Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-22391 2025-11-11 MEDIUM 6.7 Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined…
CVE-2025-20622 2025-11-11 LOW 3.8 Sensitive information uncleared in resource before release for reuse for some Intel(R) NPU Drivers for Windows before version 32.0.100.4023 within Ring 3: User Applications may allow an information…
CVE-2025-20614 2025-11-11 MEDIUM 6.7 External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software…
CVE-2025-20065 2025-11-11 MEDIUM 6.7 Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Unprivileged software adversary…
CVE-2025-20056 2025-11-11 MEDIUM 4.4 Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated…
CVE-2025-20050 2025-11-11 MEDIUM 6.7 Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated…
CVE-2025-20010 2025-11-11 HIGH 7.8 Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. System software…
CVE-2025-13032 2025-11-11 CRITICAL 9.9 Double fetch in sandbox kernel driver in Avast/AVG Antivirus
CVE-2025-12944 2025-11-11 N/A 0.0 Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please…
CVE-2025-12943 2025-11-11 N/A 0.0 Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with…
CVE-2025-12940 2025-11-11 N/A 0.0 Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access…
CVE-2025-9408 2025-11-11 HIGH 8.1 System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes.
CVE-2025-64773 2025-11-11 LOW 2.7 In JetBrains YouTrack before 2025.3.104432 a race condition allowed bypass of helpdesk Agent limit
CVE-2025-13027 2025-11-11 N/A 0.0 Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2025-13026 2025-11-11 N/A 0.0 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13025 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13024 2025-11-11 N/A 0.0 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145.
CVE-2025-13023 2025-11-11 N/A 0.0 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13022 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13021 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13020 2025-11-11 N/A 0.0 Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13019 2025-11-11 N/A 0.0 Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13018 2025-11-11 N/A 0.0 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13017 2025-11-11 N/A 0.0 Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13016 2025-11-11 N/A 0.0 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13015 2025-11-11 N/A 0.0 Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13014 2025-11-11 N/A 0.0 Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13013 2025-11-11 N/A 0.0 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13012 2025-11-11 N/A 0.0 Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-10918 2025-11-11 HIGH 7.1 Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
CVE-2025-10905 2025-11-11 MEDIUM 4.4 Collision in MiniFilter driver in Avast Software Avast Free Antivirus  before 25.9  on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.
CVE-2025-11959 2025-11-11 HIGH 8.1 Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting,…
CVE-2024-57695 2025-11-11 N/A 0.0 An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the…
CVE-2025-9227 2025-11-11 MEDIUM 6.5 Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
CVE-2025-9223 2025-11-11 HIGH 8.8 Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
CVE-2025-12101 2025-11-11 N/A 0.0 Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2025-11862 2025-11-11 N/A 0.0 A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.
CVE-2025-11697 2025-11-11 N/A 0.0 A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using…
CVE-2025-11696 2025-11-11 N/A 0.0 A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger…
CVE-2025-11085 2025-11-11 N/A 0.0 A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft,…
CVE-2025-11084 2025-11-11 N/A 0.0 A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability…
CVE-2025-8324 2025-11-11 CRITICAL 9.8 Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
CVE-2025-41106 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41105 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41104 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41103 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-10161 2025-11-11 HIGH 7.3 Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute…
CVE-2025-41102 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41101 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-11960 2025-11-11 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS.This issue affects KVKNET: before…
« Anterior Página 668 de 4299 Siguiente »