Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-39942 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size This is inspired by the check for data_offset + data_length.
CVE-2025-39941 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc…
CVE-2025-39940 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripe_io_hints if we have too large…
CVE-2025-39939 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpci_get_iommu_ctrs() returns counter information to be reported as part of…
CVE-2025-39938 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails…
CVE-2025-39937 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda ("net: rfkill: gpio: get the…
CVE-2025-39936 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to __sev_platform_shutdown_locked() When 9770b428b1a2 ("crypto: ccp - Move dev_info/err…
CVE-2025-39935 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307_setting_loaded() The sma1307->set.header_size is how many integers are in the header…
CVE-2025-39934 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is…
CVE-2025-39933 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: smb: client: let recv_done verify data_offset, data_length and remaining_data_length This is inspired by the related server fixes.
CVE-2025-39932 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) In smbd_destroy() we may destroy the memory so we better wait until…
CVE-2025-39931 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge…
CVE-2025-39929 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able…
CVE-2025-9952 2025-10-04 MEDIUM 6.1 The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'range-date' parameter…
CVE-2025-9886 2025-10-04 MEDIUM 4.3 The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up…
CVE-2025-10383 2025-10-04 MEDIUM 6.4 The Contest Gallery – Upload, Vote & Sell with PayPal and Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple form field parameters in all…
CVE-2025-9485 2025-10-04 CRITICAL 9.8 The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 6.26.12. This…
CVE-2025-9243 2025-10-04 HIGH 8.1 The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions…
CVE-2025-9030 2025-10-04 MEDIUM 5.4 The Majestic Before After Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'before_label' and 'after_label' parameters in versions less than, or equal to, 2.0.1…
CVE-2025-9029 2025-10-04 MEDIUM 4.3 The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to missing authorization via the wdkit_handle_review_submission function in versions…
CVE-2025-8726 2025-10-04 MEDIUM 5.4 The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output…
CVE-2025-61962 2025-10-04 MEDIUM 5.9 In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.
CVE-2025-61895 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61894 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61893 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61892 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61891 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61890 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61889 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61888 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-61887 2025-10-04 N/A 0.0 Rejected reason: Not used
CVE-2025-11228 2025-10-04 MEDIUM 5.3 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `registerAssociateFormsWithCampaign` function…
CVE-2025-11227 2025-10-04 MEDIUM 6.5 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms',…
CVE-2025-10746 2025-10-04 MEDIUM 6.5 The Integrate Dynamics 365 CRM plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.9. This is due to missing capability checks…
CVE-2025-10751 2025-10-04 N/A 0.0 MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.
CVE-2025-61685 2025-10-03 MEDIUM 6.5 Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of…
CVE-2025-61681 2025-10-03 MEDIUM 5.4 KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS.…
CVE-2025-61680 2025-10-03 N/A 0.0 Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json…
CVE-2025-61679 2025-10-03 HIGH 7.7 Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges,…
CVE-2025-61677 2025-10-03 LOW 2.5 DataChain is a Python-based AI-data warehouse for transforming and analyzing unstructured data. Versions 0.34.1 and below allow for deseriaization of untrusted data because of the way the DataChain…
CVE-2025-61673 2025-10-03 HIGH 8.6 Karapace is an open-source implementation of Kafka REST and Schema Registry. Versions 5.0.0 and 5.0.1 contain an authentication bypass vulnerability when configured to use OAuth 2.0 Bearer Token…
CVE-2025-43825 2025-10-03 N/A 0.0 A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.5, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through…
CVE-2025-61585 2025-10-03 N/A 0.0 Rejected reason: Further research determined the issue is not an independent vulnerability as it originates from Apache Felix.
CVE-2025-59944 2025-10-03 HIGH 8.0 Cursor is a code editor built for programming with AI. Versions 1.6.23 and below contain case-sensitive checks in the way Cursor IDE protects its sensitive files (e.g., */.cursor/mcp.json),…
CVE-2025-59943 2025-10-03 HIGH 8.1 phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to…
CVE-2025-54374 2025-10-03 HIGH 8.8 Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding…
CVE-2025-10696 2025-10-03 N/A 0.0 OpenSupports exposes an endpoint that allows the list of 'supervised users' for any account to be edited, but it does not validate whether the actor is the owner…
CVE-2025-10695 2025-10-03 N/A 0.0 Two unauthenticated diagnostic endpoints allow arbitrary backend-initiated network connections to an attacker‑supplied destination. Both endpoints are exposed with permission => 'any', enabling unauthenticated SSRF for internal network scanning and…
CVE-2025-10692 2025-10-03 N/A 0.0 The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user (level ≥ 1)…
CVE-2025-59829 2025-10-03 N/A 0.0 Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access…
« Anterior Página 114 de 3646 Siguiente »