Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-69806 2026-02-12 N/A 0.0 p2r3 bareiron commit: 8e4d4020d contains an Out-of-bounds Read, which allows unauthenticated remote attackers to get relative information leakage via a packet sent to the server
CVE-2025-63421 2026-02-12 HIGH 7.8 An issue in filosoft Comerc.32 Commercial Invoicing v.16.0.0.3 allows a local attacker to execute arbitrary code via the comeinst.exe file
CVE-2025-54519 2026-02-12 HIGH 7.3 A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-52533 2026-02-12 N/A 0.0 Improper Access Control in an on-chip debug interface could allow a privileged attacker to enable a debug interface and potentially compromise data confidentiality or integrity.
CVE-2024-36319 2026-02-12 N/A 0.0 Debug code left active in AMD's Video Decoder Engine Firmware (VCN FW) could allow a attacker to submit a maliciously crafted command causing the VCN FW to perform…
CVE-2023-31323 2026-02-12 N/A 0.0 Type confusion in the AMD Secure Processor (ASP) could allow an attacker to pass a malformed argument to the External Global Memory Interconnect Trusted Agent (XGMI TA) leading…
CVE-2023-20601 2026-02-12 N/A 0.0 Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition.
CVE-2025-61880 2026-02-12 HIGH 8.8 In Infoblox NIOS through 9.0.7, insecure deserialization can result in remote code execution.
CVE-2025-61879 2026-02-12 HIGH 7.7 In Infoblox NIOS through 9.0.7, a High-Privileged User Can Trigger an Arbitrary File Write via the Account Creation Mechanism.
CVE-2025-55210 2026-02-12 N/A 0.0 FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by…
CVE-2025-54756 2026-02-12 HIGH 8.4 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device…
CVE-2026-26217 2026-02-12 HIGH 8.6 Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /execute_js, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated…
CVE-2026-26216 2026-02-12 CRITICAL 10.0 Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is…
CVE-2026-26214 2026-02-12 HIGH 7.4 Galaxy FDS Android SDK (XiaoMi/galaxy-fds-sdk-android) version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled (the default configuration). In GalaxyFDSClientImpl.createHttpClient(), the SDK configures Apache HttpClient with…
CVE-2025-70886 2026-02-12 HIGH 7.5 An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint
CVE-2025-69752 2026-02-12 N/A 0.0 An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP…
CVE-2025-69634 2026-02-12 CRITICAL 9.0 Cross Site Request Forgery vulnerability in Dolibarr ERP & CRM v.22.0.9 allows a remote attacker to escalate privileges via the notes field in perms.php
CVE-2025-56647 2026-02-12 MEDIUM 6.5 npm @farmfe/core before 1.7.6 is Missing Origin Validation in WebSocket. The development (hot module reloading) server does not validate origin when connecting to a WebSocket client. This allows…
CVE-2026-1104 2026-02-12 HIGH 8.8 The FastDup – Fastest WordPress Migration & Duplicator plugin for WordPress is vulnerable to unauthorized backup creation and download due to a missing capability check on REST API…
CVE-2025-14014 2026-02-12 CRITICAL 9.8 Unrestricted Upload of File with Dangerous Type vulnerability in NTN Information Processing Services Computer Software Hardware Industry and Trade Ltd. Co. Smart Panel allows Accessing Functionality Not Properly…
CVE-2023-31313 2026-02-12 HIGH 7.2 An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially…
CVE-2026-26257 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26256 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26255 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26254 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26253 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26252 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26251 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26250 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-26249 2026-02-13 N/A 0.0 Rejected reason: Not used
CVE-2026-20669 2026-02-11 MEDIUM 5.5 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able…
CVE-2026-20653 2026-02-11 MEDIUM 5.5 A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia…
CVE-2026-20652 2026-02-11 HIGH 7.5 The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3,…
CVE-2026-20648 2026-02-11 MEDIUM 5.5 A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to…
CVE-2026-20645 2026-02-11 MEDIUM 4.6 An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker…
CVE-2026-20644 2026-02-11 MEDIUM 6.5 The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.3, iOS 18.7.5 and iPadOS 18.7.5, visionOS 26.3, iOS 26.3 and iPadOS 26.3,…
CVE-2026-20638 2026-02-11 MEDIUM 5.5 A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3. A user with Live Caller ID app extensions turned off…
CVE-2026-20628 2026-02-11 HIGH 7.1 A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 18.7.5…
CVE-2026-20612 2026-02-11 MEDIUM 5.5 A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3, macOS Sonoma 14.8.4. An app may be able to…
CVE-2026-20700 2026-02-11 HIGH 7.8 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 26.3, tvOS 26.3, macOS Tahoe 26.3, visionOS 26.3, iOS 26.3 and iPadOS…
CVE-2026-20682 2026-02-11 MEDIUM 5.3 A logic issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An attacker may be…
CVE-2026-20681 2026-02-11 LOW 3.3 A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access…
CVE-2026-20680 2026-02-11 MEDIUM 6.5 The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS…
CVE-2026-20678 2026-02-11 MEDIUM 5.5 An authorization issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, iOS 18.7.5 and iPadOS 18.7.5. An app may be…
CVE-2026-20677 2026-02-11 CRITICAL 9.0 A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Tahoe 26.3, macOS Sonoma 14.8.4, iOS 18.7.5 and iPadOS 18.7.5, visionOS…
CVE-2026-20676 2026-02-11 MEDIUM 5.3 This issue was addressed through improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, visionOS 26.3. A website may…
CVE-2026-20674 2026-02-11 MEDIUM 4.6 A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device…
CVE-2026-20673 2026-02-11 MEDIUM 5.3 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3, macOS Sonoma 14.8.4. Turning…
CVE-2026-20667 2026-02-11 HIGH 8.8 A logic issue was addressed with improved checks. This issue is fixed in watchOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, macOS Sequoia 15.7.4, iOS 26.3 and iPadOS…
CVE-2026-20666 2026-02-11 MEDIUM 5.5 An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
« Anterior Página 304 de 4232 Siguiente »