Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36238 2026-02-02 MEDIUM 6.0 IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 could allow a local user with administration privileges to obtain sensitive information from a Virtual…
CVE-2025-36194 2026-02-02 LOW 2.8 IBM PowerVM Hypervisor FW1110.00 through FW1110.03, FW1060.00 through FW1060.51, and FW950.00 through FW950.F0 may expose a limited amount of data to a peer partition in specific shared processor…
CVE-2025-13096 2026-02-02 HIGH 7.1 IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML…
CVE-2025-12772 2026-02-02 N/A 0.0 Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call…
CVE-2026-20422 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20421 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20420 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20417 2026-02-02 MEDIUM 5.3 In pcie, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2026-20415 2026-02-02 MEDIUM 5.5 In imgsys, there is a possible memory corruption due to improper locking. This could lead to local denial of service if a malicious actor has already obtained the…
CVE-2026-20409 2026-02-02 HIGH 7.8 In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2026-20407 2026-02-02 HIGH 8.8 In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with User execution…
CVE-2026-20406 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20405 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to…
CVE-2026-20404 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20403 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to…
CVE-2026-20402 2026-02-02 HIGH 7.5 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2026-20411 2026-02-02 HIGH 7.8 In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already…
CVE-2026-24071 2026-02-02 CRITICAL 9.3 It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This…
CVE-2026-24070 2026-02-02 HIGH 8.8 During the installation of the Native Access application, a privileged helper `com.native-instruments.NativeAccess.Helper2`, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or…
CVE-2026-20412 2026-02-02 HIGH 7.8 In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
CVE-2026-1770 2026-02-02 N/A 0.0 Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy…
CVE-2026-1232 2026-02-02 N/A 0.0 A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions
CVE-2026-0921 2026-02-02 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-9974 2026-02-02 HIGH 8.8 The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of…
CVE-2025-47402 2026-02-02 MEDIUM 6.5 Transient DOS when processing a received frame with an excessively large authentication information element.
CVE-2025-47399 2026-02-02 HIGH 7.8 Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters.
CVE-2025-47398 2026-02-02 HIGH 7.8 Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers.
CVE-2025-47397 2026-02-02 HIGH 7.8 Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors.
CVE-2025-47366 2026-02-02 HIGH 7.1 Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input.
CVE-2025-47364 2026-02-02 MEDIUM 6.8 Memory corruption while calculating offset from partition start point.
CVE-2025-47363 2026-02-02 MEDIUM 6.8 Memory corruption when calculating oversized partition sizes without proper checks.
CVE-2025-47359 2026-02-02 HIGH 7.8 Memory Corruption when multiple threads simultaneously access a memory free API.
CVE-2025-47358 2026-02-02 HIGH 7.8 Memory Corruption when user space address is modified and passed to mem_free API, causing kernel memory to be freed inadvertently.
CVE-2025-15395 2026-02-02 MEDIUM 4.3 IBM Jazz Foundation 7.0.3 through 7.0.3 iFix019 and 7.1.0 through 7.1.0 iFix005 is vulnerable to access control violations that allows the users to view or access/perform actions beyond their expected capability.
CVE-2025-15396 2026-02-02 HIGH 7.1 The Library Viewer WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-15030 2026-02-02 CRITICAL 9.8 The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user…
CVE-2025-14914 2026-02-02 HIGH 7.6 IBM WebSphere Application Server Liberty 17.0.0.3 through 26.0.0.1 could allow a privileged user to upload a zip archive containing path traversal sequences resulting in an overwrite of files leading…
CVE-2026-1703 2026-02-02 N/A 0.0 When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the…
CVE-2026-20408 2026-02-02 HIGH 8.0 In wlan, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with no additional…
CVE-2026-0658 2026-02-02 MEDIUM 4.3 The Five Star Restaurant Reservations WordPress plugin before 2.7.9 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform…
CVE-2022-50981 2026-02-02 CRITICAL 9.8 An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced.
CVE-2022-50980 2026-02-02 MEDIUM 6.5 A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN.
CVE-2022-50979 2026-02-02 MEDIUM 6.5 An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485).
CVE-2022-50978 2026-02-02 HIGH 7.5 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP).
CVE-2022-50977 2026-02-02 HIGH 7.5 An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP.
CVE-2022-50976 2026-02-02 HIGH 7.7 A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
CVE-2022-50975 2026-02-02 HIGH 8.8 An unauthenticated remote attacker is able to use an existing session id of a logged in user and gain full access to the device if configuration via ethernet…
CVE-2026-20419 2026-02-02 HIGH 7.5 In wlan AP/STA firmware, there is a possible system becoming irresponsive due to an uncaught exception. This could lead to remote (proximal/adjacent) denial of service with no additional…
CVE-2026-20418 2026-02-02 HIGH 8.8 In Thread, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution…
CVE-2026-20414 2026-02-02 MEDIUM 6.7 In imgsys, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already…
« Anterior Página 24 de 3912 Siguiente »