Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2022-37620 2022-10-31 HIGH 7.5 A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
CVE-2025-1647 2025-05-15 MEDIUM 5.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bootstrap allows Cross-Site Scripting (XSS).This issue affects Bootstrap: from 3.4.1 before 4.0.0.
CVE-2022-41322 2022-09-23 HIGH 7.8 In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then…
CVE-2025-5321 2025-05-29 MEDIUM 6.3 A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object…
CVE-2025-5320 2025-05-29 LOW 3.7 A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the…
CVE-2025-5283 2025-05-27 MEDIUM 5.4 Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-46836 2025-05-14 MEDIUM 6.6 net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10,…
CVE-2025-23368 2025-03-04 HIGH 8.1 A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it…
CVE-2024-50624 2024-10-28 MEDIUM 5.9 ispdbservice.cpp in KDE Kmail before 6.2.0 allows man-in-the-middle attackers to trigger use of an attacker-controlled mail server because cleartext HTTP is used for a URL such as http://autoconfig.example.com…
CVE-2025-44906 2025-05-30 HIGH 7.8 jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
CVE-2025-44619 2025-05-30 CRITICAL 9.1 Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
CVE-2025-44614 2025-05-30 HIGH 7.5 Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
CVE-2025-44612 2025-05-30 MEDIUM 5.9 Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive…
CVE-2020-36846 2025-05-30 CRITICAL 9.8 A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library.  Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to…
CVE-2023-50431 2023-12-09 MEDIUM 5.5 sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
CVE-2024-57338 2025-05-28 MEDIUM 6.5 An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via…
CVE-2025-4434 2025-05-09 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2024-57337 2025-05-28 MEDIUM 6.5 An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers…
CVE-2025-48874 2025-05-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5257. Reason: This candidate is a duplicate of CVE-2025-5257. Notes: All CVE users should reference CVE-2025-5257…
CVE-2025-48873 2025-05-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-5256. Reason: This candidate is a duplicate of CVE-2025-5256. Notes: All CVE users should reference CVE-2025-5256…
CVE-2025-48872 2025-05-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47055. Reason: This candidate is a duplicate of CVE-2024-47055. Notes: All CVE users should reference CVE-2024-47055…
CVE-2025-48871 2025-05-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47056. Reason: This candidate is a duplicate of CVE-2024-47056. Notes: All CVE users should reference CVE-2024-47056…
CVE-2025-48870 2025-05-30 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-47057. Reason: This candidate is a duplicate of CVE-2024-47057. Notes: All CVE users should reference CVE-2024-47057…
CVE-2024-22643 2024-01-30 MEDIUM 6.5 A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets.
CVE-2023-28484 2023-04-24 MEDIUM 6.5 In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
CVE-2022-43680 2022-10-24 HIGH 7.5 In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
CVE-2022-40674 2022-09-14 HIGH 8.1 libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
CVE-2022-37434 2022-08-05 CRITICAL 9.8 zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader…
CVE-2022-26764 2022-05-26 MEDIUM 4.7 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker…
CVE-2022-26763 2022-05-26 HIGH 7.8 An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6,…
CVE-2022-26761 2022-05-26 HIGH 7.8 A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able…
CVE-2022-25313 2022-02-18 MEDIUM 6.5 In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.
CVE-2020-12762 2020-05-09 HIGH 7.8 json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
CVE-2024-21309 2024-01-09 HIGH 7.8 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2024-39479 2024-07-05 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed…
CVE-2024-39291 2024-06-24 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential…
CVE-2024-39277 2024-06-21 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer…
CVE-2024-38667 2024-06-24 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for…
CVE-2024-38664 2024-06-24 HIGH 7.8 In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in…
CVE-2024-22569 2024-01-31 MEDIUM 5.4 Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0.
CVE-2024-24332 2024-01-30 CRITICAL 9.8 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function.
CVE-2022-26770 2022-05-26 HIGH 7.8 An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious…
CVE-2022-26769 2022-05-26 HIGH 7.8 A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious…
CVE-2022-26768 2022-05-26 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application…
CVE-2022-26767 2022-05-26 MEDIUM 5.5 The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass…
CVE-2022-26766 2022-05-26 MEDIUM 5.5 A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS…
CVE-2022-26765 2022-05-26 MEDIUM 4.7 A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious…
CVE-2021-38604 2021-08-12 HIGH 7.5 In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as…
CVE-2022-40482 2023-04-25 MEDIUM 5.3 The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused…
CVE-2025-5025 2025-05-28 MEDIUM 4.8 libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when…
« Anterior Página 1124 de 4308 Siguiente »