Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57348 2025-09-24 N/A 0.0 The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype…
CVE-2025-57347 2025-09-24 N/A 0.0 A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations.…
CVE-2025-57330 2025-09-24 N/A 0.0 The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject…
CVE-2025-55322 2025-09-24 HIGH 7.3 Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
CVE-2025-55178 2025-09-24 MEDIUM 5.3 Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
CVE-2025-48459 2025-09-24 MEDIUM 5.3 Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade to version 2.0.5, which fixes the…
CVE-2025-48392 2025-09-24 HIGH 7.5 A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade to version 2.0.5, which fixes…
CVE-2025-59524 2025-09-24 N/A 0.0 Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does…
CVE-2025-59343 2025-09-24 N/A 0.0 tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific…
CVE-2025-57354 2025-09-24 N/A 0.0 A vulnerability exists in the 'counterpart' library for Node.js and the browser due to insufficient sanitization of user-controlled input in translation key processing. The affected versions prior to…
CVE-2025-57353 2025-09-24 N/A 0.0 The Runtime components of messageformat package for Node.js prior to version 3.0.1 contain a prototype pollution vulnerability. Due to insufficient validation of nested message keys during the processing…
CVE-2025-57352 2025-09-24 N/A 0.0 A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the…
CVE-2025-56241 2025-09-24 N/A 0.0 Aztech DSL5005EN firmware 1.00.AZ_2013-05-10 and possibly other versions allows unauthenticated attackers to change the administrator password via a crafted POST request to sysAccess.asp. This allows full administrative control…
CVE-2025-52907 2025-09-24 N/A 0.0 Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVE-2025-56816 2025-09-24 HIGH 8.8 Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses…
CVE-2025-56815 2025-09-24 HIGH 7.1 Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by…
CVE-2025-52906 2025-09-24 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVE-2025-48869 2025-09-24 HIGH 7.5 Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file…
CVE-2025-48867 2025-09-24 MEDIUM 4.8 Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users…
CVE-2025-20365 2025-09-24 MEDIUM 4.3 A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an…
CVE-2025-20364 2025-09-24 MEDIUM 4.3 A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames…
CVE-2025-20338 2025-09-24 MEDIUM 6.0 A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying…
CVE-2025-20327 2025-09-24 HIGH 7.7 A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on…
CVE-2025-20316 2025-09-24 MEDIUM 5.3 A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker…
CVE-2025-20315 2025-09-24 HIGH 8.6 A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing…
CVE-2025-20314 2025-09-24 MEDIUM 6.7 A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to…
CVE-2025-20313 2025-09-24 MEDIUM 6.7 Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to…
CVE-2025-20312 2025-09-24 HIGH 7.7 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS)…
CVE-2025-20311 2025-09-24 HIGH 7.4 A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an…
CVE-2025-20293 2025-09-24 MEDIUM 5.3 A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker…
CVE-2025-20240 2025-09-24 MEDIUM 6.1 A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected…
CVE-2025-20160 2025-09-24 HIGH 8.1 A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data…
CVE-2025-20149 2025-09-24 MEDIUM 6.5 A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly,…
CVE-2025-10890 2025-09-24 CRITICAL 9.1 Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
CVE-2025-20339 2025-09-24 MEDIUM 5.8 A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL.…
CVE-2025-20334 2025-09-24 HIGH 8.8 A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the…
CVE-2025-10909 2025-09-24 LOW 2.4 A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File…
CVE-2025-10892 2025-09-24 HIGH 8.8 Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10891 2025-09-24 HIGH 8.8 Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-10502 2025-09-24 HIGH 8.8 Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High)
CVE-2025-10501 2025-09-24 HIGH 8.8 Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-10500 2025-09-24 HIGH 8.8 Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-47329 2025-09-24 HIGH 7.8 Memory corruption while handling invalid inputs in application info setup.
CVE-2025-47328 2025-09-24 HIGH 7.5 Transient DOS while processing power control requests with invalid antenna or stream values.
CVE-2025-47327 2025-09-24 HIGH 7.8 Memory corruption while encoding the image data.
CVE-2025-47326 2025-09-24 HIGH 7.5 Transient DOS while handling command data during power control processing.
CVE-2025-47318 2025-09-24 HIGH 7.5 Transient DOS while parsing the EPTM test control message to get the test pattern.
CVE-2025-47317 2025-09-24 HIGH 7.8 Memory corruption due to global buffer overflow when a test command uses an invalid payload type.
CVE-2025-47316 2025-09-24 HIGH 7.8 Memory corruption due to double free when multiple threads race to set the timestamp store.
CVE-2025-47315 2025-09-24 HIGH 7.8 Memory corruption while handling repeated memory unmap requests from guest VM.
« Anterior Página 427 de 3934 Siguiente »