Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13025 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13024 2025-11-11 N/A 0.0 JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 145.
CVE-2025-13023 2025-11-11 N/A 0.0 Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13022 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13021 2025-11-11 N/A 0.0 Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145.
CVE-2025-13020 2025-11-11 N/A 0.0 Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13019 2025-11-11 N/A 0.0 Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13018 2025-11-11 N/A 0.0 Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13017 2025-11-11 N/A 0.0 Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13016 2025-11-11 N/A 0.0 Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5.
CVE-2025-13015 2025-11-11 N/A 0.0 Spoofing issue in Firefox. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13014 2025-11-11 N/A 0.0 Use-after-free in the Audio/Video component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13013 2025-11-11 N/A 0.0 Mitigation bypass in the DOM: Core & HTML component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-13012 2025-11-11 N/A 0.0 Race condition in the Graphics component. This vulnerability affects Firefox < 145, Firefox ESR < 140.5, and Firefox ESR < 115.30.
CVE-2025-10918 2025-11-11 HIGH 7.1 Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk
CVE-2025-10905 2025-11-11 MEDIUM 4.4 Collision in MiniFilter driver in Avast Software Avast Free Antivirus  before 25.9  on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.
CVE-2025-11959 2025-11-11 HIGH 8.1 Files or Directories Accessible to External Parties, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Premierturk Information Technologies Inc. Excavation Management Information System allows Footprinting,…
CVE-2024-57695 2025-11-11 N/A 0.0 An issue in Agnitum Outpost Security Suite 7.5.3 (3942.608.1810) and 7.6 (3984.693.1842) allows a local attacker to execute arbitrary code via the lock function. The manufacturer fixed the…
CVE-2025-9227 2025-11-11 MEDIUM 6.5 Zohocorp ManageEngine OpManager versions 128609 and below are vulnerable to Stored XSS Vulnerability in the SNMP trap processor.
CVE-2025-9223 2025-11-11 HIGH 8.8 Zohocorp ManageEngine Applications Manager versions 178100 and below are vulnerable to authenticated command injection vulnerability due to the improper configuration in the execute program action feature.
CVE-2025-12101 2025-11-11 N/A 0.0 Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2025-11862 2025-11-11 N/A 0.0 A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API.
CVE-2025-11697 2025-11-11 N/A 0.0 A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using…
CVE-2025-11696 2025-11-11 N/A 0.0 A local server-side request forgery (SSRF) security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to trigger…
CVE-2025-11085 2025-11-11 N/A 0.0 A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft,…
CVE-2025-11084 2025-11-11 N/A 0.0 A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability…
CVE-2025-8324 2025-11-11 CRITICAL 9.8 Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration.
CVE-2025-41106 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41105 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41104 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41103 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-10161 2025-11-11 HIGH 7.3 Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute…
CVE-2025-41102 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-41101 2025-11-11 N/A 0.0 HTML injection vulnerability found in Fairsketch's RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending…
CVE-2025-11960 2025-11-11 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS.This issue affects KVKNET: before…
CVE-2025-7633 2025-11-11 HIGH 7.3 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
CVE-2025-7632 2025-11-11 HIGH 7.3 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report.
CVE-2025-7430 2025-11-11 HIGH 7.3 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report.
CVE-2025-12953 2025-11-11 MEDIUM 4.3 The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-12846 2025-11-11 HIGH 8.8 The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type…
CVE-2025-12788 2025-11-11 MEDIUM 5.3 The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to missing payment verification to unauthenticated payment bypass in all versions up to, and…
CVE-2025-12787 2025-11-11 MEDIUM 5.3 The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is…
CVE-2025-12539 2025-11-11 CRITICAL 10.0 The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin…
CVE-2017-20210 2025-11-11 N/A 0.0 Photo Station 5.4.1 & 5.2.7 include the security fix for the vulnerability related to the XMR mining programs identified by internal research.
CVE-2025-5317 2025-11-11 N/A 0.0 An improper access restriction to a folder in Bitdefender Endpoint Security Tools for Mac (BEST) before 7.20.52.200087 allows local users with administrative privileges to bypass the configured uninstall…
CVE-2025-9524 2025-11-11 MEDIUM 4.3 The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with…
CVE-2025-9055 2025-11-11 MEDIUM 6.4 The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating…
CVE-2025-8998 2025-11-11 LOW 3.1 It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be…
CVE-2025-7429 2025-11-11 HIGH 7.3 Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Mails Deleted or Moved report.
CVE-2025-10714 2025-11-11 HIGH 8.4 AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited…
« Anterior Página 669 de 4300 Siguiente »