Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58347 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58346 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58345 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58344 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58343 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58342 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58341 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-58340 2026-02-03 MEDIUM 6.2 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 2200, 1330, 1380, 1480, 1580, W920, W930, and…
CVE-2025-57529 2026-02-03 CRITICAL 9.8 YouDataSum CPAS Audit Management System
CVE-2025-52629 2026-02-03 LOW 3.7 HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing…
CVE-2025-52627 2026-02-03 MEDIUM 5.5 Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This…
CVE-2025-52626 2026-02-03 MEDIUM 4.5 A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
CVE-2025-46651 2026-02-03 CRITICAL 9.1 Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send…
CVE-2020-37116 2026-02-03 HIGH 8.8 GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view…
CVE-2020-37115 2026-02-03 MEDIUM 6.5 GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the…
CVE-2020-37114 2026-02-03 MEDIUM 4.3 GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and…
CVE-2020-37113 2026-02-03 HIGH 8.8 GUnet OpenEclass 1.7.3 allows authenticated users to bypass file extension restrictions when uploading files. By renaming a PHP file to .php3 or .PhP, an attacker can upload a…
CVE-2020-37112 2026-02-03 HIGH 7.1 GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda…
CVE-2020-37111 2026-02-03 MEDIUM 6.1 60CycleCMS 2.5.2 contains a cross-site scripting (XSS) vulnerability in news.php that allows attackers to inject malicious scripts through GET parameters. Attackers can craft malicious URLs with XSS payloads…
CVE-2020-37110 2026-02-03 HIGH 8.2 60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows attackers to manipulate database queries through unvalidated user input. Attackers can exploit vulnerable query parameters…
CVE-2020-37108 2026-02-03 HIGH 7.1 PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of product_detail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code…
CVE-2020-37105 2026-02-03 HIGH 7.1 PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage…
CVE-2020-37103 2026-02-03 MEDIUM 6.4 DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. Attackers can upload XML files…
CVE-2019-25265 2026-02-03 MEDIUM 6.4 Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the…
CVE-2019-25264 2026-02-03 MEDIUM 6.4 Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags…
CVE-2019-25263 2026-02-03 MEDIUM 6.4 Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script…
CVE-2026-23048 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer does use…
CVE-2026-23047 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be…
CVE-2026-23046 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set_queues() frees using net_device->device. This device…
CVE-2026-23045 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in ena. WARNING:…
CVE-2026-23044 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not…
CVE-2026-23043 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in do_abort_log_replay().…
CVE-2026-23042 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain…
CVE-2026-23041 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., bnxt_init_int_mode returns…
CVE-2026-23040 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel…
CVE-2026-22549 2026-02-04 MEDIUM 4.9 A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets.  Note: Software versions which have reached End of Technical Support…
CVE-2025-71192 2026-02-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop…
CVE-2025-70545 2026-02-04 N/A 0.0 A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component…
CVE-2026-22548 2026-02-04 MEDIUM 5.9 When a BIG-IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests along with conditions beyond the attacker's control can cause the bd process…
CVE-2026-20732 2026-02-04 LOW 3.1 A vulnerability exists in an undisclosed BIG-IP Configuration utility page that may allow an attacker to spoof error messages.  Note: Software versions which have reached End of Technical Support…
CVE-2026-20730 2026-02-04 LOW 3.3 A vulnerability exists in BIG-IP Edge Client and browser VPN clients on Windows that may allow attackers to gain access to sensitive information.  Note: Software versions which have reached…
CVE-2025-70997 2026-02-04 N/A 0.0 A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level.
CVE-2025-69618 2026-02-04 N/A 0.0 An arbitrary file overwrite vulnerability in the file import process of Tarot, Astro & Healing v11.4.0 allows attackers to overwrite critical internal files, potentially leading to arbitrary code…
CVE-2025-5329 2026-02-04 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation:…
CVE-2025-15368 2026-02-04 HIGH 8.8 The SportsPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.7.26 via shortcodes 'template_name' attribute. This makes it possible for…
CVE-2025-14740 2026-02-04 MEDIUM 6.7 Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating…
CVE-2026-0873 2026-02-04 N/A 0.0 On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with knowledge to elevate…
CVE-2025-59818 2026-02-04 CRITICAL 10.0 This vulnerability allows authenticated attackers to execute arbitrary commands on the underlying system using the file name of an uploaded file.
CVE-2026-1622 2026-02-04 N/A 0.0 Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local…
CVE-2025-41085 2026-02-04 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in…
« Anterior Página 14 de 3911 Siguiente »