Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-41399 2025-05-07 HIGH 7.5 When a Stream Control Transmission Protocol (SCTP) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have…
CVE-2025-36557 2025-05-07 HIGH 7.5 When an HTTP profile with the Enforce RFC Compliance option is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
CVE-2025-36546 2025-05-07 HIGH 8.1 On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH…
CVE-2025-36525 2025-05-07 HIGH 7.5 When a BIG-IP APM virtual server is configured to use a PingAccess profile, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of…
CVE-2025-36504 2025-05-07 HIGH 7.5 When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization.  Note: Software versions which have reached…
CVE-2025-35995 2025-05-07 HIGH 7.5 When a BIG-IP PEM system is licensed with URL categorization, and the URL categorization policy or an iRule with the urlcat command is enabled on a virtual server, undisclosed…
CVE-2025-31644 2025-05-07 HIGH 8.7 When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with…
CVE-2023-7303 2025-05-07 LOW 3.5 A vulnerability, which was classified as problematic, was found in q2apro q2apro-on-site-notifications up to 1.4.6. This affects the function process_request of the file q2apro-onsitenotifications-page.php. The manipulation leads to…
CVE-2025-3925 2025-05-07 HIGH 7.8 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on…
CVE-2025-31177 2025-05-07 MEDIUM 6.2 gnuplot is affected by a heap buffer overflow at function utf8_copy_one.
CVE-2025-3476 2025-05-07 N/A 0.0 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authenticated users.This issue affects Operations Bridge Manager: 2023.05, 23.4, 24.2, 24.4.
CVE-2025-3272 2025-05-07 N/A 0.0 Incorrect Authorization vulnerability in OpenText™ Operations Bridge Manager.  The vulnerability could allow authenticated users to change their password without providing their old password. This issue affects Operations Bridge…
CVE-2025-30147 2025-05-07 N/A 0.0 Besu Native contains scripts and tooling that is used to build and package the native libraries used by the Ethereum client Hyperledger Besu. Besu 24.7.1 through 25.2.2, corresponding…
CVE-2025-26169 2025-05-07 HIGH 8.1 IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a…
CVE-2025-26168 2025-05-07 HIGH 8.1 IXON VPN Client before 1.4.4 on Linux and macOS allows Local Privilege Escalation to root because there is code execution from a configuration file that can be controlled…
CVE-2025-47423 2025-05-07 MEDIUM 5.8 Personal Weather Station Dashboard 12_lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/_test.php, as demonstrated by reading the…
CVE-2025-46828 2025-05-07 N/A 0.0 WeGIA is a web manager for charitable institutions. An unauthenticated SQL Injection vulnerability was identified in versions up to and including 3.3.0 in the endpoint `/html/socio/sistema/get_socios.php`, specifically in…
CVE-2025-46824 2025-05-07 LOW 3.1 The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting…
CVE-2025-20223 2025-05-07 MEDIUM 4.7 A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an…
CVE-2025-20221 2025-05-07 MEDIUM 5.3 A vulnerability in the packet filtering features of Cisco IOS XE SD-WAN Software could allow an unauthenticated, remote attacker to bypass Layer 3 and Layer 4 traffic filters.…
CVE-2025-20216 2025-05-07 MEDIUM 4.7 A vulnerability in the web interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to inject HTML into the browser of…
CVE-2025-20214 2025-05-07 MEDIUM 4.3 A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration…
CVE-2025-20213 2025-05-07 MEDIUM 5.5 A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, local attacker to overwrite arbitrary files on the local file…
CVE-2025-20210 2025-05-07 HIGH 7.3 A vulnerability in the management API of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an unauthenticated, remote attacker to read and modify the outgoing proxy configuration…
CVE-2025-20202 2025-05-07 HIGH 7.4 A vulnerability in Cisco IOS XE Wireless Controller Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This…
CVE-2025-20201 2025-05-07 MEDIUM 6.7 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating…
CVE-2025-20200 2025-05-07 MEDIUM 6.7 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating…
CVE-2025-20199 2025-05-07 MEDIUM 4.6 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying…
CVE-2025-20198 2025-05-07 MEDIUM 4.6 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying operating…
CVE-2025-20197 2025-05-07 MEDIUM 6.7 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with privilege level 15 to elevate privileges to root on the underlying…
CVE-2025-20196 2025-05-07 MEDIUM 5.3 A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the Cisco…
CVE-2025-20195 2025-05-07 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a CSRF attack and execute commands on the…
CVE-2025-20194 2025-05-07 MEDIUM 5.4 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.…
CVE-2025-20193 2025-05-07 MEDIUM 6.5 A vulnerability in the web-based management interface of Cisco IOS XE Software could allow an authenticated, low-privileged, remote attacker to perform an injection attack against an affected device.r…
CVE-2025-20192 2025-05-07 HIGH 7.7 A vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service…
CVE-2025-20191 2025-05-07 HIGH 7.4 A vulnerability in the Switch Integrated Security Features (SISF) of Cisco IOS Software, Cisco IOS XE Software, Cisco NX-OS Software, and Cisco Wireless LAN Controller (WLC) AireOS Software…
CVE-2025-20190 2025-05-07 MEDIUM 6.5 A vulnerability in the lobby ambassador web interface of Cisco IOS XE Wireless Controller Software could allow an authenticated, remote attacker to remove arbitrary users that are defined…
CVE-2025-20189 2025-05-07 HIGH 7.4 A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow…
CVE-2025-20187 2025-05-07 MEDIUM 6.5 A vulnerability in the application data endpoints of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to write arbitrary files to an…
CVE-2025-20186 2025-05-07 HIGH 8.8 A vulnerability in the web-based management interface of the Wireless LAN Controller feature of Cisco IOS XE Software could allow an authenticated, remote attacker with a lobby ambassador…
CVE-2025-20182 2025-05-07 HIGH 8.6 A vulnerability in the Internet Key Exchange version 2 (IKEv2) protocol processing of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software,…
CVE-2025-20181 2025-05-07 MEDIUM 6.8 A vulnerability in Cisco IOS Software for Cisco Catalyst 2960X, 2960XR, 2960CX, and 3560CX Series Switches could allow an authenticated, local attacker with privilege level 15 or an…
CVE-2025-20164 2025-05-07 HIGH 8.3 A vulnerability in the Cisco Industrial Ethernet Switch Device Manager (DM) of Cisco IOS Software could allow an authenticated, remote attacker to elevate privileges. This vulnerability is due…
CVE-2025-20162 2025-05-07 HIGH 8.6 A vulnerability in the DHCP snooping security feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a full interface queue wedge, which could…
CVE-2025-20157 2025-05-07 MEDIUM 5.9 A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information. This…
CVE-2025-20155 2025-05-07 MEDIUM 6.0 A vulnerability in the bootstrap loading of Cisco IOS XE Software could allow an authenticated, local attacker to write arbitrary files to an affected system. This vulnerability is…
CVE-2025-20154 2025-05-07 HIGH 8.6 A vulnerability in the Two-Way Active Measurement Protocol (TWAMP) server feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause…
CVE-2025-20151 2025-05-07 MEDIUM 4.3 A vulnerability in the implementation of the Simple Network Management Protocol Version 3 (SNMPv3) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated,…
CVE-2025-20147 2025-05-07 MEDIUM 5.4 A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to conduct a stored cross-site scripting…
CVE-2025-20140 2025-05-07 HIGH 7.4 A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent wireless attacker to cause…
« Anterior Página 1267 de 4312 Siguiente »