Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55315 2025-10-14 CRITICAL 9.9 Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-55248 2025-10-14 MEDIUM 4.8 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55247 2025-10-14 HIGH 7.3 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-55240 2025-10-14 HIGH 7.3 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-54603 2025-10-14 MEDIUM 6.5 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.
CVE-2025-53782 2025-10-14 HIGH 8.4 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-53768 2025-10-14 HIGH 7.8 Use after free in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-53717 2025-10-14 HIGH 7.0 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-53150 2025-10-14 HIGH 7.8 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-53139 2025-10-14 HIGH 7.7 Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-50175 2025-10-14 HIGH 7.8 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-50174 2025-10-14 HIGH 7.0 Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-50152 2025-10-14 HIGH 7.8 Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-49708 2025-10-14 CRITICAL 9.9 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2025-48813 2025-10-14 MEDIUM 6.3 Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVE-2025-48004 2025-10-14 HIGH 7.4 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47989 2025-10-14 HIGH 7.0 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-47979 2025-10-14 MEDIUM 5.5 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-37146 2025-10-14 HIGH 7.2 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow…
CVE-2025-37143 2025-10-14 MEDIUM 4.9 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor…
CVE-2025-36730 2025-10-14 N/A 0.0 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to…
CVE-2025-25004 2025-10-14 HIGH 7.3 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-24052 2025-10-14 HIGH 7.8 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal…
CVE-2024-6211 2025-10-13 N/A 0.0 Rejected reason: loading template...
CVE-2025-62242 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through…
CVE-2025-62241 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment…
CVE-2025-58084 2025-10-13 LOW 3.5 Mattermost Desktop App versions
CVE-2025-62243 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-62170 2025-10-13 HIGH 7.5 rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can…
CVE-2025-61775 2025-10-13 N/A 0.0 Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated…
CVE-2025-7707 2025-10-13 HIGH 7.1 The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local…
CVE-2025-62244 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-11695 2025-10-13 HIGH 8.0 When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
CVE-2025-43991 2025-10-13 MEDIUM 6.3 SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged…
CVE-2025-6919 2025-10-13 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue…
CVE-2025-39965 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891…
CVE-2025-39964 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus…
CVE-2025-37729 2025-10-13 CRITICAL 9.1 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and…
CVE-2025-9902 2025-10-13 HIGH 7.5 Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version…
CVE-2025-9337 2025-10-13 N/A 0.0 A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash…
CVE-2025-9336 2025-10-13 N/A 0.0 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other…
CVE-2025-11184 2025-10-13 N/A 0.0 Cross-site scripting vulnerability in QGIS QWC2 Registration GUI
CVE-2025-11183 2025-10-13 N/A 0.0 Cross-Site Scripting vulnerability in attribute table in QGIS QWC2
CVE-2025-10720 2025-10-13 N/A 0.0 The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence…
CVE-2025-9968 2025-10-13 N/A 0.0 A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege…
CVE-2025-9976 2025-10-13 CRITICAL 9.0 An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code…
CVE-2025-11675 2025-10-13 HIGH 7.2 Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
CVE-2025-11674 2025-10-13 MEDIUM 6.8 SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
CVE-2025-11673 2025-10-13 HIGH 7.2 SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
CVE-2025-11672 2025-10-13 MEDIUM 5.3 Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
« Anterior Página 379 de 3933 Siguiente »