Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-29977 2025-05-13 HIGH 7.8 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29979 2025-05-13 HIGH 7.8 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2023-39491 2024-05-03 HIGH 7.8 PDF-XChange Editor TIF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is…
CVE-2023-39492 2024-05-03 HIGH 7.8 PDF-XChange Editor PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User…
CVE-2023-39493 2024-05-03 HIGH 7.8 PDF-XChange Editor exportAsText Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is…
CVE-2023-39494 2024-05-03 HIGH 7.8 PDF-XChange Editor OXPS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User…
CVE-2025-29959 2025-05-13 MEDIUM 6.5 Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2023-39495 2024-05-03 MEDIUM 5.5 PDF-XChange Editor readFileIntoStream Exposed Dangerous Function Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required…
CVE-2025-29960 2025-05-13 MEDIUM 6.5 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29961 2025-05-13 MEDIUM 6.5 Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29962 2025-05-13 HIGH 8.8 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29963 2025-05-13 HIGH 8.8 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29964 2025-05-13 HIGH 8.8 Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29966 2025-05-13 HIGH 8.8 Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
CVE-2025-29967 2025-05-13 HIGH 8.8 Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29968 2025-05-13 MEDIUM 6.5 Improper input validation in Active Directory Certificate Services (AD CS) allows an authorized attacker to deny service over a network.
CVE-2025-29969 2025-05-13 HIGH 7.5 Time-of-check time-of-use (toctou) race condition in Windows Fundamentals allows an authorized attacker to execute code over a network.
CVE-2025-29970 2025-05-13 HIGH 7.8 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2023-39496 2024-05-03 HIGH 7.8 PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction…
CVE-2025-29971 2025-05-13 HIGH 7.5 Out-of-bounds read in Web Threat Defense (WTD.sys) allows an unauthorized attacker to deny service over a network.
CVE-2025-29973 2025-05-13 HIGH 7.0 Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-29974 2025-05-13 MEDIUM 5.7 Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2023-39497 2024-05-03 HIGH 7.8 PDF-XChange Editor JPG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction…
CVE-2025-29975 2025-05-13 HIGH 7.8 Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-29976 2025-05-13 HIGH 7.8 Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2025-29978 2025-05-13 HIGH 7.8 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2023-39490 2024-05-03 HIGH 7.8 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction…
CVE-2025-30381 2025-05-13 HIGH 7.8 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30379 2025-05-13 HIGH 7.8 Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30377 2025-05-13 HIGH 8.4 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30376 2025-05-13 HIGH 7.8 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-4905 2025-05-19 MEDIUM 5.3 A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the…
CVE-2025-2561 2025-05-19 MEDIUM 4.8 The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-4893 2025-05-18 MEDIUM 6.3 A vulnerability classified as critical has been found in jammy928 CoinExchange_CryptoExchange_Java up to 8adf508b996020d3efbeeb2473d7235bd01436fa. This affects the function uploadLocalImage of the file /CoinExchange_CryptoExchange_Java-master/00_framework/core/src/main/java/com/bizzan/bitrade/util/UploadFileUtil.java of the component File Upload…
CVE-2025-30733 2025-04-15 MEDIUM 6.5 Vulnerability in the RDBMS Listener component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Easily exploitable vulnerability allows unauthenticated attacker with network…
CVE-2025-2560 2025-05-19 MEDIUM 4.8 The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-2524 2025-05-19 MEDIUM 4.8 The Ninja Forms WordPress plugin before 3.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-27891 2025-05-14 CRITICAL 9.1 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem…
CVE-2024-4878 2025-05-19 N/A 0.0 Rejected reason: Unused CVE record, incorrectly reserved
CVE-2025-1627 2025-05-19 MEDIUM 5.4 The Qi Blocks WordPress plugin before 1.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is…
CVE-2025-23165 2025-05-19 LOW 3.7 In Node.js, the `ReadFileUtf8` internal binding leaks memory due to a corrupted pointer in `uv_fs_s.file`: a UTF-16 path buffer is allocated but subsequently overwritten when the file descriptor…
CVE-2025-23123 2025-05-19 CRITICAL 10.0 A malicious actor with access to the management network could execute a remote code execution (RCE) by exploiting a heap buffer overflow vulnerability in the UniFi Protect Cameras…
CVE-2023-45121 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to…
CVE-2023-45120 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to…
CVE-2023-45119 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to…
CVE-2023-45118 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to…
CVE-2023-6142 2023-11-21 MEDIUM 5.4 Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious…
CVE-2023-6199 2023-11-20 MEDIUM 6.5 Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
CVE-2023-45117 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to…
CVE-2023-45116 2023-12-21 HIGH 8.8 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to…
« Anterior Página 1204 de 4310 Siguiente »