Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5958 2025-06-11 HIGH 8.8 Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-4605 2025-06-11 MEDIUM 5.5 A maliciously crafted .usdc file, when loaded through Autodesk Maya, can force an uncontrolled memory allocation vulnerability. A malicious actor may leverage this vulnerability to cause a denial-of-service…
CVE-2025-49710 2025-06-11 CRITICAL 9.8 An integer overflow was present in `OrderedHashTable` used by the JavaScript engine This vulnerability affects Firefox < 139.0.4.
CVE-2025-49709 2025-06-11 CRITICAL 9.8 Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.
CVE-2025-47849 2025-06-10 HIGH 8.8 A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and…
CVE-2025-47713 2025-06-10 HIGH 8.8 A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts…
CVE-2025-35941 2025-06-11 MEDIUM 5.5 A password is exposed locally.
CVE-2025-35940 2025-06-10 HIGH 8.1 The ArchiverSpaApi ASP.NET application uses a hard-coded JWT signing key. An unauthenticated remote attacker can generate and use a verifiable JWT token to access protected ArchiverSpaApi URL endpoints.
CVE-2025-32711 2025-06-11 CRITICAL 9.3 Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-26521 2025-06-10 HIGH 8.1 When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account…
CVE-2025-26412 2025-06-11 MEDIUM 6.8 The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical…
CVE-2024-41505 2025-06-10 MEDIUM 6.1 Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
CVE-2024-41504 2025-06-10 MEDIUM 6.1 Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form…
CVE-2024-41503 2025-06-10 MEDIUM 6.1 Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
CVE-2024-41502 2025-06-10 MEDIUM 6.1 Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a…
CVE-2025-33053 2025-06-10 HIGH 8.8 External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.
CVE-2025-5144 2025-06-11 MEDIUM 6.4 The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-date-*’ parameters in all versions up to, and including, 6.13.2 due to insufficient…
CVE-2025-3302 2025-06-11 HIGH 7.2 The Xagio SEO – AI Powered SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘HTTP_REFERER’ parameter in all versions up to, and including, 7.1.0.16…
CVE-2025-4573 2025-06-11 MEDIUM 4.1 Mattermost versions 10.7.x
CVE-2025-4128 2025-06-11 LOW 3.1 Mattermost versions 10.5.x
CVE-2025-4315 2025-06-11 HIGH 8.8 The CubeWP – All-in-One Dynamic Content Framework plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.1.23. This is due to the…
CVE-2025-41663 2025-06-11 HIGH 8.1 An unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers and gain arbitrary command execution with elevated privileges.
CVE-2025-41662 2025-06-11 HIGH 8.8 An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface…
CVE-2025-41661 2025-06-11 HIGH 8.8 An unauthenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of Cross-Site Request Forgery (CSRF) protection in the Main Web Interface…
CVE-2025-5991 2025-06-11 N/A 0.0 There is a "Use After Free" vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all.…
CVE-2025-29756 2025-06-11 N/A 0.0 SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however…
CVE-2025-5395 2025-06-11 HIGH 8.8 The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to,…
CVE-2025-4799 2025-06-11 HIGH 7.2 The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file deletion due to lack of restriction on the directory a file can be deleted from in all versions…
CVE-2025-4798 2025-06-11 MEDIUM 4.9 The WP-DownloadManager plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.68.10. This is due to a lack of restriction on…
CVE-2025-4666 2025-06-11 MEDIUM 6.4 The Zotpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nickname’ parameter in all versions up to, and including, 7.3.15 due to insufficient input sanitization…
CVE-2025-49793 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49792 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49791 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49790 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49789 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49788 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49787 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49786 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2025-49785 2025-06-11 N/A 0.0 Rejected reason: Not used
CVE-2024-1244 2025-06-11 N/A 0.0 Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of…
CVE-2025-4275 2025-06-11 HIGH 7.8 Running the provided utility changes the certificate on any Insyde BIOS and then the attached .efi file can be launched.
CVE-2025-49091 2025-06-11 HIGH 8.2 KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin://…
CVE-2025-47102 2025-06-10 N/A 0.0 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
CVE-2025-47095 2025-06-10 N/A 0.0 Rejected reason: This CVE ID was issued in error by its CVE Numbering Authority and does not represent a valid vulnerability.
CVE-2025-32717 2025-06-11 HIGH 8.4 Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-30675 2025-06-11 MEDIUM 4.7 In Apache CloudStack, a flaw in access control affects the listTemplates and listIsos APIs. A malicious Domain Admin or Resource Admin can exploit this issue by intentionally specifying…
CVE-2025-1055 2025-06-11 MEDIUM 5.6 A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range…
CVE-2024-9062 2025-06-11 HIGH 7.8 The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Archify follows the…
CVE-2024-8270 2025-06-11 MEDIUM 5.5 The macOS Rocket.Chat application is affected by a vulnerability that allows bypassing Transparency, Consent, and Control (TCC) policies, enabling the exploitation or abuse of permissions specified in its…
CVE-2024-7457 2025-06-11 HIGH 7.8 The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its…
« Anterior Página 1075 de 4308 Siguiente »