Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40935 2025-12-09 MEDIUM 4.3 A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.1), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.1), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.1), RUGGEDCOM…
CVE-2025-40831 2025-12-09 MEDIUM 6.5 A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application lacks input validation of date parameter in report generation functionality. This could…
CVE-2025-40830 2025-12-09 MEDIUM 6.7 A vulnerability has been identified in SINEC Security Monitor (All versions < V4.10.0). The affected application does not have proper authorization checks for the file_transfer feature in ssmctl-client…
CVE-2025-40820 2025-12-09 HIGH 7.5 Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g.…
CVE-2025-40819 2025-12-09 MEDIUM 4.3 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications do not properly validate license restrictions against the database, allowing direct…
CVE-2025-40818 2025-12-09 LOW 3.3 A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP4). Affected applications contain private SSL/TLS keys on the server that are not properly…
CVE-2025-40807 2025-12-09 MEDIUM 6.3 A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to capture-replay of authentication tokens. This could allow an authenticated…
CVE-2025-40806 2025-12-09 MEDIUM 5.3 A vulnerability has been identified in Gridscale X Prepay (All versions < V4.2.1). The affected application is vulnerable to user enumeration due to distinguishable responses. This could allow…
CVE-2025-40801 2025-12-09 HIGH 8.1 A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), JT Bi-Directional Translator for STEP (All versions), NX V2412 (All versions < V2412.8900 with…
CVE-2025-40800 2025-12-09 HIGH 7.4 A vulnerability has been identified in COMOS V10.6 (All versions), COMOS V10.6 (All versions), NX V2412 (All versions < V2412.8700), NX V2506 (All versions < V2506.6000), Simcenter 3D…
CVE-2025-40344 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Disable periods-elapsed work when closing PCM avs_dai_fe_shutdown() handles the shutdown procedure for HOST HDAudio stream…
CVE-2025-40343 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid scheduling association deletion twice When forcefully shutting down a port via the configfs interface, nvmet_port_subsys_drop_link() first…
CVE-2025-40342 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state nvme_fc_unregister_remote removes the remote port on a lport object at…
CVE-2025-40341 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: futex: Don't leak robust_list pointer on exec race sys_get_robust_list() and compat_get_robust_list() use ptrace_may_access() to check if the calling…
CVE-2025-40340 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. I saw an oops in xe_gem_fault when running the…
CVE-2025-40339 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix nullptr err of vm_handle_moved If a amdgpu_bo_va is fpriv->prt_va, the bo of this one is always…
CVE-2025-40338 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components…
CVE-2025-40337 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Correctly handle Rx checksum offload errors The stmmac_rx function would previously set skb->ip_summed to CHECKSUM_UNNECESSARY if…
CVE-2025-40336 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/gpusvm: fix hmm_pfn_to_map_order() usage Handle the case where the hmm range partially covers a huge page (like 2M),…
CVE-2025-40335 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq input args This will help on validating the userq input args, and rejecting for the…
CVE-2025-40334 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate userq buffer virtual address and size It needs to validate the userq object virtual address to…
CVE-2025-40333 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix infinite loop in __insert_extent_tree() When we get wrong extent info data, and look up extent_node in…
CVE-2025-40332 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap…
CVE-2025-40331 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: sctp: Prevent TOCTOU out-of-bounds write For the following path not holding the sock lock, sctp_diag_dump() -> sctp_for_each_endpoint() ->…
CVE-2025-40330 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Shutdown FW DMA in bnxt_shutdown() The netif_close() call in bnxt_shutdown() only stops packet DMA. There may be…
CVE-2025-40329 2025-12-09 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb The Mesa issue referenced below pointed out a possible deadlock: [ 1231.611031] Possible…
CVE-2025-65594 2025-12-09 N/A 0.0 OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data…
CVE-2025-64680 2025-12-09 HIGH 7.8 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64679 2025-12-09 HIGH 7.8 Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-64678 2025-12-09 HIGH 8.8 Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-64673 2025-12-09 HIGH 7.8 Improper access control in Storvsp.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-64672 2025-12-09 HIGH 8.8 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-64671 2025-12-09 HIGH 8.4 Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to execute code locally.
CVE-2025-64670 2025-12-09 MEDIUM 6.5 Exposure of sensitive information to an unauthorized actor in Microsoft Graphics Component allows an authorized attacker to disclose information over a network.
CVE-2025-64667 2025-12-09 MEDIUM 5.3 User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-64666 2025-12-09 HIGH 7.5 Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-64661 2025-12-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64658 2025-12-09 HIGH 7.5 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-64085 2025-12-09 N/A 0.0 A NULL pointer dereference vulnerability in the importDataObject() function of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-62573 2025-12-09 HIGH 7.0 Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-62572 2025-12-09 HIGH 7.8 Out-of-bounds read in Application Information Services allows an authorized attacker to elevate privileges locally.
CVE-2025-62571 2025-12-09 HIGH 7.8 Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-62570 2025-12-09 HIGH 7.1 Improper access control in Windows Camera Frame Server Monitor allows an authorized attacker to disclose information locally.
CVE-2025-62569 2025-12-09 HIGH 7.0 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-62567 2025-12-09 MEDIUM 5.3 Integer underflow (wrap or wraparound) in Windows Hyper-V allows an authorized attacker to deny service over a network.
CVE-2025-62565 2025-12-09 HIGH 7.3 Use after free in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2025-62555 2025-12-09 HIGH 7.0 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62554 2025-12-09 HIGH 8.4 Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62550 2025-12-09 HIGH 8.8 Out-of-bounds write in Azure Monitor Agent allows an authorized attacker to execute code over a network.
CVE-2025-62549 2025-12-09 HIGH 8.8 Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
« Anterior Página 240 de 3934 Siguiente »