Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-34421 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from…
CVE-2025-34420 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from…
CVE-2025-34419 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from…
CVE-2025-34418 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from…
CVE-2025-34417 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from…
CVE-2025-34416 2025-12-10 N/A 0.0 MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from…
CVE-2025-34410 2025-12-10 N/A 0.0 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF…
CVE-2025-34395 2025-12-10 N/A 0.0 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method…
CVE-2025-34394 2025-12-10 N/A 0.0 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types.…
CVE-2025-34393 2025-12-10 N/A 0.0 Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, does not correctly verify the name of an attacker-controlled WSDL service, leading to insecure…
CVE-2025-13184 2025-12-10 CRITICAL 9.8 Unauthenticated Telnet enablement via cstecgi.cgi (auth bypass) leading to unauthenticated root login with a blank password on factory/reset X5000R V9.1.0u.6369_B20230113 (arbitrary command execution). Earlier versions that share the…
CVE-2023-53739 2025-12-09 N/A 0.0 Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin…
CVE-2021-47719 2025-12-09 N/A 0.0 COMMAX WebViewer ActiveX Control 2.1.4.5 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions. Attackers can…
CVE-2021-47705 2025-12-09 N/A 0.0 COMMAX UMS Client ActiveX Control 1.7.0.2 contains a heap-based buffer overflow vulnerability that allows attackers to execute arbitrary code by providing excessively long string arrays through multiple functions.…
CVE-2025-64783 2025-12-09 HIGH 7.8 DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-64784 2025-12-09 HIGH 7.1 DNG SDK versions 1.7.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure or application denial of service. An attacker could…
CVE-2025-64893 2025-12-09 HIGH 7.1 DNG SDK versions 1.7.0 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure or application denial of service. An attacker could leverage…
CVE-2025-64894 2025-12-09 MEDIUM 5.5 DNG SDK versions 1.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could lead to application denial-of-service. An attacker could exploit this issue to…
CVE-2025-62556 2025-12-09 HIGH 7.8 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62557 2025-12-09 HIGH 8.4 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62558 2025-12-09 HIGH 7.8 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62559 2025-12-09 HIGH 7.8 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62560 2025-12-09 HIGH 7.8 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62561 2025-12-09 HIGH 7.8 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-64086 2025-12-09 HIGH 7.5 A NULL pointer dereference vulnerability in the util.readFileIntoStream component of PDF-XChange Editor v10.7.3.401 allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-66675 2025-12-10 HIGH 8.2 Denial of Service vulnerability in Apache Struts, file leak in multipart request processing causes disk exhaustion. This issue affects Apache Struts: from 2.0.0 through 6.7.4, from 7.0.0 through…
CVE-2025-13155 2025-12-10 HIGH 7.8 An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges.
CVE-2025-13152 2025-12-10 HIGH 7.8 A potential DLL hijacking vulnerability was reported in Lenovo One Client during an internal security assessment that could allow a local authenticated user to execute code with elevated…
CVE-2025-13125 2025-12-10 MEDIUM 4.3 Authorization Bypass Through User-Controlled Key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Exploitation of Trusted Identifiers.This issue affects DijiDemi:…
CVE-2025-12046 2025-12-10 HIGH 7.8 A DLL hijacking vulnerability was reported in the Lenovo App Store and Lenovo Browser applications that could allow a local authenticated user to execute code with elevated privileges…
CVE-2025-8110 2025-12-10 N/A 0.0 Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code.
CVE-2025-13127 2025-12-10 LOW 3.5 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TAC Information Services Internal and External Trade Inc. GoldenHorn allows Cross-Site Scripting (XSS).This issue…
CVE-2025-1161 2025-12-10 HIGH 7.1 Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation.This issue affects Nomysem: through May 2025.
CVE-2025-64156 2025-12-09 HIGH 7.2 An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions,…
CVE-2025-62221 2025-12-09 HIGH 7.8 Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2024-2105 2025-12-10 MEDIUM 6.5 An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
CVE-2024-2104 2025-12-10 HIGH 8.8 Due to improper BLE security configurations on the device's GATT server, an adjacent unauthenticated attacker can read and write device control commands through the mobile app service wich…
CVE-2025-63013 2025-12-09 MEDIUM 4.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from…
CVE-2025-63011 2025-12-09 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through
CVE-2025-41358 2025-12-10 N/A 0.0 Direct Object Reference Vulnerability (IDOR) in i2A's CronosWeb, in versions prior to 25.00.00.12, inclusive. This vulnerability could allow an authenticated attacker to access other users' documents by manipulating…
CVE-2025-63010 2025-12-09 MEDIUM 4.8 Server-Side Request Forgery (SSRF) vulnerability in ThemesInflow Hercules Core hercules-core allows Server Side Request Forgery.This issue affects Hercules Core : from n/a through
CVE-2025-63009 2025-12-09 MEDIUM 5.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in yuvalo WP Google Analytics Events wp-google-analytics-events allows Retrieve Embedded Sensitive Data.This issue affects WP Google Analytics…
CVE-2025-13953 2025-12-10 N/A 0.0 Bypass vulnerability in the authentication method in the GTT Tax Information System application, related to the Active Directory (LDAP) login method. Authentication is performed through a local WebSocket,…
CVE-2025-41732 2025-12-10 HIGH 8.8 An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_cookie() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVE-2025-41730 2025-12-10 HIGH 8.8 An unauthenticated remote attacker can abuse unsafe sscanf calls within the check_account() function to write arbitrary data into fixed-size stack buffers which leads to full device compromise.
CVE-2025-7073 2025-12-10 N/A 0.0 A local privilege escalation vulnerability in Bitdefender Total Security 27.0.46.231 allows low-privileged attackers to elevate privileges. The issue arises from bdservicehost.exe deleting files from a user-writable directory (C:\ProgramData\Atc\Feedback) without…
CVE-2025-14390 2025-12-10 HIGH 8.8 The Video Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in version
CVE-2025-9315 2025-12-10 N/A 0.0 An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this…
CVE-2025-66004 2025-12-10 MEDIUM 5.7 A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
CVE-2025-14087 2025-12-10 MEDIUM 5.6 A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution…
« Anterior Página 580 de 4286 Siguiente »