Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-12047
2025-11-12
MEDIUM
5.3
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network…
CVE-2025-10495
2025-11-12
HIGH
7.5
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an…
CVE-2024-48829
2025-11-12
MEDIUM
6.7
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. A high privileged attacker with local access could potentially…
CVE-2025-64099
2025-11-12
N/A
0.0
Open Access Management (OpenAM) is an access management solution. In versions prior to 16.0.0, if the "claims_parameter_supported" parameter is activated, it is possible, thanks to the "oidc-claims-extension.groovy" script,…
CVE-2025-61667
2025-11-12
N/A
0.0
The Datadog Agent collects events and metrics from hosts and sends them to Datadog. A vulnerability within the Datadog Linux Host Agent versions 7.65.0 through 7.70.2 exists due…
CVE-2025-57812
2025-11-12
LOW
3.7
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the…
CVE-2025-11565
2025-11-12
N/A
0.0
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local…
CVE-2024-47866
2025-11-12
HIGH
7.5
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an…
CVE-2024-45301
2025-11-12
MEDIUM
5.3
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in…
CVE-2025-64407
2025-11-12
MEDIUM
5.3
Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded…
CVE-2025-64531
2025-11-11
HIGH
7.8
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61835
2025-11-11
HIGH
7.8
Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-61834
2025-11-11
HIGH
7.8
Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61833
2025-11-11
HIGH
7.8
Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end…
CVE-2025-65002
2025-11-12
HIGH
7.5
Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.
CVE-2025-65001
2025-11-12
HIGH
8.2
Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability.
CVE-2025-25236
2025-11-12
MEDIUM
5.3
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that…
CVE-2025-20379
2025-11-12
LOW
3.5
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold…
CVE-2025-20378
2025-11-12
LOW
3.1
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using…
CVE-2025-13042
2025-11-12
HIGH
8.8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-64406
2025-11-12
MEDIUM
4.3
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue…
CVE-2025-2843
2025-11-12
HIGH
8.8
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial…
CVE-2025-12871
2025-11-12
CRITICAL
9.8
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated…
CVE-2025-12870
2025-11-12
CRITICAL
9.8
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access…
CVE-2025-11797
2025-11-12
HIGH
7.8
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-11795
2025-11-12
HIGH
7.8
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code…
CVE-2025-61828
2025-11-11
HIGH
7.8
Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-61829
2025-11-11
HIGH
7.8
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61836
2025-11-11
HIGH
7.8
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-61827
2025-11-11
HIGH
7.8
Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61826
2025-11-11
HIGH
7.8
Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-59513
2025-11-11
MEDIUM
5.5
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
CVE-2025-59512
2025-11-11
HIGH
7.8
Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59511
2025-11-11
HIGH
7.8
External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59510
2025-11-11
MEDIUM
5.5
Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
CVE-2025-59509
2025-11-11
MEDIUM
5.5
Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59508
2025-11-11
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59507
2025-11-11
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59506
2025-11-11
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-59505
2025-11-11
HIGH
7.8
Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
CVE-2025-59504
2025-11-11
HIGH
7.3
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
CVE-2025-59499
2025-11-11
HIGH
8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59240
2025-11-11
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-47179
2025-11-11
MEDIUM
6.7
Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-30398
2025-11-11
HIGH
8.1
Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
CVE-2025-9316
2025-11-12
N/A
0.0
N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
CVE-2025-64293
2025-11-12
HIGH
7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a…
CVE-2025-64281
2025-11-12
N/A
0.0
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
CVE-2025-64280
2025-11-12
N/A
0.0
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
CVE-2025-63353
2025-11-12
N/A
0.0
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default…
« Anterior
Página 297 de 3934
Siguiente »
Page load link
Go to Top
