Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47314 2025-09-24 HIGH 7.8 Memory corruption while processing data sent by FE driver.
CVE-2025-27077 2025-09-24 HIGH 7.8 Memory corruption while processing message in guest VM.
CVE-2025-27037 2025-09-24 HIGH 7.8 Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers.
CVE-2025-27036 2025-09-24 MEDIUM 6.1 Information disclosure when Video engine escape input data is less than expected minimum size.
CVE-2025-27034 2025-09-24 CRITICAL 9.8 Memory corruption while selecting the PLMN from SOR failed list.
CVE-2025-27033 2025-09-24 MEDIUM 6.1 Information disclosure while running video usecase having rogue firmware.
CVE-2025-27032 2025-09-24 HIGH 7.8 memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
CVE-2025-27030 2025-09-24 MEDIUM 6.1 information disclosure while invoking calibration data from user space to update firmware size.
CVE-2025-21488 2025-09-24 HIGH 8.2 Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
CVE-2025-21487 2025-09-24 HIGH 8.2 Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
CVE-2025-21484 2025-09-24 HIGH 8.2 Information disclosure when UE receives the RTP packet from the network, while decoding and reassembling the fragments from RTP packet.
CVE-2025-21483 2025-09-24 CRITICAL 9.8 Memory corruption when the UE receives an RTP packet from the network, during the reassembly of NALUs.
CVE-2025-21482 2025-09-24 HIGH 7.1 Cryptographic issue while performing RSA PKCS padding decoding.
CVE-2025-21481 2025-09-24 HIGH 7.8 Memory corruption while performing private key encryption in trusted application.
CVE-2025-21476 2025-09-24 HIGH 7.8 Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.
CVE-2025-10360 2025-09-24 N/A 0.0 In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet…
CVE-2025-8869 2025-09-24 N/A 0.0 When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706. Note that upgrading pip…
CVE-2025-48868 2025-09-24 HIGH 7.2 Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use…
CVE-2025-23354 2025-09-24 HIGH 7.8 NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this…
CVE-2025-23353 2025-09-24 HIGH 7.8 NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of…
CVE-2025-23349 2025-09-24 HIGH 7.8 NVIDIA Megatron-LM for all platforms contains a vulnerability in the tasks/orqa/unsupervised/nq.py component, where an attacker may cause a code injection. A successful exploit of this vulnerability may lead…
CVE-2025-23348 2025-09-24 HIGH 7.8 NVIDIA Megatron-LM for all platforms contains a vulnerability in the pretrain_gpt script, where malicious data created by an attacker may cause a code injection issue. A successful exploit…
CVE-2025-23346 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit contains a vulnerability in cuobjdump, where an unprivileged user can cause a NULL pointer dereference. A successful exploit of this vulnerability may lead to a…
CVE-2025-23340 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-23339 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in cuobjdump where an attacker may cause a stack-based buffer overflow by getting the user to run cuobjdump on…
CVE-2025-23338 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where a user may cause an out-of-bounds write by running nvdisasm on a malicious ELF file. A…
CVE-2025-23308 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm where an attacker may cause a heap-based buffer overflow by getting the user to run nvdisasm on…
CVE-2025-23275 2025-09-24 MEDIUM 4.2 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a GPU out-of-bounds write by providing certain image dimensions. A…
CVE-2025-23274 2025-09-24 MEDIUM 4.5 NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer…
CVE-2025-23273 2025-09-24 LOW 2.5 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted…
CVE-2025-23272 2025-09-24 MEDIUM 5.7 NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability…
CVE-2025-23271 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-23255 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-23248 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-9353 2025-09-24 MEDIUM 6.4 The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization…
CVE-2025-60020 2025-09-24 MEDIUM 6.4 nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.
CVE-2025-10906 2025-09-24 HIGH 8.4 A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface.…
CVE-2025-9054 2025-09-24 CRITICAL 9.8 The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing…
CVE-2025-39890 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps is not freed in the failure case,…
CVE-2025-39889 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:…
CVE-2024-58241 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about…
CVE-2025-58457 2025-09-24 MEDIUM 4.3 Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users…
CVE-2025-9031 2025-09-24 MEDIUM 4.3 Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
CVE-2025-41716 2025-09-24 MEDIUM 5.3 The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
CVE-2025-41715 2025-09-24 CRITICAL 9.8 The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2025-58319 2025-09-24 HIGH 7.8 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context…
CVE-2025-58317 2025-09-24 HIGH 7.8 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context…
CVE-2025-43819 2025-09-24 N/A 0.0 A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12…
CVE-2025-43779 2025-09-24 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote…
CVE-2025-58473 2025-09-23 MEDIUM 5.9 An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform…
« Anterior Página 428 de 3934 Siguiente »