Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9273 2025-09-02 MEDIUM 4.3 CData API Server MySQL Misconfiguration Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of CData API Server. Authentication is required to…
CVE-2025-8614 2025-09-02 HIGH 7.8 NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the…
CVE-2025-8613 2025-09-02 HIGH 7.2 Vacron Camera ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Vacron Camera devices. Authentication is required…
CVE-2025-8302 2025-09-02 HIGH 8.8 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK…
CVE-2025-8301 2025-09-02 HIGH 7.8 Realtek RTL8811AU rtwlanu.sys N6CSet_DOT11_CIPHER_DEFAULT_KEY Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek RTL8811AU drivers. An attacker…
CVE-2025-8300 2025-09-02 HIGH 8.8 Realtek rtl81xx SDK Wi-Fi Driver rtwlanu Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK…
CVE-2025-8299 2025-09-02 HIGH 8.8 Realtek rtl81xx SDK Wi-Fi Driver MgntActSet_TEREDO_SET_RS_PACKET Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Realtek rtl81xx SDK…
CVE-2025-8298 2025-09-02 LOW 3.8 Realtek RTL8811AU rtwlanu.sys N6CQueryInformationHandleCustomized11nOids Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of Realtek RTL8811AU drivers. An attacker must…
CVE-2025-7976 2025-09-02 HIGH 7.8 Anritsu ShockLine CHX File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine.…
CVE-2025-7975 2025-09-02 HIGH 7.8 Anritsu ShockLine CHX File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Anritsu ShockLine. User interaction…
CVE-2025-7974 2025-09-02 LOW 3.7 rocket.chat Incorrect Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of rocket.chat. Authentication is not required to exploit this vulnerability.…
CVE-2025-6685 2025-09-02 HIGH 8.8 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit…
CVE-2025-57612 2025-09-02 HIGH 7.5 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the name() method allows an attacker to cause a denial of service. The…
CVE-2025-57611 2025-09-02 MEDIUM 5.3 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Null pointer dereference vulnerability in the dump() method allows an attacker to cause a denial of service. The…
CVE-2025-55476 2025-09-02 MEDIUM 6.5 FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER…
CVE-2025-55474 2025-09-02 MEDIUM 6.1 Many Notes 0.10.1 is vulnerable to Cross Site Scripting (XSS), which allows malicious Markdown files to execute JavaScript when viewed.
CVE-2025-55473 2025-09-02 MEDIUM 6.1 Asian Arts Talents Foundation (AATF) Website v5.1.x and Docker version 2024.12.8.1 are vulnerable to Cross Site Scripting (XSS). The vulnerability exists in the /ip.php endpoint, which processes and…
CVE-2025-55472 2025-09-02 MEDIUM 6.5 SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns[0][data] parameter, which…
CVE-2025-55373 2025-09-02 MEDIUM 5.3 Incorrect access control in Beakon Application before v5.4.3 allows authenticated attackers with low-level privileges to escalate privileges and execute commands with Administrator rights.
CVE-2025-51966 2025-09-02 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability exists in the PDF preview functionality of uTools thru 7.1.1. When a user previews a specially crafted PDF file, embedded JavaScript code executes…
CVE-2025-50565 2025-09-02 MEDIUM 6.5 Doubo ERP 1.0 has an SQL injection vulnerability due to a lack of filtering of user input, which can be remotely initiated by an attacker.
CVE-2025-54599 2025-09-02 HIGH 7.5 The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email…
CVE-2025-50757 2025-09-02 MEDIUM 6.5 Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_adm function via the username parameter. This vulnerability allows attackers to execute arbitrary commands via…
CVE-2025-50755 2025-09-02 MEDIUM 6.5 Wavlink WN535K3 20191010 was found to contain a command injection vulnerability in the set_sys_cmd function via the command parameter. This vulnerability allows attackers to execute arbitrary commands via…
CVE-2025-46047 2025-09-02 MEDIUM 6.5 A User enumeration vulnerability in the /CredentialsServlet/ForgotPassword endpoint in Silverpeas 6.4.1 and 6.4.2 allows remote attackers to determine valid usernames via the Login parameter.
