Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40012 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed…
CVE-2025-40011 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the…
CVE-2025-40010 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead…
CVE-2025-40009 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: check p->vec_buf for NULL When the PAGEMAP_SCAN ioctl is invoked with vec_len = 0 reaches pagemap_scan_backout_range(), kernel…
CVE-2025-40008 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in…
CVE-2025-40007 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 ("netfs: Fix the request's work item to not require a ref") modified…
CVE-2025-40006 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will unmap…
CVE-2025-40005 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with…
CVE-2025-26782 2025-10-20 HIGH 7.5 An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110,…
CVE-2025-26781 2025-10-20 HIGH 7.5 An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110,…
CVE-2025-10678 2025-10-20 N/A 0.0 NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using…
CVE-2024-55568 2025-10-20 HIGH 7.5 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,…
CVE-2025-8884 2025-10-20 MEDIUM 5.5 Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before…
CVE-2025-41390 2025-10-20 HIGH 7.8 An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An…
CVE-2025-61455 2025-10-20 CRITICAL 9.8 SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass…
CVE-2025-61454 2025-10-20 MEDIUM 6.1 A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response…
CVE-2025-11680 2025-10-20 N/A 0.0 Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap…
CVE-2025-11679 2025-10-20 N/A 0.0 Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap…
CVE-2025-11678 2025-10-20 N/A 0.0 Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a…
CVE-2025-11677 2025-10-20 N/A 0.0 Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE,…
CVE-2025-56224 2025-10-20 N/A 0.0 A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
CVE-2025-56223 2025-10-20 N/A 0.0 A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
CVE-2025-56219 2025-10-20 N/A 0.0 Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of…
CVE-2025-8349 2025-10-20 N/A 0.0 Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with…
CVE-2025-57837 2025-10-20 LOW 2.9 Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-41028 2025-10-20 N/A 0.0 A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a…
CVE-2025-61932 2025-10-20 CRITICAL 9.8 Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially…
CVE-2025-57839 2025-10-20 MEDIUM 4.0 Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-57838 2025-10-20 MEDIUM 4.0 Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31342 2025-10-20 N/A 0.0 An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote…
CVE-2025-62577 2025-10-20 HIGH 8.8 ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing…
CVE-2025-40004 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport…
CVE-2025-11948 2025-10-20 CRITICAL 9.8 Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code…
CVE-2025-11947 2025-10-19 MEDIUM 4.5 A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can…
CVE-2025-11946 2025-10-19 LOW 3.5 A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact…
CVE-2025-11945 2025-10-19 LOW 3.5 A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site…
CVE-2025-11944 2025-10-19 MEDIUM 4.7 A vulnerability was determined in givanz Vvveb up to 1.0.7.3. This affects the function Import of the file admin/controller/tools/import.php of the component Raw SQL Handler. This manipulation causes…
CVE-2025-11943 2025-10-19 HIGH 7.3 A vulnerability has been found in 70mai X200 up to 20251010. Affected by this vulnerability is an unknown functionality of the component HTTP Web Server. The manipulation leads…
CVE-2025-11942 2025-10-19 HIGH 7.3 A flaw has been found in 70mai X200 up to 20251010. Affected is an unknown function of the component Pairing. Executing manipulation can lead to missing authentication. It…
CVE-2025-11941 2025-10-19 MEDIUM 5.4 A vulnerability was detected in e107 CMS up to 2.3.3. This impacts an unknown function of the file /e107_admin/image.php?mode=main&action=avatar of the component Avatar Handler. Performing manipulation of the…
CVE-2025-11940 2025-10-19 HIGH 7.0 A security vulnerability has been detected in LibreWolf up to 143.0.4-1 on Windows. This affects an unknown function of the file assets/setup.nsi of the component Installer. Such manipulation…
CVE-2025-11939 2025-10-19 MEDIUM 4.7 A vulnerability was determined in ChurchCRM up to 5.18.0. This issue affects some unknown processing of the file src/ChurchCRM/Backup/RestoreJob.php of the component Backup Restore Handler. Executing manipulation of…
CVE-2025-11938 2025-10-19 MEDIUM 5.6 A vulnerability was found in ChurchCRM up to 5.18.0. This vulnerability affects unknown code of the file setup/routes/setup.php. Performing manipulation of the argument DB_PASSWORD/ROOT_PATH/URL results in deserialization. The…
CVE-2025-62672 2025-10-19 MEDIUM 5.3 rplay through 3.3.2 allows attackers to cause a denial of service (SIGSEGV and daemon crash) or possibly have unspecified other impact. This occurs in memcpy in the RPLAY_DATA…
CVE-2025-47410 2025-10-18 N/A 0.0 Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into…
CVE-2025-11926 2025-10-18 MEDIUM 4.4 The Related Posts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.12 due to insufficient input…
CVE-2025-9890 2025-10-18 HIGH 8.8 The Theme Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0. This is due to missing or incorrect nonce…
CVE-2025-5555 2025-10-18 HIGH 7.8 A vulnerability has been found in Nixdorf Wincor PORT IO Driver up to 1.0.0.1. This affects the function sub_11100 in the library wnport.sys of the component IOCTL Handler.…
CVE-2025-40003 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to…
CVE-2025-40002 2025-10-18 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix use-after-free in tb_dp_dprx_work The original code relies on cancel_delayed_work() in tb_dp_dprx_stop(), which does not ensure that…
« Anterior Página 69 de 3641 Siguiente »