Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-61969	2026-02-11	N/A	0.0	Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-52541	2026-02-11	HIGH	7.3	A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-48518	2026-02-11	N/A	0.0	Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
CVE-2025-48508	2026-02-11	MEDIUM	6.0	Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing…
CVE-2025-48503	2026-02-11	HIGH	7.8	A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-36324	2026-02-11	HIGH	8.8	Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.
CVE-2024-36320	2026-02-11	N/A	0.0	Integer Overflow within atihdwt6.sys can allow a local attacker to cause out of bound read/write potentially leading to loss of confidentiality, integrity and availability
CVE-2024-36316	2026-02-11	MEDIUM	5.5	The integer overflow vulnerability within AMD Graphics driver could allow an attacker to bypass size checks potentially resulting in a denial of service
CVE-2023-31324	2026-02-11	N/A	0.0	A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as…
CVE-2023-20548	2026-02-11	N/A	0.0	A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability.
CVE-2023-20514	2026-02-11	N/A	0.0	Improper handling of parameters in the AMD Secure Processor (ASP) could allow a privileged attacker to pass an arbitrary memory value to functions in the trusted execution environment…
CVE-2019-25317	2026-02-11	MEDIUM	6.4	Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field…
CVE-2019-25316	2026-02-11	MEDIUM	6.4	GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by…
CVE-2019-25315	2026-02-11	MEDIUM	6.4	WordPress Server Log Viewer 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unfiltered log file paths. Attackers can add log files…
CVE-2019-25314	2026-02-11	MEDIUM	6.4	Duplicate-Post WordPress Plugin 3.2.3 contains a persistent cross-site scripting vulnerability in plugin settings parameters. Attackers can inject malicious scripts into title prefix, suffix, menu order, and blacklist fields…
CVE-2019-25312	2026-02-11	MEDIUM	6.4	InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that…
CVE-2019-25311	2026-02-11	MEDIUM	6.4	thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads…
CVE-2019-25310	2026-02-11	HIGH	7.8	ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the…
CVE-2019-25309	2026-02-11	HIGH	7.8	Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the…
CVE-2019-25308	2026-02-11	HIGH	7.8	Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem…
CVE-2019-25307	2026-02-11	HIGH	7.8	WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary…
CVE-2019-25306	2026-02-11	HIGH	7.8	BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary…
CVE-2018-25157	2026-02-11	MEDIUM	6.4	Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with…
CVE-2026-2337	2026-02-11	N/A	0.0	A vulnerability in Plunet Plunet BusinessManager allows session hijacking, data theft, unauthorized actions on behalf of the user.This issue affects Plunet BusinessManager: 10.15.1.
CVE-2026-1227	2026-02-11	N/A	0.0	CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized disclosure of local files, interaction within the EBO system, or denial of service conditions…
CVE-2026-1226	2026-02-11	N/A	0.0	CWE‑94: Improper Control of Generation of Code vulnerability exists that could cause execution of untrusted or unintended code within the application when maliciously crafted design content is processed…
CVE-2026-0910	2026-02-11	HIGH	8.8	The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data'…
CVE-2025-8668	2026-02-11	CRITICAL	9.4	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co. Turboard…
CVE-2026-22894	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read…
CVE-2025-8025	2026-02-11	CRITICAL	9.8	Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from…
CVE-2025-68406	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-66278	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read…
CVE-2025-66277	2026-02-11	N/A	0.0	A link following vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to traverse the file system to…
CVE-2025-66274	2026-02-11	N/A	0.0	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the…
CVE-2025-62856	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read…
CVE-2025-62855	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to read…
CVE-2025-62854	2026-02-11	N/A	0.0	An uncontrolled resource consumption vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to…
CVE-2025-62853	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to read…
CVE-2025-59386	2026-02-11	N/A	0.0	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the…
CVE-2025-58472	2026-02-11	N/A	0.0	A NULL pointer dereference vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit the vulnerability to launch…
CVE-2025-58471	2026-02-11	N/A	0.0	An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit…
CVE-2025-58470	2026-02-11	N/A	0.0	A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-58467	2026-02-11	N/A	0.0	A relative path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read…
CVE-2025-58466	2026-02-11	N/A	0.0	A use of uninitialized variable vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit…
CVE-2025-57713	2026-02-11	N/A	0.0	A weak authentication vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to gain sensitive information. We have already fixed…
CVE-2025-57711	2026-02-11	N/A	0.0	An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit…
CVE-2025-57710	2026-02-11	N/A	0.0	An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains an administrator account, they can then exploit…
CVE-2025-57709	2026-02-11	N/A	0.0	A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory…
CVE-2025-57708	2026-02-11	N/A	0.0	An allocation of resources without limits or throttling vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit…
CVE-2025-57707	2026-02-11	N/A	0.0	An improper neutralization of directives in statically saved code ('Static Code Injection') vulnerability has been reported to affect File Station 5. If a remote attacker gains a user…

« Anterior Página 314 de 4236 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte