Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-29113 2025-06-28 MEDIUM 6.3 The MIB3 infotainment unit used in Skoda and Volkswagen vehicles does not incorporate any privilege separation for the proprietary inter-process communication mechanism, leaving attackers with presence in the…
CVE-2023-28912 2025-06-28 MEDIUM 5.7 The MIB3 unit stores the synchronized phone contact book in clear-text, allowing an attacker with either code execution privilege on the system or physical access to the system…
CVE-2023-28911 2025-06-28 MEDIUM 6.5 A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in…
CVE-2023-28910 2025-06-28 HIGH 8.0 A specific flaw exists within the Bluetooth stack of the MIB3 infotainment system. The issue results from the disabled abortion flag eventually leading to bypassing assertion functions. The…
CVE-2023-28909 2025-06-28 HIGH 8.0 A specific flaw exists within the Bluetooth stack of the MIB3 unit. The issue results from the lack of proper validation of user-supplied data, which can result in…
CVE-2023-28908 2025-06-28 MEDIUM 5.4 A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in…
CVE-2023-28907 2025-06-28 MEDIUM 6.7 There is no memory isolation between CPU cores of the MIB3 infotainment. This fact allows an attacker with access to the main operating system to compromise the CPU…
CVE-2023-28906 2025-06-28 HIGH 7.8 A command injection in the networking service of the MIB3 infotainment allows an attacker already presenting in the system to escalate privileges and obtain administrative access to the…
CVE-2023-28905 2025-06-28 HIGH 8.0 A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered…
CVE-2023-28904 2025-06-28 MEDIUM 5.2 A logic flaw leading to a RAM buffer overflow in the bootloader component of the MIB3 infotainment unit allows an attacker with physical access to the MIB3 ECU…
CVE-2023-28903 2025-06-28 LOW 3.3 An integer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause a denial-of-service of the…
CVE-2023-28902 2025-06-28 LOW 3.3 An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment…
CVE-2025-1991 2025-06-28 HIGH 7.5 IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
CVE-2025-6817 2025-06-28 LOW 3.3 A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5C__load_entry of the file /src/H5Centry.c. The manipulation leads to resource…
CVE-2025-6816 2025-06-28 LOW 3.3 A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5O__fsinfo_encode of the file /src/H5Ofsinfo.c. The manipulation leads to heap-based buffer overflow. It…
CVE-2025-5937 2025-06-28 MEDIUM 4.3 The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.0.…
CVE-2025-38086 2025-06-28 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: ch9200: fix uninitialised access during mii_nway_restart In mii_nway_restart() the code attempts to call mii->mdio_read which is ch9200_mdio_read().…
CVE-2025-38085 2025-06-28 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously…
CVE-2025-38084 2025-06-28 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split().…
CVE-2025-6755 2025-06-28 HIGH 8.8 The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up…
CVE-2025-5304 2025-06-28 CRITICAL 9.8 The PT Project Notebooks plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization in the wpnb_pto_new_users_add() function in versions 1.0.0 through 1.1.3. This makes it…
CVE-2025-6252 2025-06-28 MEDIUM 6.4 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.9.1 due to insufficient…
CVE-2025-6381 2025-06-28 HIGH 8.8 The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for…
CVE-2025-6379 2025-06-28 HIGH 8.8 The BeeTeam368 Extensions Pro plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_live_fn() function. This makes it possible…
CVE-2025-6350 2025-06-28 MEDIUM 6.4 The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all…
CVE-2025-53388 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53387 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53386 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53385 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53384 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53383 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53382 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53381 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-53380 2025-06-28 N/A 0.0 Rejected reason: Not used
CVE-2025-36027 2025-06-28 MEDIUM 5.4 IBM Datacap 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web…
CVE-2025-36026 2025-06-28 MEDIUM 4.3 IBM Datacap 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by…
CVE-2024-52900 2025-06-28 MEDIUM 6.4 IBM Cognos Analytics 11.2.0 through 12.2.4 Fix Pack 5 and 12.0.0 through 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript…
CVE-2024-39730 2025-06-28 MEDIUM 5.4 IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious…
CVE-2024-36347 2025-06-27 MEDIUM 6.4 Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity…
CVE-2025-53098 2025-06-27 MEDIUM 5.9 Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace.…
CVE-2025-53097 2025-06-27 MEDIUM 5.9 Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting…
CVE-2025-6778 2025-06-27 LOW 2.4 A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the…
CVE-2025-6777 2025-06-27 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation…
CVE-2025-6776 2025-06-27 HIGH 7.3 A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload.…
CVE-2025-6775 2025-06-27 MEDIUM 6.3 A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation…
CVE-2025-6774 2025-06-27 MEDIUM 6.3 A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go.…
CVE-2025-53094 2025-06-27 N/A 0.0 ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed)…
CVE-2025-50528 2025-06-27 HIGH 7.3 A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6
CVE-2025-50370 2025-06-27 MEDIUM 6.5 A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin…
CVE-2025-50369 2025-06-27 MEDIUM 6.5 A Cross-Site Request Forgery (CSRF) vulnerability exists in the Manage Card functionality (/mcgs/admin/manage-card.php) of PHPGurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authorized admin to…
« Anterior Página 1033 de 4307 Siguiente »