Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-20881 2026-05-12 N/A 0.0 Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2026-20879 2026-05-12 N/A 0.0 Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System…
CVE-2026-20794 2026-05-12 N/A 0.0 Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System…
CVE-2026-20793 2026-05-12 N/A 0.0 Unchecked return value for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2026-20782 2026-05-12 N/A 0.0 Buffer overflow for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with…
CVE-2026-20772 2026-05-12 N/A 0.0 Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
CVE-2026-20771 2026-05-12 N/A 0.0 Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2026-20754 2026-05-12 N/A 0.0 Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated…
CVE-2026-20753 2026-05-12 N/A 0.0 Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity…
CVE-2026-20751 2026-05-12 N/A 0.0 Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System…
CVE-2026-20738 2026-05-12 N/A 0.0 Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with…
CVE-2026-20718 2026-05-12 N/A 0.0 Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with…
CVE-2026-20717 2026-05-12 N/A 0.0 Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary…
CVE-2025-36515 2026-05-12 N/A 0.0 Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an…
CVE-2025-36510 2026-05-12 N/A 0.0 Improper buffer restrictions for some Display Virtualization for Windows OS driver software within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an…
CVE-2025-35991 2026-05-12 N/A 0.0 Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user…
CVE-2025-35990 2026-05-12 N/A 0.0 Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary…
CVE-2025-35979 2026-05-12 N/A 0.0 Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel(R) Processors within VMX non-root (guest) operation may allow an information disclosure.…
CVE-2025-35969 2026-05-12 N/A 0.0 Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary…
CVE-2025-27723 2026-05-12 N/A 0.0 Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged…
CVE-2026-37430 2026-05-13 N/A 0.0 An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2026-45185 2026-05-12 CRITICAL 9.8 Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify…
CVE-2026-31228 2026-05-12 CRITICAL 9.8 The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval()…
CVE-2026-31226 2026-05-12 CRITICAL 9.8 The TinyZero project thru commit 6652a63c57fa7e5ccde3fc9c598c7176ff15b839 (2025-58-24) contains a critical command injection vulnerability (CWE-78) in its HDFS file operation utilities. The vulnerability arises from the unsafe construction and…
CVE-2026-31225 2026-05-12 HIGH 8.8 The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The _parse_op_part() function in query.py uses the unsafe eval() function to…
CVE-2026-31217 2026-05-12 CRITICAL 9.8 The _load_model() function in the neural_magic_training.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f (2024-07-21) allows arbitrary code execution. When a user supplies a directory path via the…
CVE-2026-31216 2026-05-12 CRITICAL 9.1 The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion vulnerability in its file management API. The DELETE /storage/{object_name:path} endpoint lacks authentication, authorization, and input validation…
CVE-2026-31215 2026-05-12 CRITICAL 9.1 The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion vulnerability in its ElasticSearch service interface. The DELETE /{index_name}/documents endpoint lacks proper authentication and authorization controls and…
CVE-2026-31214 2026-05-12 CRITICAL 9.8 The torch-checkpoint-shrink.py script in the ml-engineering project in commit 0099885db36a8f06556efe1faf552518852cb1e0 (2025-20-27) contains an insecure deserialization vulnerability (CWE-502). The script uses torch.load() to process PyTorch checkpoint files (.pt) without…
CVE-2026-31245 2026-05-12 MEDIUM 5.3 The mem0 1.0.0 server lacks authentication and authorization controls for its memory creation API endpoint (POST /memories). The endpoint allows unauthenticated users to submit arbitrary memory records without…
CVE-2026-31244 2026-05-12 MEDIUM 6.5 The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories/{memory_id}). The endpoint allows unauthenticated users to delete arbitrary memory records without…
CVE-2026-31243 2026-05-12 MEDIUM 6.5 The mem0 1.0.0 server lacks authentication and authorization controls for its memory reset and table re-creation functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send…
CVE-2026-31242 2026-05-12 CRITICAL 9.1 The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request…
CVE-2026-31241 2026-05-12 MEDIUM 6.5 The mem0 1.0.0 server lacks authentication and authorization controls for its memory deletion API endpoint (DELETE /memories). The endpoint allows unauthenticated users to delete memory records by specifying…
CVE-2026-31236 2026-05-12 N/A 0.0 The llm CLI tool thru 0.27.1 contains a critical code injection vulnerability via its --functions command-line argument. This argument is intended to allow users to provide custom Python…
CVE-2023-30059 2026-05-12 MEDIUM 5.4 An insecure direct object reference in MK-Auth 23.01K4.9 allows attackers to access and send support calls for other users via manipulation of the chamado parameter through a crafted…
CVE-2023-27753 2026-05-12 HIGH 8.0 An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2026-31240 2026-05-12 N/A 0.0 The mem0 1.0.0 server lacks authentication and authorization controls for its memory management API endpoints. Critical functions such as updating memory records (PUT /memories/{memory_id}) are exposed without any…
CVE-2026-31239 2026-05-12 N/A 0.0 The mamba language model framework thru 2.2.6 is vulnerable to insecure deserialization (CWE-502) when loading pre-trained models from HuggingFace Hub. The MambaLMHeadModel.from_pretrained() method uses torch.load() to load the…
CVE-2026-31238 2026-05-12 N/A 0.0 The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) in its model serving component. When starting a model server with the ludwig serve command, the framework…
CVE-2026-31237 2026-05-12 N/A 0.0 The Ludwig framework thru 0.10.4 is vulnerable to insecure deserialization (CWE-502) through its predict() method. When a user provides a dataset file path to the predict() method, the…
CVE-2026-42961 2026-05-13 MEDIUM 4.3 ELECOM wireless LAN access point devices implement CSRF protection mechanism, but with inadequate handling of CSRF tokens. If a user views a malicious page while logged in, the…
CVE-2026-42950 2026-05-13 MEDIUM 4.3 ELECOM wireless LAN access point devices do not check if language parameter has an appropriate value. If a user views a malicious page while logged in, the admin…
CVE-2026-42948 2026-05-13 MEDIUM 4.8 Stored cross-site scripting vulnerability exists in ELECOM wireless LAN access point devices. If one of the administrators input malicious data, an arbitrary script may be executed in another…
CVE-2026-42062 2026-05-13 CRITICAL 9.8 ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted request, an arbitrary OS command may be executed.…
CVE-2026-40621 2026-05-13 CRITICAL 9.8 ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication.
CVE-2026-35506 2026-05-13 HIGH 7.2 ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If processing a crafted request sent by a logged-in user, an…
CVE-2026-25107 2026-05-13 MEDIUM 6.5 ELECOM wireless LAN access point devices use a hard-coded cryptographic key when creating backups of configuration files. An attacker who knows the encryption key can tamper the configuration…
CVE-2026-44612 2026-05-13 HIGH 7.8 Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected…
CVE-2026-32661 2026-05-13 CRITICAL 9.8 Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a remote attacker sends a specially crafted request to the product's web…
« Anterior Página 11 de 4295 Siguiente »