Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57812 2025-11-12 LOW 3.7 CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the…
CVE-2025-11565 2025-11-12 N/A 0.0 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local…
CVE-2024-47866 2025-11-12 HIGH 7.5 Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an…
CVE-2024-45301 2025-11-12 MEDIUM 5.3 Mintty is a terminal emulator for Cygwin, MSYS, and WSL. In versions 2.3.6 through 3.7.4, several escape sequences can cause the mintty process to access a file in…
CVE-2025-64407 2025-11-12 MEDIUM 5.3 Apache OpenOffice documents can contain links. A missing Authorization vulnerability in Apache OpenOffice allowed an attacker to craft a document that would cause external links to be loaded…
CVE-2025-64531 2025-11-11 HIGH 7.8 Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61835 2025-11-11 HIGH 7.8 Substance3D - Stager versions 3.1.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-61834 2025-11-11 HIGH 7.8 Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61833 2025-11-11 HIGH 7.8 Substance3D - Stager versions 3.1.5 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end…
CVE-2025-65002 2025-11-12 HIGH 7.5 Fujitsu iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters.
CVE-2025-65001 2025-11-12 HIGH 8.2 Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability.
CVE-2025-25236 2025-11-12 MEDIUM 5.3 Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. A malicious actor may be able to enumerate sensitive information such as tenant ID and user accounts that…
CVE-2025-20379 2025-11-12 LOW 3.5 In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold…
CVE-2025-20378 2025-11-12 LOW 3.1 In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a malicious URL using…
CVE-2025-13042 2025-11-12 HIGH 8.8 Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-64406 2025-11-12 MEDIUM 4.3 An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas. This issue…
CVE-2025-2843 2025-11-12 HIGH 8.8 A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial…
CVE-2025-12871 2025-11-12 CRITICAL 9.8 The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated…
CVE-2025-12870 2025-11-12 CRITICAL 9.8 The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access…
CVE-2025-11797 2025-11-12 HIGH 7.8 A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read…
CVE-2025-11795 2025-11-12 HIGH 7.8 A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code…
CVE-2025-61828 2025-11-11 HIGH 7.8 Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-61829 2025-11-11 HIGH 7.8 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61836 2025-11-11 HIGH 7.8 Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-61827 2025-11-11 HIGH 7.8 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-61826 2025-11-11 HIGH 7.8 Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of…
CVE-2025-59513 2025-11-11 MEDIUM 5.5 Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
CVE-2025-59512 2025-11-11 HIGH 7.8 Improper access control in Customer Experience Improvement Program (CEIP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59511 2025-11-11 HIGH 7.8 External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59510 2025-11-11 MEDIUM 5.5 Improper link resolution before file access ('link following') in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to deny service locally.
CVE-2025-59509 2025-11-11 MEDIUM 5.5 Insertion of sensitive information into sent data in Windows Speech allows an authorized attacker to disclose information locally.
CVE-2025-59508 2025-11-11 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59507 2025-11-11 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-59506 2025-11-11 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
CVE-2025-59505 2025-11-11 HIGH 7.8 Double free in Windows Smart Card allows an authorized attacker to elevate privileges locally.
CVE-2025-59504 2025-11-11 HIGH 7.3 Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
CVE-2025-59499 2025-11-11 HIGH 8.8 Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59240 2025-11-11 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-47179 2025-11-11 MEDIUM 6.7 Improper access control in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-30398 2025-11-11 HIGH 8.1 Missing authorization in Nuance PowerScribe allows an unauthorized attacker to disclose information over a network.
CVE-2025-9316 2025-11-12 N/A 0.0 N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.
CVE-2025-64293 2025-11-12 HIGH 7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a…
CVE-2025-64281 2025-11-12 N/A 0.0 An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
CVE-2025-64280 2025-11-12 N/A 0.0 A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
CVE-2025-63353 2025-11-12 N/A 0.0 A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default…
CVE-2025-63289 2025-11-12 N/A 0.0 Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
CVE-2025-11700 2025-11-12 N/A 0.0 N-central versions < 2025.4 are vulnerable to an XML External Entities injection leading to information disclosure
CVE-2025-11367 2025-11-12 N/A 0.0 The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
CVE-2025-11366 2025-11-12 N/A 0.0 N-central < 2025.4 is vulnerable to authentication bypass via path traversal
CVE-2025-63666 2025-11-12 N/A 0.0 Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker…
« Anterior Página 662 de 4299 Siguiente »