Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62509 2025-10-20 HIGH 8.1 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege…
CVE-2025-55086 2025-10-20 N/A 0.0 In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the…
CVE-2025-47902 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
CVE-2025-47901 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100:…
CVE-2025-47900 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100:…
CVE-2025-3465 2025-10-20 HIGH 7.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through…
CVE-2025-11979 2025-10-20 MEDIUM 5.3 An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some…
CVE-2025-54957 2025-10-20 MEDIUM 6.5 An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution…
CVE-2025-9574 2025-10-20 CRITICAL 9.1 Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .  All firmware versions with the Serial Number from 2000 to 5166
CVE-2025-6515 2025-10-20 MEDIUM 6.8 The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to…
CVE-2025-61456 2025-10-20 MEDIUM 6.1 A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response…
CVE-2025-61417 2025-10-20 HIGH 8.8 Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file,…
CVE-2025-57738 2025-10-20 HIGH 7.2 Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations…
CVE-2025-48025 2025-10-20 N/A 0.0 In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to…
CVE-2025-40017 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once…
CVE-2025-40016 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have…
CVE-2025-40015 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to…
CVE-2025-40013 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could…
CVE-2025-40012 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed…
CVE-2025-40011 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the…
CVE-2025-40010 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead…
CVE-2025-40009 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: check p->vec_buf for NULL When the PAGEMAP_SCAN ioctl is invoked with vec_len = 0 reaches pagemap_scan_backout_range(), kernel…
CVE-2025-40008 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in…
CVE-2025-40007 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfs: fix reference leak Commit 20d72b00ca81 ("netfs: Fix the request's work item to not require a ref") modified…
CVE-2025-40006 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will unmap…
CVE-2025-40005 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with…
CVE-2025-26782 2025-10-20 HIGH 7.5 An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110,…
CVE-2025-26781 2025-10-20 HIGH 7.5 An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110,…
CVE-2025-10678 2025-10-20 N/A 0.0 NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using…
CVE-2024-55568 2025-10-20 HIGH 7.5 An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000,…
CVE-2025-8884 2025-10-20 MEDIUM 5.5 Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before…
CVE-2025-41390 2025-10-20 HIGH 7.8 An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An…
CVE-2025-61455 2025-10-20 CRITICAL 9.8 SQL Injection vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the signup.inc.php endpoint. The application directly incorporates unsanitized user inputs into SQL queries, allowing unauthenticated attackers to bypass…
CVE-2025-61454 2025-10-20 MEDIUM 6.1 A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response…
CVE-2025-11680 2025-10-20 N/A 0.0 Out-of-bounds Write in unfilter_scanline in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to write past a heap…
CVE-2025-11679 2025-10-20 N/A 0.0 Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap…
CVE-2025-11678 2025-10-20 N/A 0.0 Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a…
CVE-2025-11677 2025-10-20 N/A 0.0 Use After Free in WebSocket server implementation in lws_handshake_server in warmcat libwebsockets may allow an attacker, in specific configurations where the user provides a callback function that handles LWS_CALLBACK_HTTP_CONFIRM_UPGRADE,…
CVE-2025-56224 2025-10-20 N/A 0.0 A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
CVE-2025-56223 2025-10-20 N/A 0.0 A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
CVE-2025-56219 2025-10-20 N/A 0.0 Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of…
CVE-2025-8349 2025-10-20 N/A 0.0 Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with…
CVE-2025-57837 2025-10-20 LOW 2.9 Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-41028 2025-10-20 N/A 0.0 A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a…
CVE-2025-61932 2025-10-20 CRITICAL 9.8 Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially…
CVE-2025-57839 2025-10-20 MEDIUM 4.0 Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-57838 2025-10-20 MEDIUM 4.0 Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-31342 2025-10-20 N/A 0.0 An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote…
CVE-2025-62577 2025-10-20 HIGH 8.8 ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing…
CVE-2025-40004 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport…
« Anterior Página 731 de 4304 Siguiente »