Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-20752 2025-12-02 MEDIUM 6.5 In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to…
CVE-2025-20751 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to…
CVE-2025-20750 2025-12-02 MEDIUM 5.3 In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a…
CVE-2025-13697 2025-12-02 MEDIUM 6.4 The BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘timestamp’…
CVE-2025-12529 2025-12-02 HIGH 8.8 The Cost Calculator Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteOrdersFiles() function in all versions up to,…
CVE-2024-45675 2025-12-02 HIGH 8.4 IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.
CVE-2025-58488 2025-12-02 MEDIUM 4.5 Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this…
CVE-2025-58487 2025-12-02 MEDIUM 4.0 Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
CVE-2025-58486 2025-12-02 MEDIUM 4.0 Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
CVE-2025-58485 2025-12-02 MEDIUM 5.5 Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
CVE-2025-58484 2025-12-02 MEDIUM 4.0 Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.
CVE-2025-58483 2025-12-02 MEDIUM 5.9 Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
CVE-2025-58482 2025-12-02 HIGH 7.3 Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58481 2025-12-02 HIGH 7.3 Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
CVE-2025-58480 2025-12-02 MEDIUM 4.3 Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-58479 2025-12-02 MEDIUM 4.3 Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-58478 2025-12-02 MEDIUM 4.3 Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-58477 2025-12-02 MEDIUM 4.3 Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
CVE-2025-58476 2025-12-02 MEDIUM 4.2 Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
CVE-2025-58475 2025-12-02 MEDIUM 5.6 Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-21080 2025-12-02 MEDIUM 6.2 Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
CVE-2025-21072 2025-12-02 MEDIUM 5.7 Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2025-66448 2025-12-01 HIGH 7.1 vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.11.1, vllm has a critical remote code execution vector in a config class named…
CVE-2025-66415 2025-12-01 N/A 0.0 fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that…
CVE-2025-66412 2025-12-01 N/A 0.0 Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 21.0.2, 20.3.15, and 19.2.17, A Stored Cross-Site Scripting (XSS)…
CVE-2025-66410 2025-12-01 N/A 0.0 Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or…
CVE-2025-66405 2025-12-01 N/A 0.0 Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request…
CVE-2025-66403 2025-12-01 MEDIUM 4.6 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 2.2.3, a stored cross-site scripting (XSS) vulnerability exists in the Filerise application…
CVE-2025-66401 2025-12-01 CRITICAL 9.8 MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the…
CVE-2025-66400 2025-12-01 N/A 0.0 mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This…
CVE-2025-66313 2025-12-01 N/A 0.0 ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP()…
CVE-2025-66312 2025-12-01 N/A 0.0 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66311 2025-12-01 N/A 0.0 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66310 2025-12-01 N/A 0.0 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66309 2025-12-01 N/A 0.0 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66308 2025-12-01 N/A 0.0 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66307 2025-12-01 MEDIUM 6.5 This admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.11.0-beta.1, a…
CVE-2025-66306 2025-12-01 MEDIUM 4.3 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR (Insecure Direct Object Reference) vulnerability in the Grav CMS Admin Panel which allows low-privilege users…
CVE-2025-66305 2025-12-01 N/A 0.0 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a Denial of Service (DoS) vulnerability was identified in the "Languages" submenu of the Grav admin configuration panel (/admin/config/system).…
CVE-2025-66304 2025-12-01 MEDIUM 6.2 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, users with read access on the user account management section of the admin panel can view the password hashes…
CVE-2025-66303 2025-12-01 MEDIUM 4.9 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A Denial of Service (DoS) vulnerability has been identified in Grav related to the handling of scheduled_at parameters. Specifically,…
CVE-2025-66302 2025-12-01 MEDIUM 6.8 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A path traversal vulnerability has been identified in Grav CMS, allowing authenticated attackers with administrative privileges to read arbitrary…
CVE-2025-66301 2025-12-01 N/A 0.0 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, due to improper authorization checks when modifying critical fields on a POST request to /admin/pages/{page_name}, an editor with only…
CVE-2025-66300 2025-12-01 HIGH 8.5 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, A low privilege user account with page editing privilege can read any server files using "Frontmatter" form. This includes…
CVE-2025-66299 2025-12-01 HIGH 8.8 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, Grav CMS is vulnerable to a Server-Side Template Injection (SSTI) that allows any authenticated user with editor permissions to…
CVE-2025-66298 2025-12-01 N/A 0.0 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, having a simple form on site can reveal the whole Grav configuration details (including plugin configuration details) by using…
CVE-2025-65622 2025-12-01 N/A 0.0 Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
CVE-2025-66297 2025-12-01 N/A 0.0 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a user with admin panel access and permissions to create or edit pages in Grav CMS can enable Twig…
CVE-2025-66296 2025-12-01 HIGH 8.8 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, a privilege escalation vulnerability exists in Grav’s Admin plugin due to the absence of username uniqueness validation when creating…
CVE-2025-66295 2025-12-01 HIGH 8.8 Grav is a file-based Web platform. Prior to 1.8.0-beta.27, when a user with privilege of user creation creates a new user through the Admin UI and supplies a…
« Anterior Página 619 de 4293 Siguiente »