Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-39902 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further…
CVE-2025-39901 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: i40e: remove read access to debugfs files The 'command' and 'netdev_ops' debugfs files are a legacy debugging interface…
CVE-2025-39900 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y syzbot reported a WARNING in est_timer() [1] Problem here is that with…
CVE-2025-39899 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE With CONFIG_HIGHPTE on 32-bit ARM, move_pages_pte() maps PTE pages using kmap_local_page(),…
CVE-2025-39898 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: e1000e: fix heap overflow in e1000_set_eeprom Fix a possible heap overflow in e1000_set_eeprom function by adding input validation…
CVE-2025-39897 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Add error handling for RX metadata pointer retrieval Add proper error checking for dmaengine_desc_get_metadata_ptr() which…
CVE-2025-39896 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery work from being queued during device removal Use disable_work_sync() instead of cancel_work_sync() in ivpu_dev_fini() to…
CVE-2025-39895 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_cpu() if mask offline sched_numa_find_nth_cpu() uses a bsearch to look for the 'closest' CPU in sched_domains_numa_masks…
CVE-2025-39894 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm When send a broadcast packet to a…
CVE-2025-39893 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: spi: spi-qpic-snand: unregister ECC engine on probe error and device remove The on-host hardware ECC engine remains registered…
CVE-2025-39892 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked() soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In…
CVE-2025-39891 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chan_stats array to zero The adapter->chan_stats[] array is initialized in mwifiex_init_channel_scan_gap() with vmalloc(), which…
CVE-2025-11226 2025-10-01 N/A 0.0 ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.18 in Java applications, allows an attacker to execute arbitrary code by compromising…
CVE-2020-36852 2025-10-01 CRITICAL 9.1 The Custom Searchable Data Entry System plugin for WordPress is vulnerable to unauthenticated database wiping in versions up to, and including 1.7.1, due to a missing capability check…
CVE-2025-7493 2025-09-30 CRITICAL 9.1 A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the…
CVE-2025-9075 2025-10-01 MEDIUM 6.4 The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input…
CVE-2025-10744 2025-10-01 MEDIUM 5.3 The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly…
CVE-2025-10735 2025-10-01 MEDIUM 4.0 The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via…
CVE-2025-10538 2025-10-01 N/A 0.0 An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account…
CVE-2025-61722 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61721 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61720 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61719 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61718 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61717 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61716 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61715 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61714 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61792 2025-09-30 MEDIUM 6.4 Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button,…
CVE-2025-55191 2025-09-30 MEDIUM 6.5 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition…
CVE-2025-43826 2025-09-30 N/A 0.0 Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10,…
CVE-2022-40285 2025-09-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-13967. Reason: This record is a reservation duplicate of CVE-2024-13967. Notes: All CVE users should reference CVE-2024-13967 instead of…
CVE-2025-9232 2025-09-30 MEDIUM 5.9 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of…
CVE-2025-9231 2025-09-30 MEDIUM 6.5 Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary:…
CVE-2025-9230 2025-09-30 HIGH 7.5 Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger…
CVE-2025-56392 2025-09-30 N/A 0.0 An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST…
CVE-2025-56200 2025-09-30 MEDIUM 6.1 A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the…
CVE-2025-56018 2025-09-30 MEDIUM 6.1 SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.
CVE-2025-52050 2025-09-30 MEDIUM 6.5 In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-52049 2025-09-30 MEDIUM 6.5 In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query…
CVE-2025-52047 2025-09-30 MEDIUM 6.5 In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-52043 2025-09-30 MEDIUM 6.5 In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-36262 2025-09-30 MEDIUM 4.9 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information…
CVE-2025-36132 2025-09-30 MEDIUM 5.4 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in…
CVE-2025-28016 2025-09-30 MEDIUM 4.8 A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to…
CVE-2025-10659 2025-09-30 CRITICAL 9.8 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the…
CVE-2024-55017 2025-09-30 HIGH 7.5 Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to…
CVE-2025-56132 2025-09-30 N/A 0.0 LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated…
CVE-2025-43827 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10,…
CVE-2025-11149 2025-09-30 HIGH 7.5 This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This…
« Anterior Página 126 de 3647 Siguiente »