Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55557 2025-09-25 N/A 0.0 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55556 2025-09-25 N/A 0.0 TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
CVE-2025-55554 2025-09-25 N/A 0.0 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55553 2025-09-25 N/A 0.0 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552 2025-09-25 N/A 0.0 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-43943 2025-09-25 MEDIUM 6.7 Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker…
CVE-2025-33116 2025-09-25 MEDIUM 4.4 IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in…
CVE-2025-26333 2025-09-25 MEDIUM 5.9 Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
CVE-2025-10953 2025-09-25 HIGH 8.8 A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument…
CVE-2025-10952 2025-09-25 MEDIUM 5.3 A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File…
CVE-2025-10911 2025-09-25 MEDIUM 5.5 A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
CVE-2024-48014 2025-09-25 HIGH 7.5 Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial…
CVE-2025-59838 2025-09-25 N/A 0.0 Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This…
CVE-2025-59832 2025-09-25 CRITICAL 9.9 Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A…
CVE-2025-59830 2025-09-25 HIGH 7.5 Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both &…
CVE-2025-59823 2025-09-25 CRITICAL 9.9 Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version…
CVE-2025-55551 2025-09-25 N/A 0.0 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
CVE-2025-46153 2025-09-25 MEDIUM 5.3 PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for…
CVE-2025-46152 2025-09-25 MEDIUM 5.3 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
CVE-2025-46150 2025-09-25 MEDIUM 5.3 In PyTorch before 2.7.0, when torch.compile is used, FractionalMaxPool2d has inconsistent results.
CVE-2025-46149 2025-09-25 MEDIUM 5.3 In PyTorch before 2.7.0, when inductor is used, nn.Fold has an assertion error.
CVE-2025-46148 2025-09-25 MEDIUM 5.3 In PyTorch through 2.6.0, when eager is used, nn.PairwiseDistance(p=2) produces incorrect results.
CVE-2025-40838 2025-09-25 N/A 0.0 Ericsson Indoor Connect 8855 contains a vulnerability where server-side security can be bypassed in the client which if exploited can lead to unauthorized disclosure of user accounts.
CVE-2025-40837 2025-09-25 N/A 0.0 Ericsson Indoor Connect 8855 contains a missing authorization vulnerability which if exploited can allow access to the system as a user with higher privileges than intended.
CVE-2025-40836 2025-09-25 N/A 0.0 Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification…
CVE-2025-36857 2025-09-25 LOW 3.3 Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging…
CVE-2025-36601 2025-09-25 MEDIUM 4.0 Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading…
CVE-2025-27262 2025-09-25 N/A 0.0 Ericsson Indoor Connect 8855 contains a command injection vulnerability which if exploited can lead to loss of integrity and confidentiality, as well as unauthorized disclosure and modification of…
CVE-2025-10951 2025-09-25 HIGH 7.3 A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File…
CVE-2025-10950 2025-09-25 MEDIUM 6.3 A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the…
CVE-2025-10949 2025-09-25 LOW 2.4 A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross…
CVE-2025-10542 2025-09-25 CRITICAL 9.8 iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote…
CVE-2025-10541 2025-09-25 HIGH 7.8 iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the…
CVE-2020-36851 2025-09-25 N/A 0.0 Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because…
CVE-2025-11018 2025-09-26 MEDIUM 5.3 A flaw has been found in Four-Faith Water Conservancy Informatization Platform 1.0. This affects an unknown function of the file /sysRole/index.do/../../generalReport/download.do;usrlogout.do.do. Executing manipulation of the argument fileName can…
CVE-2025-11016 2025-09-26 MEDIUM 4.3 A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument…
CVE-2025-11015 2025-09-26 MEDIUM 5.3 A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The…
CVE-2025-9267 2025-09-26 N/A 0.0 In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to load DLLs from the current working directory without validating their…
CVE-2025-11060 2025-09-26 MEDIUM 5.7 A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same…
CVE-2025-11025 2025-09-26 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate…
CVE-2025-11014 2025-09-26 MEDIUM 5.3 A security flaw has been discovered in OGRECave Ogre up to 14.4.1. This issue affects the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp of the component Image Handler. The…
CVE-2025-11013 2025-09-26 LOW 3.3 A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to…
CVE-2025-11012 2025-09-26 MEDIUM 5.3 A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the…
CVE-2025-11011 2025-09-26 LOW 3.3 A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results…
CVE-2025-11010 2025-09-26 MEDIUM 5.3 A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based…
CVE-2025-5069 2025-09-26 LOW 3.5 An issue has been discovered in GitLab CE/EE affecting all versions from 17.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that could have allowed an authenticated…
CVE-2025-11042 2025-09-26 MEDIUM 4.3 An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that allows an attacker to cause…
CVE-2025-10868 2025-09-26 LOW 3.5 An issue has been discovered in GitLab CE/EE affecting all versions from 17.4 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 where certain string conversion methods exhibit…
CVE-2025-10544 2025-09-26 N/A 0.0 Unrestricted file upload vulnerability in DocAve 6.13.2, Perimeter 1.12.3, Compliance Guardian 4.7.1, and earlier versions, allowing administrator users to upload files without proper validation. An attacker could exploit…
CVE-2025-9958 2025-09-26 MEDIUM 6.5 An issue has been discovered in GitLab CE/EE affecting all versions from 14.10 before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1, that could have allowed Guest users…
« Anterior Página 136 de 3649 Siguiente »