Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48413 2025-05-21 HIGH 7.7 The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for…
CVE-2025-41232 2025-05-21 CRITICAL 9.1 Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the…
CVE-2025-3781 2025-05-21 MEDIUM 6.4 The Raisely Donation Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's raisely_donation_form shortcode in all versions up to, and including, 1.0 due to…
CVE-2025-3750 2025-05-21 MEDIUM 6.4 The Network Posts Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘post_height’ parameter in all versions up to, and including, 7.7.1 due to insufficient…
CVE-2025-27804 2025-05-21 MEDIUM 6.5 Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands…
CVE-2025-27803 2025-05-21 MEDIUM 6.5 The devices do not implement any authentication for the web interface or the MQTT server. An attacker who has network access to the device immediately gets administrative access…
CVE-2025-1415 2025-05-21 N/A 0.0 A low-privileged user is able to obtain information about tasks executed on devices controlled by Proget MDM (Mobile Device Management), as well as details of the devices like…
CVE-2024-12561 2025-05-21 MEDIUM 6.1 The Affiliate Sales in Google Analytics and other tools plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.4.9. This is due…
CVE-2025-1712 2025-05-21 N/A 0.0 Argument injection in special agent configuration in Checkmk
CVE-2019-16536 2025-05-21 N/A 0.0 Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3.
CVE-2025-4524 2025-05-21 CRITICAL 9.8 The Madara – Responsive and modern WordPress theme for manga sites theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.2.2…
CVE-2021-25262 2025-05-21 N/A 0.0 Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack.
CVE-2021-25255 2025-05-21 N/A 0.0 Yandex Browser Lite for Android prior to version 21.1.0 allows remote attackers to cause a denial of service.
CVE-2021-25254 2025-05-21 N/A 0.0 Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.
CVE-2025-4969 2025-05-21 MEDIUM 6.5 A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote…
CVE-2025-5007 2025-05-20 LOW 3.5 A vulnerability was found in Part-DB up to 1.17.0. It has been declared as problematic. Affected by this vulnerability is the function handleUpload of the file src/Services/Attachments/AttachmentSubmitHandler.php of…
CVE-2025-5001 2025-05-20 LOW 3.3 A vulnerability was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. It has been declared as problematic. This vulnerability affects the function calloc of the file pspp-convert.c. The manipulation of the…
CVE-2025-5000 2025-05-20 MEDIUM 6.3 A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000. It has been classified as critical. This affects the function control_panel_sw of the file /cgi-bin/sysconf.cgi of…
CVE-2025-4999 2025-05-20 MEDIUM 6.3 A vulnerability was found in Linksys FGW3000-AH and FGW3000-HK up to 1.0.17.000000 and classified as critical. Affected by this issue is the function sub_4153FC of the file /cgi-bin/sysconf.cgi…
CVE-2025-4998 2025-05-20 MEDIUM 6.5 A vulnerability has been found in H3C Magic R200G up to 100R002 and classified as problematic. Affected by this vulnerability is the function Edit_BasicSSID/Edit_BasicSSID_5G/SetAPWifiorLedInfoById/SetMobileAPInfoById/Asp_SetTimingtimeWifiAndLed/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList of the file /goform/aspForm…
CVE-2025-4997 2025-05-20 MEDIUM 6.5 A vulnerability, which was classified as problematic, was found in H3C R2+ProG up to 200R004. Affected is the function UpdateWanParams/AddMacList/EditMacList/AddWlanMacList/EditWlanMacList/Edit_BasicSSID/Edit_GuestSSIDFor2P4G/Edit_BasicSSID_5G/SetAPInfoById of the file /goform/aspForm of the component HTTP…
CVE-2025-48056 2025-05-20 MEDIUM 5.3 Hubble is a fully distributed networking and security observability platform for cloud native workloads. Prior to version 1.17.2, a network attacker could inject malicious control characters into Hubble…
CVE-2025-4996 2025-05-20 LOW 2.4 A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The…
CVE-2025-47290 2025-05-20 N/A 0.0 containerd is a container runtime. A time-of-check to time-of-use (TOCTOU) vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images…
CVE-2025-4364 2025-05-20 N/A 0.0 The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials.
CVE-2025-48391 2025-05-20 HIGH 7.7 In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
CVE-2025-47850 2025-05-20 MEDIUM 4.3 In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
CVE-2025-47277 2025-05-20 CRITICAL 9.8 vLLM, an inference and serving engine for large language models (LLMs), has an issue in versions 0.6.5 through 0.8.4 that ONLY impacts environments using the `PyNcclPipe` KV cache…
CVE-2025-46725 2025-05-20 N/A 0.0 Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `LanceDocChatAgent` uses pandas eval() through `compute_from_docs()`. As a result, an attacker may…
CVE-2025-46724 2025-05-20 CRITICAL 9.8 Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the…
CVE-2025-37989 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition,…
CVE-2025-37988 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount() Normally do_lock_mount(path, _) is locking a mountpoint pinned…
CVE-2025-37986 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after…
CVE-2025-37985 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can…
CVE-2025-37984 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an…
CVE-2025-37983 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the…
CVE-2025-22157 2025-05-20 N/A 0.0 This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0…
CVE-2025-37982 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with…
CVE-2025-37981 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether…
CVE-2025-37980 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but…
CVE-2025-37979 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver…
CVE-2025-37978 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to…
CVE-2025-37977 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are…
CVE-2025-37976 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to…
CVE-2025-37975 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end…
CVE-2025-37974 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that needs to…
CVE-2025-37973 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link…
CVE-2025-37972 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the…
CVE-2025-37971 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: staging: bcm2835-camera: Initialise dev in v4l2_dev Commit 42a2f6664e18 ("staging: vc04_services: Move global g_state to vchiq_state") changed mmal_init to…
CVE-2025-37966 2025-05-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: riscv: Fix kernel crash due to PR_SET_TAGGED_ADDR_CTRL When userspace does PR_SET_TAGGED_ADDR_CTRL, but Supm extension is not available, the…
« Anterior Página 1185 de 4309 Siguiente »