Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2026-23054	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection…
CVE-2026-23053	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd,…
CVE-2026-23052	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE multiplied by 2^order equals…
CVE-2026-23051	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using…
CVE-2026-23050	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the…
CVE-2026-23049	2026-02-04	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is missing…
CVE-2026-20123	2026-02-04	MEDIUM	4.3	A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user…
CVE-2026-20119	2026-02-04	HIGH	7.5	A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial…
CVE-2026-20111	2026-02-04	MEDIUM	4.8	A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of…
CVE-2026-1642	2026-02-04	MEDIUM	5.9	A vulnerability exists in NGINX OSS and NGINX Plus when configured to proxy to upstream Transport Layer Security (TLS) servers. An attacker with a man-in-the-middle (MITM) position on…
CVE-2025-69620	2026-02-04	HIGH	7.5	A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.
CVE-2026-24735	2026-02-04	HIGH	7.5	Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer. This issue affects Apache Answer: through 1.7.1. An unauthenticated API endpoint incorrectly exposes full revision…
CVE-2025-71179	2026-02-03	MEDIUM	6.1	Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_bundles/search/query endpoint. These vulnerabilities…
CVE-2025-70841	2026-02-03	CRITICAL	10.0	Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel…
CVE-2025-67187	2026-02-03	CRITICAL	9.8	A stack-based buffer overflow vulnerability was identified in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The flaw exists in the setIpQosRules interface of /lib/cste_modules/firewall.so where the comment parameter is not properly validated…
CVE-2025-67186	2026-02-03	CRITICAL	9.8	TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing…
CVE-2025-65924	2026-02-03	MEDIUM	6.1	ERPNext thru 15.88.1 does not sanitize or remove certain HTML tags specifically `` hyperlinks in fields that are intended for plain text. Although JavaScript is blocked (preventing XSS),…
CVE-2025-65923	2026-02-03	MEDIUM	5.4	A Stored Cross-Site Scripting (XSS) vulnerability was discovered within the CSV import mechanism of ERPNext thru 15.88.1 when using the Update Existing Recordsoption. An attacker can embed malicious…
CVE-2025-65875	2026-02-03	HIGH	8.8	An arbitrary file upload vulnerability in the AddFont() function of FPDF v1.86 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2025-63624	2026-02-03	CRITICAL	9.8	SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imei_list.aspx file.
CVE-2025-63372	2026-02-03	HIGH	7.5	Articentgroup Zip Rar Extractor Tool 1.345.93.0 is vulnerable to Directory Traversal. The vulnerability resides in the ZIP file processing component, specifically in the functionality responsible for extracting and…
CVE-2025-61506	2026-02-03	CRITICAL	9.8	An issue was discovered in MediaCrush thru 1.0.1 allowing remote unauthenticated attackers to upload arbitrary files of any size to the /upload endpoint.
CVE-2025-60865	2026-02-03	HIGH	7.8	Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component.
CVE-2025-59439	2026-02-03	HIGH	7.5	An issue was discovered in Samsung Modem Exynos through 2025-08-29. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional…
CVE-2025-10878	2026-02-03	CRITICAL	10.0	A SQL injection vulnerability exists in the login functionality of Fikir Odalari AdminPando 1.0.1 before 2026-01-26. The username and password parameters are vulnerable to SQL injection, allowing unauthenticated…
CVE-2025-70849	2026-02-03	MEDIUM	5.4	Arbitrary File Upload in podinfo thru 6.9.0 allows unauthenticated attackers to upload arbitrary files via crafted POST request to the /store endpoint. The application renders uploaded content without…
CVE-2025-70758	2026-02-03	N/A	0.0	chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails…
CVE-2025-70560	2026-02-03	HIGH	8.4	Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the…
CVE-2025-70559	2026-02-03	N/A	0.0	pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with…
CVE-2025-70311	2026-02-03	N/A	0.0	JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack.
CVE-2025-69983	2026-02-03	N/A	0.0	FUXA v1.2.7 allows Remote Code Execution (RCE) via the project import functionality. The application does not properly sanitize or sandbox user-supplied scripts within imported project files. An attacker…
CVE-2025-69981	2026-02-03	N/A	0.0	FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can…
CVE-2025-69971	2026-02-03	N/A	0.0	FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge…
CVE-2025-69970	2026-02-03	N/A	0.0	FUXA v1.2.7 contains an insecure default configuration vulnerability in server/settings.default.js. The 'secureEnabled' flag is commented out by default, causing the application to initialize with authentication disabled. This allows…
CVE-2025-69875	2026-02-03	N/A	0.0	A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local…
CVE-2025-69848	2026-02-03	N/A	0.0	NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling…
CVE-2025-69431	2026-02-03	N/A	0.0	The ZSPACE Q2C NAS contains a vulnerability related to incorrect symbolic link following. Attackers can format a USB drive to ext4, create a symbolic link to its root…
CVE-2025-69430	2026-02-03	N/A	0.0	An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 (version equal to or prior to V1.9.12), DM3 (version equal to or prior to V1.9.12),…
CVE-2025-69429	2026-02-03	N/A	0.0	The ORICO NAS CD3510 (version V1.9.12 and below) contains an Incorrect Symlink Follow vulnerability that could be exploited by attackers to leak or tamper with the internal file…
CVE-2025-67189	2026-02-03	N/A	0.0	A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into…
CVE-2025-67188	2026-02-03	N/A	0.0	A buffer overflow vulnerability exists in TOTOLINK A950RG V4.1.2cu.5204_B20210112. The issue resides in the setRadvdCfg interface of the /lib/cste_modules/ipv6.so module. The function fails to properly validate the length…
CVE-2025-66374	2026-02-03	HIGH	7.8	CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task.
CVE-2025-62599	2026-02-03	N/A	0.0	Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when…
CVE-2025-58348	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58347	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58346	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58345	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58344	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58343	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58342	2026-02-03	MEDIUM	6.2	An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…

« Anterior Página 13 de 3911 Siguiente »