Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2023-53270	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size,…
CVE-2023-53269	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for…
CVE-2023-53268	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put() to the correct location of_node_put() should have been done directly after mqs_priv->regmap = syscon_node_to_regmap(gpr_np);…
CVE-2023-53267	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() The kfree() should be called when memory fails to be…
CVE-2023-53266	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version…
CVE-2023-53265	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size
CVE-2023-53264	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused…
CVE-2023-53263	2025-09-16	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after calling drm_connector_init on…
CVE-2025-9808	2025-09-16	MEDIUM	5.3	The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible…
CVE-2025-59453	2025-09-16	LOW	3.2	Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page,…
CVE-2025-59437	2025-09-16	LOW	3.2	The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this…
CVE-2025-59436	2025-09-16	LOW	3.2	The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this…
CVE-2025-43357	2025-09-15	N/A	0.0	This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able…
CVE-2025-43353	2025-09-15	N/A	0.0	The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may…
CVE-2025-6999	2025-09-15	N/A	0.0	An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site…
CVE-2025-6947	2025-09-15	N/A	0.0	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires…
CVE-2025-43802	2025-09-15	N/A	0.0	Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through…
CVE-2025-43797	2025-09-15	N/A	0.0	In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the…
CVE-2025-59145	2025-09-15	N/A	0.0	color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was…
CVE-2025-59056	2025-09-15	N/A	0.0	FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function…
CVE-2025-55211	2025-09-15	N/A	0.0	FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously…
CVE-2025-43799	2025-09-15	N/A	0.0	Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and…
CVE-2025-43798	2025-09-15	N/A	0.0	Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times…
CVE-2025-10477	2025-09-15	MEDIUM	6.3	A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads…
CVE-2025-59332	2025-09-15	HIGH	8.6	3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8, the parser tag and the {{#3d}} parser function allow users to provide custom attributes that are then…
CVE-2025-59331	2025-09-15	N/A	0.0	is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack.…
CVE-2025-59330	2025-09-15	N/A	0.0	error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published,…
CVE-2025-59162	2025-09-15	N/A	0.0	color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was…
CVE-2025-59154	2025-09-15	MEDIUM	5.9	Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user…
CVE-2025-59144	2025-09-15	N/A	0.0	debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally…
CVE-2025-59143	2025-09-15	N/A	0.0	color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1…
CVE-2025-59142	2025-09-15	N/A	0.0	color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version…
CVE-2025-59141	2025-09-15	N/A	0.0	simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to…
CVE-2025-59140	2025-09-15	N/A	0.0	backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally…
CVE-2025-56448	2025-09-15	MEDIUM	6.8	The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does…
CVE-2025-45091	2025-09-15	MEDIUM	5.4	Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include…
CVE-2025-10475	2025-09-15	MEDIUM	5.5	A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial…
CVE-2025-59399	2025-09-15	LOW	3.1	libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
CVE-2025-59398	2025-09-15	LOW	3.1	The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString object is created with…
CVE-2025-43800	2025-09-15	N/A	0.0	Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers…
CVE-2025-10472	2025-09-15	MEDIUM	5.3	A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The…
CVE-2025-52344	2025-09-15	MEDIUM	6.1	Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name…
CVE-2025-43791	2025-09-15	N/A	0.0	Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update…
CVE-2025-59328	2025-09-15	MEDIUM	6.5	A vulnerability in Apache Fory allows a remote attacker to cause a Denial of Service (DoS). The issue stems from the insecure deserialization of untrusted data. An attacker…
CVE-2025-59155	2025-09-15	N/A	0.0	hackmd-mcp is a Model Context Protocol server for integrating HackMD's note-taking platform with AI assistants. From 1.4.0 to before 1.5.0, hackmd-mcp contains a server-side request forgery (SSRF) vulnerability…
CVE-2025-58748	2025-09-15	N/A	0.0	Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation (H2.java) does not verify that a provided…
CVE-2025-58177	2025-09-15	MEDIUM	5.4	n8n is an open source workflow automation platform. From 1.24.0 to before 1.107.0, there is a stored cross-site scripting (XSS) vulnerability in @n8n/n8n-nodes-langchain.chatTrigger. An authorized user can configure…
CVE-2025-58172	2025-09-15	N/A	0.0	drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting (XSS) vulnerability exists in the debug logging functionality. User controlled content…
CVE-2025-57176	2025-09-15	MEDIUM	4.3	The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series (8010TX and 1200FX tested) Firmware 7.4.0 through 10.7.3 allows unauthenticated file uploads to…
CVE-2025-57174	2025-09-15	CRITICAL	9.8	An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port…

« Anterior Página 462 de 3936 Siguiente »