Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-0049 2025-04-28 LOW 3.5 When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may…
CVE-2025-4038 2025-04-28 MEDIUM 5.3 A vulnerability was found in code-projects Train Ticket Reservation System 1.0. It has been declared as critical. Affected by this vulnerability is the function Reservation of the component…
CVE-2023-50290 2024-01-15 MEDIUM 6.5 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users…
CVE-2025-32883 2025-05-01 N/A 0.0 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-41722. Reason: This candidate is a reservation duplicate of CVE-2024-41722. Notes: All CVE users should reference CVE-2024-41722. instead of…
CVE-2025-22870 2025-03-12 MEDIUM 4.4 Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com",…
CVE-2025-27773 2025-03-11 HIGH 8.6 The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding.…
CVE-2024-11741 2025-01-31 MEDIUM 4.3 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting VictorOps integration was not properly protected and could be exposed to users with Viewer permission. Fixed…
CVE-2024-38828 2024-11-18 MEDIUM 5.3 Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack.
CVE-2024-35890 2024-05-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: gro: fix ownership transfer If packets are GROed with fraglist they might be segmented later on and continue…
CVE-2024-10976 2024-11-14 MEDIUM 4.2 Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction…
CVE-2023-24626 2023-04-08 MEDIUM 6.5 socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged…
CVE-2022-3725 2022-10-27 MEDIUM 6.3 Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file
CVE-2022-25849 2022-10-26 MEDIUM 5.4 The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
CVE-2021-28831 2021-03-19 HIGH 7.5 decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
CVE-2021-26937 2021-02-09 CRITICAL 9.8 encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via…
CVE-2020-8165 2020-06-19 CRITICAL 9.8 A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially…
CVE-2025-46327 2025-04-28 LOW 3.3 gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging…
CVE-2025-46328 2025-04-28 LOW 3.3 snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy…
CVE-2025-46329 2025-04-29 LOW 3.3 libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set…
CVE-2025-46330 2025-04-29 LOW 3.3 libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able…
CVE-2025-46338 2025-04-29 MEDIUM 6.1 Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.21.0, an improper input handling vulnerability in the `/api/upload` endpoint allows an attacker to perform a reflected…
CVE-2025-46343 2025-04-29 MEDIUM 5.0 n8n is a workflow automation platform. Prior to version 1.90.0, n8n is vulnerable to stored cross-site scripting (XSS) through the attachments view endpoint. n8n workflows can store and…
CVE-2024-58099 2025-04-29 MEDIUM 5.5 In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case…
CVE-2025-4060 2025-04-29 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. This issue affects some unknown processing of the file /category.php. The manipulation…
CVE-2025-4061 2025-04-29 MEDIUM 5.3 A vulnerability, which was classified as critical, was found in code-projects Clothing Store Management System up to 1.0. Affected is the function add_item. The manipulation of the argument…
CVE-2025-4062 2025-04-29 MEDIUM 5.3 A vulnerability has been found in code-projects Theater Seat Booking System 1.0 and classified as critical. Affected by this vulnerability is the function cancel. The manipulation of the…
CVE-2025-4063 2025-04-29 MEDIUM 5.3 A vulnerability was found in code-projects Student Information Management System 1.0 and classified as critical. Affected by this issue is the function cancel. The manipulation of the argument…
CVE-2025-4064 2025-04-29 MEDIUM 5.3 A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper…
CVE-2025-4082 2025-04-29 MEDIUM 5.9 Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. *This bug only affects Thunderbird…
CVE-2025-4083 2025-04-29 CRITICAL 9.1 A process isolation vulnerability in Thunderbird stemmed from improper handling of javascript: URIs, which could allow content to execute in the top-level document's process instead of the intended…
CVE-2025-4084 2025-04-29 MEDIUM 5.7 Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local…
CVE-2025-4085 2025-04-29 HIGH 7.1 An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138…
CVE-2025-4086 2025-04-29 MEDIUM 6.5 A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. *This bug only affects Thunderbird…
CVE-2025-4087 2025-04-29 MEDIUM 6.5 A vulnerability was identified in Thunderbird where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access…
CVE-2025-4088 2025-04-29 MEDIUM 6.5 A security vulnerability in Thunderbird allowed malicious sites to use redirects to send credentialed requests to arbitrary endpoints on any site that had invoked the Storage Access API.…
CVE-2025-4089 2025-04-29 MEDIUM 5.1 Due to insufficient escaping of special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code…
CVE-2025-4090 2025-04-29 MEDIUM 6.5 A vulnerability existed in Thunderbird for Android where potentially sensitive library locations were logged via Logcat. This vulnerability affects Firefox < 138 and Thunderbird < 138.
CVE-2025-4091 2025-04-29 MEDIUM 6.5 Memory safety bugs present in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2025-4092 2025-04-29 MEDIUM 6.5 Memory safety bugs present in Firefox 137 and Thunderbird 137. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2025-4093 2025-04-29 MEDIUM 6.5 Memory safety bug present in Firefox ESR 128.9, and Thunderbird 128.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have…
CVE-2025-46584 2025-05-06 HIGH 7.8 Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46585 2025-05-06 HIGH 7.5 Out-of-bounds array read/write vulnerability in the kernel module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-46586 2025-05-06 MEDIUM 5.1 Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58252 2025-05-06 MEDIUM 6.2 Vulnerability of insufficient information protection in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46587 2025-05-06 MEDIUM 6.2 Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46588 2025-05-06 MEDIUM 4.4 Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-46589 2025-05-06 MEDIUM 4.4 Vulnerability of unauthorized access in the app lock module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2025-46590 2025-05-06 MEDIUM 6.3 Bypass vulnerability in the network search instruction authentication module Impact: Successful exploitation of this vulnerability can bypass authentication and enable access to some network search functions.
CVE-2025-46591 2025-05-06 MEDIUM 6.2 Out-of-bounds data read vulnerability in the authorization module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-46592 2025-05-06 MEDIUM 4.4 Null pointer dereference vulnerability in the USB HDI driver module Impact: Successful exploitation of this vulnerability may affect availability.
« Anterior Página 1254 de 4311 Siguiente »