-7142
2025-07-07
LOW
2.4
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-53543
2025-07-07
MEDIUM
4.2
Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to improper handling of HTTP response received. This vulnerability…
CVE-2025-53540
2025-07-07
N/A
0.0
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request…
CVE-2025-53539
2025-07-07
N/A
0.0
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan…
CVE-2025-53496
2025-07-07
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension allows Stored XSS.This issue affects Mediawiki - MediaSearch…
CVE-2025-7141
2025-07-07
LOW
2.4
A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the…
CVE-2025-53478
2025-07-07
MEDIUM
5.4
The CheckUser extension’s Special:Investigate interface is vulnerable to reflected XSS due to improper escaping of certain internationalized system messages rendered on the “IPs and User agents” tab. This…
CVE-2025-6771
2025-07-08
HIGH
7.2
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code execution
CVE-2025-5464
2025-07-08
MEDIUM
6.5
Insertion of sensitive information into a log file in Ivanti Connect Secure before version 22.7R2.8 allows a local authenticated attacker to obtain that information.
CVE-2025-43019
2025-07-08
N/A
0.0
A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.
CVE-2025-0293
2025-07-08
MEDIUM
6.6
CLRF injection in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to write to a…
CVE-2025-0292
2025-07-08
MEDIUM
5.5
SSRF in Ivanti Connect Secure before version 22.7R2.8 and Ivanti Policy Secure before version 22.7R1.5 allows a remote authenticated attacker with admin rights to access internal network services.
CVE-2025-7326
2025-07-08
HIGH
7.0
Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft,…
CVE-2025-7183
2025-07-08
HIGH
7.3
A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/customer_account.php. The…
CVE-2025-7182
2025-07-08
MEDIUM
4.3
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php.…
CVE-2025-7037
2025-07-08
HIGH
7.2
SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data…
CVE-2025-6996
2025-07-08
HIGH
8.4
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt…
CVE-2025-6995
2025-07-08
HIGH
8.4
Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt…
CVE-2025-6770
2025-07-08
HIGH
7.2
OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution
« Anterior
Página 1010 de 4307
Siguiente »
Page load link
Go to Top
