Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59220 2025-09-18 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59216 2025-09-18 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59215 2025-09-18 HIGH 7.0 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-54860 2025-09-18 HIGH 7.7 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 in order to allow management operations on the device such as firmware upgrades and…
CVE-2025-54818 2025-09-18 HIGH 8.0 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality…
CVE-2025-54810 2025-09-18 HIGH 8.0 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a proprietary protocol on TCP port 1069 to perform management operations such as modifying system properties. The user management functionality…
CVE-2025-54497 2025-09-18 HIGH 8.1 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication.…
CVE-2025-53969 2025-09-18 HIGH 8.8 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer…
CVE-2025-52873 2025-09-18 HIGH 8.1 Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication.…
CVE-2025-10035 2025-09-18 CRITICAL 10.0 A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly…
CVE-2025-57295 2025-09-18 HIGH 8.0 H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user…
CVE-2025-57293 2025-09-18 HIGH 8.8 A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing…
CVE-2025-55068 2025-09-18 HIGH 8.2 Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this…
CVE-2025-54807 2025-09-18 CRITICAL 9.8 The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access…
CVE-2025-54754 2025-09-18 HIGH 8.0 An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to…
CVE-2025-53947 2025-09-18 HIGH 7.7 A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created…
CVE-2025-47698 2025-09-18 N/A 0.0 An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.
CVE-2025-30519 2025-09-18 CRITICAL 9.8 Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain…
CVE-2025-10689 2025-09-18 MEDIUM 6.3 A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection.…
CVE-2025-59424 2025-09-18 HIGH 7.3 LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system/audit page. The application fails…
CVE-2025-10688 2025-09-18 HIGH 7.3 A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/operation/paid.php. This manipulation of the argument insta_amt causes sql…
CVE-2025-47906 2025-09-18 MEDIUM 6.5 If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries…
CVE-2025-26503 2025-09-18 MEDIUM 6.7 A crafted system call argument can cause memory corruption.
CVE-2025-10650 2025-09-18 N/A 0.0 SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.
CVE-2025-10687 2025-09-18 HIGH 7.3 A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/add_teacher.php. The manipulation of the argument Username results in sql…
CVE-2025-10676 2025-09-18 MEDIUM 4.3 A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can…
CVE-2025-59678 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59677 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59676 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59675 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59674 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59673 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59672 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59671 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-59670 2025-09-19 N/A 0.0 Rejected reason: Not used
CVE-2025-55912 2025-09-18 HIGH 7.3 An issue in ClipBucket 5.5.0 and prior versions allows an unauthenticated attacker can exploit the plupload endpoint in photo_uploader.php to upload arbitrary files without any authentication, due to…
CVE-2025-57452 2025-09-18 MEDIUM 6.1 In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents.
CVE-2025-55911 2025-09-18 MEDIUM 6.5 An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter
CVE-2025-50255 2025-09-18 HIGH 7.8 Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.
CVE-2023-49565 2025-09-18 HIGH 8.4 The cbis_manager Podman container is vulnerable to remote command execution via the /api/plugins endpoint. Improper sanitization of the HTTP Headers X-FILENAME, X-PAGE, and X-FIELD allows for command injection.…
CVE-2023-49564 2025-09-18 HIGH 8.8 The CBIS/NCS Manager API is vulnerable to an authentication bypass. By sending a specially crafted HTTP header, an unauthenticated user can gain unauthorized access to API functions. This…
CVE-2024-13151 2025-09-18 CRITICAL 10.0 Authorization Bypass Through User-Controlled SQL Primary Key, CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Logo Software Diva…
CVE-2025-59410 2025-09-17 LOW 3.7 Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded…
CVE-2025-36146 2025-09-18 MEDIUM 4.3 IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system.
CVE-2025-36143 2025-09-18 MEDIUM 4.7 IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input.
CVE-2025-36139 2025-09-18 MEDIUM 5.5 IBM Lakehouse (watsonx.data 2.2) is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the…
CVE-2025-10675 2025-09-18 MEDIUM 4.3 A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of…
CVE-2025-10674 2025-09-18 MEDIUM 4.3 A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched…
CVE-2023-53447 2025-09-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably…
CVE-2025-10616 2025-09-17 MEDIUM 6.3 A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack…
« Anterior Página 443 de 3934 Siguiente »