Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-37809 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference.…
CVE-2025-37808 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq…
CVE-2025-37807 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kmemleak warning for percpu hashmap Vlad Poenaru reported the following kmemleak issue: unreferenced object 0x606fd7c44ac8 (size…
CVE-2025-37806 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. [1] Before the write operation…
CVE-2025-37805 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU:…
CVE-2025-37803 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
CVE-2025-37802 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING" wait_event_timeout() will set the state of the current…
CVE-2025-37801 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function…
CVE-2025-37800 2025-05-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same…
CVE-2025-3419 2025-05-08 HIGH 7.5 The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the…
CVE-2024-13793 2025-05-08 HIGH 7.3 The Wolmart | Multi-Vendor Marketplace WooCommerce Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.8.11. This is due to…
CVE-2025-32873 2025-05-08 MEDIUM 5.3 An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.strip_tags() function is vulnerable to a potential denial-of-service (slow performance) when…
CVE-2024-55651 2025-05-08 N/A 0.0 i-Educar is free, fully online school management software. Version 2.9 of the application fails to properly validate and sanitize user supplied input, leading to a stored cross-site scripting…
CVE-2025-46727 2025-05-07 HIGH 7.5 Rack is a modular Ruby web server interface. Prior to versions 2.2.14, 3.0.16, and 3.1.14, `Rack::QueryParser` parses query strings and `application/x-www-form-urlencoded` bodies into Ruby data structures without imposing…
CVE-2025-32441 2025-05-07 MEDIUM 4.2 Rack is a modular Ruby web server interface. Prior to version 2.2.14, when using the `Rack::Session::Pool` middleware, simultaneous rack requests can restore a deleted rack session, which allows…
CVE-2025-0936 2025-05-07 MEDIUM 6.5 On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials…
CVE-2025-46826 2025-05-07 N/A 0.0 insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and…
CVE-2025-46821 2025-05-07 MEDIUM 5.3 Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the `*` character from a set of valid…
CVE-2025-46265 2025-05-07 HIGH 8.8 On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End…
CVE-2025-43878 2025-05-07 MEDIUM 6.0 When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command…
CVE-2025-41433 2025-05-07 HIGH 7.5 When a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the…
CVE-2025-41431 2025-05-07 HIGH 7.5 When connection mirroring is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate in the standby BIG-IP systems in a traffic…
CVE-2025-41414 2025-05-07 HIGH 7.5 When HTTP/2 client and server profile is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical…
CVE-2025-41399 2025-05-07 HIGH 7.5 When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have…
CVE-2025-36557 2025-05-07 HIGH 7.5 When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
CVE-2025-36546 2025-05-07 HIGH 8.1 On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH…
CVE-2025-36525 2025-05-07 HIGH 7.5 When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of…
CVE-2025-36504 2025-05-07 HIGH 7.5 When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached…
CVE-2025-35995 2025-05-07 HIGH 7.5 When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed…
CVE-2025-31644 2025-05-07 HIGH 8.7 When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with…
CVE-2023-7303 2025-05-07 LOW 3.5 A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to…
CVE-2025-3925 2025-05-07 HIGH 7.8 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on…
CVE-2025-31177 2025-05-07 MEDIUM 6.2 gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
CVE-2025-3476 2025-05-07 N/A 0.0 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.
CVE-2025-3272 2025-05-07 N/A 0.0 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge…
CVE-2025-30147 2025-05-07 N/A 0.0 Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding…
CVE-2025-26169 2025-05-07 HIGH 8.1 IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a…
CVE-2025-26168 2025-05-07 HIGH 8.1 IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled…
CVE-2025-47423 2025-05-07 MEDIUM 5.8 Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the…
CVE-2025-46828 2025-05-07 N/A 0.0 WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in…
CVE-2025-46824 2025-05-07 LOW 3.1 The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting…
CVE-2025-20223 2025-05-07 MEDIUM 4.7 A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an…
CVE-2025-20221 2025-05-07 MEDIUM 5.3 A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.…
CVE-2025-20216 2025-05-07 MEDIUM 4.7 A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of…
CVE-2025-20214 2025-05-07 MEDIUM 4.3 A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration…
CVE-2025-20213 2025-05-07 MEDIUM 5.5 A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file…
CVE-2025-20210 2025-05-07 HIGH 7.3 A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration…
CVE-2025-20202 2025-05-07 HIGH 7.4 A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This…
CVE-2025-20201 2025-05-07 MEDIUM 6.7 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating…
CVE-2025-20200 2025-05-07 MEDIUM 6.7 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating…
« Anterior Página 1266 de 4311 Siguiente »