Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57780 2025-10-15 HIGH 8.8 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker…
CVE-2025-53860 2025-10-15 MEDIUM 4.1 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions…
CVE-2025-2529 2025-10-15 LOW 2.9 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
CVE-2025-56746 2025-10-15 LOW 2.2 Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining…
CVE-2025-9548 2025-10-15 MEDIUM 5.5 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
CVE-2025-8486 2025-10-15 HIGH 7.8 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
CVE-2025-6026 2025-10-15 LOW 3.1 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application…
CVE-2025-55083 2025-10-15 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVE-2025-10699 2025-10-15 MEDIUM 5.3 A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
CVE-2025-10581 2025-10-15 HIGH 7.8 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with…
CVE-2024-13991 2025-10-15 N/A 0.0 Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and…
CVE-2023-7311 2025-10-15 N/A 0.0 BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing…
CVE-2023-7305 2025-10-15 N/A 0.0 SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted…
CVE-2023-7304 2025-10-15 N/A 0.0 Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted…
CVE-2025-8459 2025-10-14 HIGH 7.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra…
CVE-2025-8430 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated…
CVE-2025-8429 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with…
CVE-2025-61974 2025-10-15 HIGH 7.5 When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End…
CVE-2025-61960 2025-10-15 HIGH 7.5 When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions…
CVE-2025-61958 2025-10-15 HIGH 8.7 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a…
CVE-2025-61955 2025-10-15 HIGH 8.8 A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker…
CVE-2025-61951 2025-10-15 HIGH 7.5 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with…
CVE-2025-61938 2025-10-15 HIGH 7.5 When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either…
CVE-2025-60016 2025-10-15 HIGH 7.5 When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a…
CVE-2025-60015 2025-10-15 MEDIUM 5.7 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
CVE-2025-60013 2025-10-15 MEDIUM 5.7 When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize.  Note:…
CVE-2025-59781 2025-10-15 HIGH 7.5 When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions…
CVE-2025-59778 2025-10-15 HIGH 7.5 When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate.   Note: Software versions which have reached…
CVE-2025-59483 2025-10-15 MEDIUM 6.5 A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-59481 2025-10-15 HIGH 8.7 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute…
CVE-2025-59478 2025-10-15 HIGH 7.5 When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions…
CVE-2025-59269 2025-10-15 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the…
CVE-2025-59268 2025-10-15 MEDIUM 5.3 On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End…
CVE-2025-58474 2025-10-15 MEDIUM 5.3 When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense,…
CVE-2025-58424 2025-10-15 LOW 3.7 On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End…
CVE-2025-58153 2025-10-15 MEDIUM 5.9 Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions…
CVE-2025-58120 2025-10-15 HIGH 7.5 When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
CVE-2025-58096 2025-10-15 HIGH 7.5 When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which…
CVE-2025-55670 2025-10-15 MEDIUM 6.5 On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software…
CVE-2025-55669 2025-10-15 HIGH 7.5 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel…
CVE-2025-55036 2025-10-15 HIGH 7.5 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption.  Note: Software versions…
CVE-2025-54893 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated…
CVE-2025-54892 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with…
CVE-2025-54858 2025-10-15 HIGH 7.5 When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is…
CVE-2025-54854 2025-10-15 HIGH 7.5 When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions…
CVE-2025-54891 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with…
CVE-2025-54889 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with…
CVE-2025-54805 2025-10-15 MEDIUM 6.5 When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM)…
CVE-2025-54755 2025-10-15 MEDIUM 4.9 A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have…
CVE-2025-54479 2025-10-15 HIGH 7.5 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
« Anterior Página 369 de 3934 Siguiente »