Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-43423 2025-11-04 LOW 2.0 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, visionOS 26.1. An attacker with physical…
CVE-2025-43422 2025-11-04 MEDIUM 4.6 The issue was addressed by adding additional logic. This issue is fixed in iOS 26.1 and iPadOS 26.1. An attacker with physical access to a device may be…
CVE-2025-43419 2025-11-04 HIGH 8.8 The issue was addressed with improved memory handling. This issue is fixed in Safari 26, tvOS 26, watchOS 26, iOS 26 and iPadOS 26, visionOS 26. Processing maliciously…
CVE-2025-43414 2025-11-04 MEDIUM 6.2 A permissions issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. A shortcut may be able to access files that…
CVE-2025-20737 2025-11-04 HIGH 7.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20735 2025-11-04 HIGH 7.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20733 2025-11-04 HIGH 7.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20730 2025-11-04 MEDIUM 6.7 In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has…
CVE-2025-20728 2025-11-04 HIGH 7.8 In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20727 2025-11-04 HIGH 7.5 In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has…
CVE-2025-20726 2025-11-04 HIGH 7.5 In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has…
CVE-2025-20725 2025-11-04 HIGH 7.5 In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE…
CVE-2025-46556 2025-11-04 MEDIUM 6.5 Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.27.1 and below allow attackers to permanently corrupt issue activity logs by submitting extremely long notes (tested…
CVE-2025-35021 2025-11-04 MEDIUM 6.5 By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from…
CVE-2025-36172 2025-11-03 MEDIUM 6.4 IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 001, 24.0.1 through 24.0.1 Interim Fix 004, 24.0.0 through 24.0.0 Interim Fix 006, and earlier unsupported releases…
CVE-2025-34501 2025-11-03 N/A 0.0 Deck Mate 2 is distributed with static, hard-coded credentials for the root shell and web user interface, while multiple management services (SSH, HTTP, Telnet, SMB, X11) are enabled…
CVE-2025-11193 2025-11-03 MEDIUM 5.5 A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information.
CVE-2024-13998 2025-11-03 N/A 0.0 Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have access to…
CVE-2024-13997 2025-11-03 N/A 0.0 Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host.…
CVE-2021-47698 2025-11-03 N/A 0.0 Nagios XI versions prior to 5.8.7 using embedded Nagios Core are vulnerable to cross-site scripting (XSS) via the Core UI’s Views URL handling. Insufficient validation or escaping of user-supplied input may…
CVE-2016-15054 2025-11-03 N/A 0.0 Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting (XSS) via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to…
CVE-2025-63293 2025-11-03 MEDIUM 6.5 FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they…
CVE-2025-12657 2025-11-03 MEDIUM 5.0 The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Later reads of this object can…
CVE-2025-63593 2025-11-03 N/A 0.0 Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).
CVE-2025-50735 2025-11-03 HIGH 7.5 Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain…
CVE-2025-12642 2025-11-03 N/A 0.0 lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks. Successful exploitation may allow an attacker to:…
CVE-2025-12531 2025-11-03 HIGH 7.1 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability…
CVE-2025-8558 2025-11-03 N/A 0.0 Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of…
CVE-2025-12184 2025-11-04 MEDIUM 4.4 The MeetingList plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.11 due to insufficient input sanitization and…
CVE-2025-41345 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and…
CVE-2025-41344 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_archivo' in…
CVE-2025-41343 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'email' in…
CVE-2025-41342 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_user' in…
CVE-2025-41341 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and…
CVE-2025-41340 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_tp_denuncia' and…
CVE-2025-41339 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_sociedad' in…
CVE-2025-41338 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and…
CVE-2025-41337 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in…
CVE-2025-41336 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in…
CVE-2025-41335 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id' and…
CVE-2025-12695 2025-11-04 MEDIUM 5.9 The overly permissive sandbox configuration in DSPy allows attackers to steal sensitive files in cases when users build an AI agent which consumes user input and uses the…
CVE-2025-12682 2025-11-04 CRITICAL 9.8 The Easy Upload Files During Checkout plugin for WordPress is vulnerable to arbitrary JavaScript file uploads due to missing file type validation in the 'file_during_checkout' function in all…
CVE-2025-41114 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameters 'id_denuncia' and…
CVE-2025-41113 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in…
CVE-2025-41112 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in…
CVE-2025-41111 2025-11-04 N/A 0.0 A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'id_denuncia' in…
CVE-2025-12493 2025-11-04 CRITICAL 9.8 The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Local File Inclusion in…
CVE-2025-12045 2025-11-04 MEDIUM 6.4 The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the category and…
CVE-2025-11690 2025-11-04 HIGH 8.5 An Insecure Direct Object Reference (IDOR) vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker…
CVE-2025-20749 2025-11-04 MEDIUM 6.7 In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor…
« Anterior Página 689 de 4301 Siguiente »