CVE-2024-51423 2025-09-02 MEDIUM 6.1 Cross Site Scripting vulnerability in Infor Global HR GHR v.11.23.03.00.21 and before allows a remote attacker to execute arbitrary code via the class parameter.
CVE-2024-48705 2025-09-02 MEDIUM 6.5 Wavlink AC1200 with firmware versions M32A3_V1410_230602 and M32A3_V1410_240222 are vulnerable to a post-authentication command injection while resetting the password. This vulnerability is specifically found within the "set_sys_adm" function…
CVE-2025-9829 2025-09-02 HIGH 7.3 A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber…
CVE-2025-9189 2025-09-02 HIGH 7.8 There is an out of bounds write vulnerability due to improper bounds checking resulting in a large destination address when parsing a DSB file with Digilent DASYLab. This…
CVE-2025-9188 2025-09-02 HIGH 7.8 There is a deserialization of untrusted data vulnerability in Digilent DASYLab. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to get a user…
CVE-2025-57778 2025-09-02 HIGH 7.8 There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid source address when parsing a DSB file with Digilent DASYLab. This…
CVE-2025-57777 2025-09-02 HIGH 7.8 There is an out of bounds write vulnerability due to improper bounds checking in displ2.dll when parsing a DSB file with Digilent DASYLab. This vulnerability may result in…
CVE-2025-57776 2025-09-02 HIGH 7.8 There is an out of bounds write vulnerability due to improper bounds checking resulting in an invalid address when parsing a DSB file with Digilent DASYLab. This vulnerability…
CVE-2025-57775 2025-09-02 HIGH 7.8 There is a heap-based Buffer Overflow vulnerability due to improper bounds checking when parsing a DSB file with Digilent DASYLab. This vulnerability may result in arbitrary code execution.…
CVE-2025-57774 2025-09-02 HIGH 7.8 There is an out of bounds write vulnerability due to improper bounds checking resulting in invalid data when parsing a DSB file with Digilent DASYLab. This vulnerability may…
CVE-2025-43726 2025-09-02 MEDIUM 6.7 Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local access…
CVE-2025-36162 2025-09-02 MEDIUM 4.3 IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) 8.1 before 8.1.2.2 could allow an authenticated user to obtain sensitive information about configuration on the system.
CVE-2025-55824 2025-09-02 N/A 0.0 ModStartCMS v9.5.0 has an arbitrary file write vulnerability, which allows attackers to write malicious files and execute malicious commands to obtain sensitive data on the server.
CVE-2025-32100 2025-09-02 N/A 0.0 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930,…
CVE-2025-32098 2025-09-02 N/A 0.0 An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during…
CVE-2025-9828 2025-09-02 LOW 3.7 A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The…
CVE-2025-9696 2025-09-02 N/A 0.0 The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this…
CVE-2025-57616 2025-09-02 N/A 0.0 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A use-after-free vulnerability in the write_interleaved method allows an attacker to cause a denial of service or memory…
CVE-2025-57615 2025-09-02 N/A 0.0 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) An integer overflow vulnerability in the Vector::new constructor function allows an attacker to cause a denial of service…
CVE-2025-57614 2025-09-02 N/A 0.0 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) Integer overflow and invalid input vulnerability in the cached method allows an attacker to cause a denial of…
CVE-2025-57613 2025-09-02 N/A 0.0 An issue was discovered in rust-ffmpeg 0.3.0 (after comit 5ac0527) A null pointer dereference vulnerability in the input() constructor function allows an attacker to cause a denial of…
CVE-2025-55372 2025-09-02 N/A 0.0 An arbitrary file upload vulnerability in Beakon Application before v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-9784 2025-09-02 HIGH 7.5 A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows…
CVE-2025-2413 2025-09-02 HIGH 8.6 Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08.
CVE-2025-0670 2025-09-02 MEDIUM 4.7 Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure.This issue affects ProKuafor: from s1.02.07 before v1.02.08.
« Anterior Página 505 de 3939 Siguiente »