Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40239 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared->phydev for LAN8814 Currently, during the LAN8814 PTP probe shared->phydev is only set…
CVE-2025-40238 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix IPsec cleanup over MPV device When we do mlx5e_detach_netdev() we eventually disable blocking events notifier, among…
CVE-2025-40237 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/notify: call exportfs_encode_fid with s_umount Calling intotify_show_fdinfo() on fd watching an overlayfs inode, while the overlayfs is being…
CVE-2025-40236 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: virtio-net: zero unused hash fields When GSO tunnel is negotiated virtio_net_hdr_tnl_from_skb() tries to initialize the tunnel metadata but…
CVE-2025-40235 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() If fs_info->super_copy or fs_info->super_for_commit allocated failed in btrfs_get_tree_subvol(), then no…
CVE-2025-40234 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize `awcc`. Add…
CVE-2025-40233 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved…
CVE-2025-40232 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the…
CVE-2025-40231 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when…
CVE-2025-40230 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm: prevent poison consumption when splitting THP When performing memory error injection on a THP (Transparent Huge Page)…
CVE-2025-40229 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix potential memory leak by cleaning ops_filter in damon_destroy_scheme Currently, damon_destroy_scheme() only cleans up the filter list…
CVE-2025-40228 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damon_ctx [de]allocation". DAMON sysfs interface…
CVE-2025-40227 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc commit test ctx always The damon_ctx for testing online DAMON parameters commit inputs is deallocated only…
CVE-2025-40226 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug…
CVE-2025-40225 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic…
CVE-2025-40224 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: hwmon: (cgbc-hwmon) Add missing NULL check after devm_kzalloc() The driver allocates memory for sensor data using devm_kzalloc(), but…
CVE-2025-40223 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev).…
CVE-2025-40222 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tty: serial: sh-sci: fix RSCI FIFO overrun handling The receive error handling code is shared between RSCI and…
CVE-2025-65346 2025-12-04 N/A 0.0 alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The unzip/extraction functionality improperly allows archive contents to be written to arbitrary locations on the filesystem due to…
CVE-2025-54307 2025-12-04 N/A 0.0 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. The /configure/plugins/plugin/upload/zip/ and /configure/newupdates/offline/bundle/upload/ endpoints allow low-privilege users to upload ZIP files to the server.…
CVE-2025-54306 2025-12-04 N/A 0.0 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input…
CVE-2025-54305 2025-12-04 N/A 0.0 An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the…
CVE-2025-54304 2025-12-04 N/A 0.0 An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens…
CVE-2025-54303 2025-12-04 N/A 0.0 The Thermo Fisher Torrent Suite Django application 5.18.1 has weak default credentials, which are stored as fixtures for the Django ORM API. The ionadmin user account can be…
CVE-2025-53963 2025-12-04 N/A 0.0 An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. They run an SSH server accessible over the default port 22. The root account has…
CVE-2025-40221 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: pci: mg4b: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by…
CVE-2025-40220 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against…
CVE-2025-40219 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV Before disabling SR-IOV via config space accesses to the parent…
CVE-2025-40218 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside…
CVE-2025-40217 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now.
CVE-2025-40216 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation…
CVE-2025-2848 2025-12-04 MEDIUM 6.3 A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
CVE-2025-29846 2025-12-04 HIGH 7.2 A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2025-29845 2025-12-04 MEDIUM 4.3 A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2025-29844 2025-12-04 MEDIUM 4.3 A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29843 2025-12-04 MEDIUM 5.4 A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2025-14008 2025-12-04 MEDIUM 4.7 A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This…
CVE-2025-14007 2025-12-04 LOW 2.0 A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation…
CVE-2025-14006 2025-12-04 LOW 3.5 A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add…
CVE-2024-5401 2025-12-04 MEDIUM 4.3 Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079…
CVE-2024-45539 2025-12-04 HIGH 7.5 Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service…
CVE-2024-45538 2025-12-04 CRITICAL 9.6 Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to…
CVE-2025-14005 2025-12-04 LOW 2.4 A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display…
CVE-2025-14004 2025-12-04 MEDIUM 4.7 A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing…
CVE-2025-40215 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists…
CVE-2025-40214 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of…
CVE-2025-11222 2025-12-04 MEDIUM 6.1 Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to untrusted sites via specially crafted URLs, potentially facilitating phishing attacks and…
CVE-2025-41080 2025-12-04 N/A 0.0 A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious…
CVE-2025-41079 2025-12-04 N/A 0.0 A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious…
CVE-2025-14010 2025-12-04 MEDIUM 5.5 A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes.…
« Anterior Página 608 de 4288 Siguiente »