Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-51535 2025-08-04 MEDIUM 6.5 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
CVE-2025-50422 2025-08-04 MEDIUM 6.5 An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program…
CVE-2025-50420 2025-08-04 HIGH 7.5 An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a…
CVE-2025-44963 2025-08-04 CRITICAL 9.0 RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value…
CVE-2025-44962 2025-08-04 MEDIUM 5.0 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
CVE-2025-44961 2025-08-04 CRITICAL 9.9 In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by…
CVE-2025-44960 2025-08-04 HIGH 8.5 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVE-2025-44958 2025-08-04 MEDIUM 5.3 RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
CVE-2025-44957 2025-08-04 HIGH 8.5 Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVE-2025-44954 2025-08-04 CRITICAL 9.0 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVE-2025-8517 2025-08-04 MEDIUM 6.3 A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an…
CVE-2025-8516 2025-08-04 MEDIUM 5.3 A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is…
CVE-2025-5988 2025-08-04 MEDIUM 5.3 A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from…
CVE-2025-44955 2025-08-04 HIGH 8.8 RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
CVE-2025-38739 2025-08-04 HIGH 7.2 Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit…
CVE-2025-54980 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54979 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54978 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54977 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54976 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54975 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54974 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54797 2025-08-05 N/A 0.0 Rejected reason: This CVE is a duplicate of CVE-2025-52464.
CVE-2025-20701 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This…
CVE-2025-20697 2025-08-04 MEDIUM 6.7 In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead…
CVE-2025-51536 2025-08-04 CRITICAL 9.8 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
CVE-2025-44643 2025-08-04 HIGH 8.6 Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting…
CVE-2025-36594 2025-08-04 CRITICAL 9.8 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release…
CVE-2025-30099 2025-08-04 HIGH 7.8 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release…
CVE-2025-30098 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release…
CVE-2025-30097 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release…
CVE-2025-30096 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release…
CVE-2025-26065 2025-08-04 HIGH 7.3 A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or…
CVE-2025-8109 2025-08-04 N/A 0.0 Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read…
CVE-2025-36607 2025-08-04 HIGH 7.8 Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could…
CVE-2025-36606 2025-08-04 HIGH 7.8 Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could…
CVE-2025-36605 2025-08-04 MEDIUM 6.1 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in…
CVE-2025-36604 2025-08-04 HIGH 7.3 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command…
CVE-2025-8515 2025-08-04 LOW 3.1 A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the…
CVE-2025-6205 2025-08-04 CRITICAL 9.1 A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged…
CVE-2025-6204 2025-08-04 HIGH 8.0 An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could…
CVE-2025-0932 2025-08-04 N/A 0.0 Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm…
CVE-2025-8341 2025-08-04 MEDIUM 5.0 Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data…
CVE-2025-41691 2025-08-04 HIGH 7.5 An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially…
CVE-2025-41659 2025-08-04 HIGH 8.3 A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write…
CVE-2025-41658 2025-08-04 MEDIUM 5.5 CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
CVE-2025-20702 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to…
CVE-2025-20700 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol…
CVE-2025-48499 2025-08-04 MEDIUM 5.3 Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer…
CVE-2025-54962 2025-08-04 MEDIUM 6.4 /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or…
« Anterior Página 33 de 3393 Siguiente »