Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-3794	2025-05-09	MEDIUM	5.4	The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp…
CVE-2025-4494	2025-05-09	HIGH	7.3	A vulnerability, which was classified as critical, was found in JAdmin-JAVA JAdmin 1.0. Affected is the function toLogin of the file NoNeedLoginController.java of the component Admin Backend. The…
CVE-2025-4447	2025-05-09	N/A	0.0	In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that…
CVE-2025-47269	2025-05-09	HIGH	8.3	code-server runs VS Code on any machine anywhere through browser access. Prior to version 4.99.4, a maliciously crafted URL using the proxy subpath can result in the attacker…
CVE-2025-1993	2025-05-09	MEDIUM	5.1	IBM App Connect Enterprise Certified Container 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7,…
CVE-2025-29509	2025-05-09	HIGH	8.8	Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in…
CVE-2025-1278	2025-05-09	MEDIUM	5.3	An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before 17.11.2. Under certain conditions users could bypass…
CVE-2025-0549	2025-05-09	MEDIUM	6.8	An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.3 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2.…
CVE-2024-8973	2025-05-09	MEDIUM	6.5	An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2.…
CVE-2025-4432	2025-05-09	MEDIUM	5.3	A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to…
CVE-2025-28203	2025-05-09	HIGH	8.8	Victure RX1800 EN_V1.0.0_r12_110933 was discovered to contain a command injection vulnerability.
CVE-2025-28202	2025-05-09	HIGH	8.8	Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.
CVE-2025-28201	2025-05-09	MEDIUM	6.8	An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.
CVE-2024-9524	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges…
CVE-2024-13962	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges…
CVE-2024-13961	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary…
CVE-2024-13960	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary…
CVE-2024-13959	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of…
CVE-2024-13944	2025-05-09	HIGH	7.8	Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary…
CVE-2024-13759	2025-05-09	HIGH	7.8	Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion
CVE-2025-4382	2025-05-09	MEDIUM	5.9	A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the…
CVE-2025-4206	2025-05-09	HIGH	7.2	The WordPress CRM, Email & Marketing Automation for WordPress \| Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path…
CVE-2025-3897	2025-05-09	MEDIUM	5.9	The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for…
CVE-2025-3528	2025-05-09	HIGH	8.2	A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw…
CVE-2025-1087	2025-05-09	N/A	0.0	Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input…
CVE-2025-4403	2025-05-09	CRITICAL	9.8	The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to…
CVE-2025-3949	2025-05-09	MEDIUM	4.3	The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to…
CVE-2025-3605	2025-05-09	CRITICAL	9.8	The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due…
CVE-2025-3455	2025-05-09	HIGH	8.8	The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-37889	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Consistently treat platform_max as control value This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in…
CVE-2025-37888	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent NULL…
CVE-2025-37887	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the…
CVE-2025-37886	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than…
CVE-2025-37885	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if new route isn't postable Restore an IRTE back to host…
CVE-2025-37884	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock between rcu_tasks_trace and event_mutex. Fix the following deadlock: CPU A _free_event() perf_kprobe_destroy() mutex_lock(&event_mutex) perf_trace_event_unreg() synchronize_rcu_tasks_trace()…
CVE-2025-37883	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Add check for get_zeroed_page() Add check for the return value of get_zeroed_page() in sclp_console_init() to prevent null…
CVE-2025-37882	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at…
CVE-2025-37881	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() The variable d->name, returned by devm_kasprintf(), could be NULL.…
CVE-2025-37879	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies…
CVE-2025-37878	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init Move the get_ctx(child_ctx) call and the child_event->ctx assignment to occur…
CVE-2025-37877	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearing down already-configured…
CVE-2025-37876	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS When testing a special config: CONFIG_NETFS_SUPPORTS=y CONFIG_PROC_FS=n The system crashes with something…
CVE-2025-37875	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: igc: fix PTM cycle trigger logic Writing to clear the PTM status 'valid' bit while the PTM cycle…
CVE-2025-37874	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net: ngbe: fix memory leak in ngbe_probe() error path When ngbe_sw_init() is called, memory is allocated for wx->rss_key…
CVE-2025-37873	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix missing ring index trim on error path Commit under Fixes converted tx_prod to be free…
CVE-2025-37872	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix memory leak in txgbe_probe() error path When txgbe_sw_init() is called, memory is allocated for wx->rss_key…
CVE-2025-37871	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: nfsd: decrease sc_count directly if fail to queue dl_recall A deadlock warning occurred when invoking nfs4_put_stid following a…
CVE-2025-37870	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: prevent hang on link training fail [Why] When link training fails, the phy clock will be disabled.…
CVE-2025-37869	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/xe: Use local fence in error path of xe_migrate_clear The intent of the error path in xe_migrate_clear is…
CVE-2025-37868	2025-05-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/xe/userptr: fix notifier vs folio deadlock User is reporting what smells like notifier vs folio deadlock, where migrate_pages_batch()…

« Anterior Página 1250 de 4311 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte