Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-21069 2025-10-10 MEDIUM 4.0 Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
CVE-2025-21068 2025-10-10 MEDIUM 4.0 Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
CVE-2025-21067 2025-10-10 MEDIUM 4.0 Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
CVE-2025-21066 2025-10-10 MEDIUM 4.0 Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
CVE-2025-21065 2025-10-10 MEDIUM 6.6 Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.
CVE-2025-21064 2025-10-10 HIGH 8.8 Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
CVE-2025-21063 2025-10-10 MEDIUM 4.6 Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the…
CVE-2025-21062 2025-10-10 HIGH 7.8 Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for…
CVE-2025-21061 2025-10-10 HIGH 7.1 Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
CVE-2025-21060 2025-10-10 MEDIUM 5.5 Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this…
CVE-2025-21059 2025-10-10 MEDIUM 6.2 Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.
CVE-2025-21058 2025-10-10 HIGH 7.3 Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.
CVE-2025-21057 2025-10-10 MEDIUM 4.0 Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.
CVE-2025-21055 2025-10-10 MEDIUM 4.3 Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-21054 2025-10-10 MEDIUM 4.0 Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.
CVE-2025-21053 2025-10-10 MEDIUM 4.0 Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
CVE-2025-21052 2025-10-10 MEDIUM 4.0 Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
CVE-2025-21051 2025-10-10 MEDIUM 4.0 Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.
CVE-2025-21050 2025-10-10 HIGH 7.1 Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.
CVE-2025-21049 2025-10-10 MEDIUM 5.5 Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
CVE-2025-21048 2025-10-10 MEDIUM 6.7 Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
CVE-2025-21047 2025-10-10 MEDIUM 5.2 Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.
CVE-2025-21046 2025-10-10 LOW 2.4 Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.
CVE-2025-21045 2025-10-10 MEDIUM 4.0 Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.
CVE-2025-21044 2025-10-10 MEDIUM 5.7 Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-61871 2025-10-10 MEDIUM 6.7 NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the…
CVE-2025-11570 2025-10-10 MEDIUM 4.6 Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data. **Note:** This is exploitable only if the code is…
CVE-2025-11569 2025-10-10 HIGH 7.5 All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker…
CVE-2025-11450 2025-10-10 N/A 0.0 ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers…
CVE-2025-11449 2025-10-10 N/A 0.0 ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers…
CVE-2025-11525 2025-10-09 HIGH 8.8 A vulnerability has been found in Tenda AC7 15.03.06.44. Impacted is an unknown function of the file /goform/SetUpnpCfg. Such manipulation of the argument upnpEn leads to stack-based buffer…
CVE-2025-11523 2025-10-09 MEDIUM 6.3 A vulnerability was detected in Tenda AC7 15.03.06.44. This vulnerability affects unknown code of the file /goform/AdvSetLanip. The manipulation of the argument lanIp results in command injection. It…
CVE-2025-11524 2025-10-09 HIGH 8.8 A flaw has been found in Tenda AC7 15.03.06.44. This issue affects some unknown processing of the file /goform/SetDDNSCfg. This manipulation of the argument ddnsEn causes stack-based buffer…
CVE-2025-11526 2025-10-09 HIGH 8.8 A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing manipulation of the argument wifi_chkHz results in stack-based…
CVE-2025-11528 2025-10-09 HIGH 8.8 A vulnerability was identified in Tenda AC7 15.03.06.44. This affects an unknown function of the file /goform/saveAutoQos. The manipulation of the argument enable leads to stack-based buffer overflow.…
CVE-2025-11527 2025-10-09 HIGH 8.8 A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing manipulation of the argument Password can lead to…
CVE-2025-11530 2025-10-09 MEDIUM 6.3 A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql…
CVE-2025-61926 2025-10-09 N/A 0.0 Allstar is a GitHub App to set and enforce security policies. In versions prior to 4.5, a vulnerability in Allstar’s Reviewbot component caused inbound webhook requests to be…
CVE-2016-15047 2025-10-09 N/A 0.0 AVTECH devices that include the CloudSetup.cgi management endpoint are vulnerable to authenticated OS command injection. The `exefile` parameter in CloudSetup.cgi is passed to the underlying system command execution…
CVE-2025-62240 2025-10-09 N/A 0.0 Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 update 35 through update…
CVE-2025-61783 2025-10-09 N/A 0.0 Python Social Auth is a social authentication/registration mechanism. In versions prior to 5.6.0, upon authentication, the user could be associated by e-mail even if the `associate_by_email` pipeline was…
CVE-2025-61601 2025-10-09 HIGH 7.5 BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server…
CVE-2025-59286 2025-10-09 MEDIUM 6.5 Copilot Spoofing Vulnerability
CVE-2025-59272 2025-10-09 MEDIUM 6.5 Copilot Spoofing Vulnerability
CVE-2025-59271 2025-10-09 HIGH 8.7 Redis Enterprise Elevation of Privilege Vulnerability
CVE-2025-59252 2025-10-09 MEDIUM 6.5 M365 Copilot Spoofing Vulnerability
CVE-2025-59247 2025-10-09 HIGH 8.8 Azure PlayFab Elevation of Privilege Vulnerability
CVE-2025-59246 2025-10-09 CRITICAL 9.8 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-59218 2025-10-09 CRITICAL 9.6 Azure Entra ID Elevation of Privilege Vulnerability
CVE-2025-55321 2025-10-09 HIGH 8.7 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.
« Anterior Página 385 de 3933 Siguiente »