Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-21349 2026-02-10 HIGH 7.8 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation…
CVE-2026-21348 2026-02-10 MEDIUM 5.5 Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-1763 2026-02-10 MEDIUM 4.6 Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
CVE-2026-1762 2026-02-10 LOW 2.9 A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
CVE-2025-54514 2026-02-10 N/A 0.0 Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
CVE-2025-52536 2026-02-10 N/A 0.0 Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
CVE-2025-52534 2026-02-10 N/A 0.0 Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
CVE-2025-48517 2026-02-10 N/A 0.0 Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range…
CVE-2025-48515 2026-02-10 N/A 0.0 Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code…
CVE-2025-48514 2026-02-10 N/A 0.0 Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of…
CVE-2025-48509 2026-02-10 N/A 0.0 Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of…
CVE-2025-29952 2026-02-10 N/A 0.0 Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory…
CVE-2025-29951 2026-02-10 N/A 0.0 A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
CVE-2025-29950 2026-02-10 N/A 0.0 Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
CVE-2025-29949 2026-02-10 N/A 0.0 Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting…
CVE-2025-29948 2026-02-10 N/A 0.0 Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory…
CVE-2025-29946 2026-02-10 N/A 0.0 Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest…
CVE-2025-29939 2026-02-10 N/A 0.0 Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially…
CVE-2025-0031 2026-02-10 N/A 0.0 A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the…
CVE-2025-0029 2026-02-10 N/A 0.0 Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest…
CVE-2025-0012 2026-02-10 N/A 0.0 Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory…
CVE-2024-36355 2026-02-10 N/A 0.0 Improper input validation in the SMM handler could allow an attacker with Ring0 access to write to SMRAM and modify execution flow for S3 (sleep) wake up, potentially…
CVE-2024-36311 2026-02-10 N/A 0.0 A Time-of-check time-of-use (TOCTOU) race condition in the SMM communications buffer could allow a privileged attacker to bypass input validation and perform an out of bounds read or…
CVE-2024-36310 2026-02-10 N/A 0.0 Improper input validation in the SMM communications buffer could allow a privileged attacker to perform an out of bounds read or write to SMRAM potentially resulting in loss…
CVE-2024-21953 2026-02-10 N/A 0.0 Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity.
CVE-2021-26410 2026-02-10 N/A 0.0 Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer…
CVE-2021-26381 2026-02-10 N/A 0.0 Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting…
CVE-2026-2302 2026-02-10 MEDIUM 6.5 Under specific conditions when processing a maliciously crafted value of type Hash r, Mongoid::Criteria.from_hash may allow for executing arbitrary Ruby code.
CVE-2026-26009 2026-02-10 CRITICAL 9.9 Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating…
CVE-2026-25613 2026-02-10 MEDIUM 6.5 An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index.
CVE-2026-25610 2026-02-10 MEDIUM 6.5 An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints.
CVE-2026-25609 2026-02-10 MEDIUM 5.4 Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.
CVE-2026-25506 2026-02-10 HIGH 7.7 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged (the MUNGE authentication…
CVE-2026-21355 2026-02-10 MEDIUM 5.5 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-21354 2026-02-10 MEDIUM 5.5 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability…
CVE-2026-21353 2026-02-10 HIGH 7.8 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21352 2026-02-10 HIGH 7.8 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-1850 2026-02-10 MEDIUM 6.5 Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash.
CVE-2026-1849 2026-02-10 MEDIUM 6.5 MongoDB Server may experience an out-of-memory failure while evaluating expressions that produce deeply nested documents. The issue arises in recursive functions because the server does not periodically check…
CVE-2026-1848 2026-02-10 HIGH 7.5 Connections received from the proxy port may not count towards total accepted connections, resulting in server crashes if the total number of connections exceeds available resources. This only…
CVE-2026-1847 2026-02-10 MEDIUM 6.5 Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication…
CVE-2026-26003 2026-02-10 N/A 0.0 FastGPT is an AI Agent building platform. From 4.14.0 to 4.14.5, attackers can directly access the plugin system through FastGPT/api/plugin/xxx without authentication, thereby threatening the plugin system. This…
CVE-2026-25993 2026-02-10 N/A 0.0 EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database—into SQL…
CVE-2026-25992 2026-02-10 HIGH 7.5 SiYuan is a personal knowledge management system. Prior to 3.5.5, the /api/file/getFile endpoint uses case-sensitive string equality checks to block access to sensitive files. On case-insensitive file systems…
CVE-2026-25956 2026-02-10 MEDIUM 6.1 Frappe is a full-stack web application framework. Prior to 14.99.14 and 15.94.0, an attacker could craft a malicious signup URL for a frappe site which could lead to…
CVE-2026-25947 2026-02-10 HIGH 8.8 Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers,…
CVE-2026-25805 2026-02-10 MEDIUM 6.4 Zed is a multiplayer code editor. Prior to 0.219.4, Zed does not show with which parameters a tool is being invoked, when asking for allowance. Further it does…
CVE-2026-25612 2026-02-10 MEDIUM 6.5 The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with…
CVE-2026-25611 2026-02-10 HIGH 7.5 A series of specifically crafted, unauthenticated messages can exhaust available memory and crash a MongoDB server.
CVE-2026-24045 2026-02-10 HIGH 7.3 Docmost is open-source collaborative wiki and documentation software. From g and before 0.25.0, the public share page functionality in Docmost does not properly HTML-escape page titles before inserting…
« Anterior Página 317 de 4236 Siguiente »