Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-35295 2025-06-11 MEDIUM 6.1 A vulnerability has been identified in Perfect Harmony GH180 (All versions >= V8.0 < V8.3.3 with NXGPro+ controller manufactured between April 2020 to April 2025). The maintenance connection…
CVE-2025-49822 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49821 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49820 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49819 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49818 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49817 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49816 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49815 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-49814 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2023-36636 2025-06-12 N/A 0.0 Rejected reason: Not used
CVE-2025-40912 2025-06-11 CRITICAL 9.8 CryptX for Perl before version 0.065 contains a dependency that may be susceptible to malformed unicode. CryptX embeds the tomcrypt library. The versions of that library in CryptX…
CVE-2025-4673 2025-06-11 MEDIUM 6.8 Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
CVE-2025-49150 2025-06-11 MEDIUM 5.9 Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a…
CVE-2025-25032 2025-06-11 HIGH 7.5 IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 could allow an authenticated user to cause a denial of service by sending a…
CVE-2025-40915 2025-06-11 HIGH 7.0 Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id,…
CVE-2025-22874 2025-06-11 HIGH 7.5 Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
CVE-2025-0923 2025-06-11 MEDIUM 5.3 IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 stores source code on the web server that could aid in further attacks against…
CVE-2025-0917 2025-06-11 MEDIUM 5.5 IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed…
CVE-2025-0913 2025-06-11 MEDIUM 5.5 os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows…
CVE-2025-6002 2025-06-11 HIGH 7.2 An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files,…
CVE-2025-6001 2025-06-11 HIGH 8.3 A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a…
CVE-2025-1699 2025-06-11 LOW 2.8 An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
CVE-2025-1698 2025-06-11 LOW 2.8 Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
CVE-2025-48448 2025-06-11 MEDIUM 6.5 Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
CVE-2025-48447 2025-06-11 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
CVE-2025-48446 2025-06-11 HIGH 8.8 Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
CVE-2025-48445 2025-06-11 HIGH 8.8 Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
CVE-2025-48444 2025-06-11 MEDIUM 5.3 Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-48013 2025-06-11 MEDIUM 5.3 Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
CVE-2025-43578 2025-06-10 MEDIUM 5.5 Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this…
CVE-2025-43576 2025-06-10 HIGH 7.8 Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-26383 2025-06-11 N/A 0.0 The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
CVE-2025-49148 2025-06-11 HIGH 7.3 ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries…
CVE-2025-49146 2025-06-11 HIGH 8.2 pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value…
CVE-2025-3473 2025-06-11 MEDIUM 6.7 IBM Security Guardium 12.1 could allow a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program.
CVE-2025-0163 2025-06-11 MEDIUM 5.3 IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
CVE-2025-40914 2025-06-11 CRITICAL 9.8 Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow. CryptX embeds a version of the libtommath library that is susceptible to…
CVE-2025-2884 2025-06-10 CRITICAL 9.8 TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata…
CVE-2024-1243 2025-06-11 N/A 0.0 Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the…
CVE-2024-37396 2025-06-10 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Calendar function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload…
CVE-2024-37395 2025-06-10 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Public Survey function of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted…
CVE-2024-37394 2025-06-10 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload…
CVE-2025-5986 2025-06-11 MEDIUM 6.5 A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is…
CVE-2025-5959 2025-06-11 HIGH 8.8 Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security…
CVE-2025-5980 2025-06-10 HIGH 7.3 A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti…
CVE-2025-5979 2025-06-10 HIGH 7.3 A vulnerability classified as critical has been found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /branch.php. The manipulation of the…
CVE-2025-5978 2025-06-10 HIGH 8.8 A vulnerability was found in Tenda FH1202 1.2.0.14. It has been classified as critical. Affected is the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument…
CVE-2025-4922 2025-06-11 HIGH 8.1 Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community…
CVE-2025-5687 2025-06-11 HIGH 7.8 A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are…
« Anterior Página 1074 de 4308 Siguiente »