Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-0040 2026-05-15 N/A 0.0 Improper access control between the Joint Test Action Group (JTAG) and Advanced Extensible Interface (AXI) could allow an attacker with physical access to read or overwrite the contents…
CVE-2025-0028 2026-05-15 N/A 0.0 An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to read or modify an arbitrary address potentially resulting in loss of confidentiality,…
CVE-2024-36332 2026-05-15 N/A 0.0 Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU…
CVE-2024-21962 2026-05-15 N/A 0.0 Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
CVE-2023-31317 2026-05-15 N/A 0.0 Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory…
CVE-2023-31316 2026-05-15 N/A 0.0 Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside…
CVE-2023-31309 2026-05-15 N/A 0.0 Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting…
CVE-2022-23826 2026-05-15 N/A 0.0 A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
CVE-2021-26380 2026-05-15 N/A 0.0 A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
CVE-2026-0438 2026-05-15 N/A 0.0 A System Management Mode (SMM) handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high…
CVE-2026-0432 2026-05-15 N/A 0.0 Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
CVE-2025-52540 2026-05-15 N/A 0.0 An improper input validation vulnerability within the AMD Platform Management Framework (PMF) Driver can allow a local attacker to write Out-of-Bounds, potentially resulting in privilege escalation.
CVE-2025-48521 2026-05-15 N/A 0.0 Improper input validation in the AMD Secure Processor (ASP) PCI driver could allow a local attacker to trigger a Use-After-Free (UAF) condition, potentially resulting in a loss of…
CVE-2025-48520 2026-05-15 N/A 0.0 An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a…
CVE-2025-48519 2026-05-15 N/A 0.0 An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation
CVE-2025-48512 2026-05-15 N/A 0.0 Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary code execution.
CVE-2025-0045 2026-05-15 N/A 0.0 Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or…
CVE-2024-36345 2026-05-15 N/A 0.0 Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of…
CVE-2026-8596 2026-05-14 HIGH 7.2 Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract…
CVE-2026-7563 2026-05-15 MEDIUM 4.3 The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This…
CVE-2026-7046 2026-05-15 MEDIUM 4.9 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and…
CVE-2026-6415 2026-05-15 MEDIUM 6.4 The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input…
CVE-2026-6403 2026-05-15 HIGH 7.5 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme()…
CVE-2026-6228 2026-05-15 HIGH 8.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in…
CVE-2026-5229 2026-05-15 CRITICAL 9.8 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data…
CVE-2026-4683 2026-05-15 MEDIUM 6.5 The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all…
CVE-2026-6646 2026-05-15 MEDIUM 6.4 The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient…
CVE-2026-4094 2026-05-15 HIGH 8.1 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in…
CVE-2026-41971 2026-05-15 MEDIUM 5.5 Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-41970 2026-05-15 MEDIUM 6.8 Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41969 2026-05-15 MEDIUM 6.2 Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-41968 2026-05-15 MEDIUM 5.9 Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41967 2026-05-15 MEDIUM 5.9 Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41966 2026-05-15 MEDIUM 5.6 Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-41965 2026-05-15 MEDIUM 5.6 Use-After-Free (UAF) vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41964 2026-05-15 HIGH 8.4 Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41963 2026-05-15 LOW 2.8 Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41962 2026-05-15 LOW 3.6 Permission control vulnerability in the app management and control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2026-41961 2026-05-15 MEDIUM 5.9 Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-41960 2026-05-15 MEDIUM 5.8 Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-8425 2026-05-15 MEDIUM 4.3 The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce…
CVE-2026-20182 2026-05-14 CRITICAL 10.0 May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new…
CVE-2026-8558 2026-05-14 N/A 0.0 Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.…
CVE-2026-43490 2026-05-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr.…
CVE-2026-8584 2026-05-14 MEDIUM 4.2 Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a…
CVE-2026-8583 2026-05-14 MEDIUM 5.3 Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information…
CVE-2026-8582 2026-05-14 MEDIUM 5.3 Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.…
CVE-2026-8575 2026-05-14 HIGH 8.3 Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
CVE-2026-8574 2026-05-14 HIGH 8.3 Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
CVE-2026-8573 2026-05-14 HIGH 8.3 Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium…
« Anterior Página 201 de 4499 Siguiente »