Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-20359 2025-10-15 MEDIUM 6.5 Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive…
CVE-2025-20351 2025-10-15 MEDIUM 6.1 A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software…
CVE-2025-20350 2025-10-15 HIGH 7.5 A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software…
CVE-2025-20329 2025-10-15 MEDIUM 4.9 A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear…
CVE-2025-10577 2025-10-15 N/A 0.0 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is…
CVE-2025-10576 2025-10-15 N/A 0.0 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is…
CVE-2025-62379 2025-10-15 LOW 3.1 Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirect_to query parameter value directly…
CVE-2025-62370 2025-10-15 HIGH 7.5 Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to…
CVE-2025-61990 2025-10-15 HIGH 7.5 When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End…
CVE-2025-61935 2025-10-15 HIGH 7.5 When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which…
CVE-2025-61933 2025-10-15 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out…
CVE-2025-59419 2025-10-15 N/A 0.0 Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to…
CVE-2025-58071 2025-10-15 HIGH 7.5 When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support…
CVE-2025-57780 2025-10-15 HIGH 8.8 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker…
CVE-2025-53860 2025-10-15 MEDIUM 4.1 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions…
CVE-2025-2529 2025-10-15 LOW 2.9 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
CVE-2025-56746 2025-10-15 LOW 2.2 Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining…
CVE-2025-9548 2025-10-15 MEDIUM 5.5 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
CVE-2025-8486 2025-10-15 HIGH 7.8 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
CVE-2025-6026 2025-10-15 LOW 3.1 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application…
CVE-2025-55083 2025-10-15 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVE-2025-10699 2025-10-15 MEDIUM 5.3 A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
CVE-2025-10581 2025-10-15 HIGH 7.8 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with…
CVE-2024-13991 2025-10-15 N/A 0.0 Huijietong Cloud Video Platform contains a path traversal vulnerability that allows an unauthenticated attacker can supply arbitrary file paths to the `fullPath` parameter of the `/fileDownload?action=downloadBackupFile` endpoint and…
CVE-2023-7311 2025-10-15 N/A 0.0 BYTEVALUE Intelligent Flow Control Router contains a command injection vulnerability via the /goform/webRead/open endpoint. The `path` parameter is not properly validated and is echoed into a shell context, allowing…
CVE-2023-7305 2025-10-15 N/A 0.0 SmartBI V8, V9, and V10 contain an unrestricted file upload vulnerability via the RMIServlet request handling logic. Under certain configurations or usage patterns, attackers can send specially crafted…
CVE-2023-7304 2025-10-15 N/A 0.0 Ruijie RG-UAC Application Management Gateway contains a command injection vulnerability via the 'nmc_sync.php' interface. An unauthenticated attacker able to reach the affected endpoint can inject shell commands via crafted…
CVE-2025-8459 2025-10-14 HIGH 7.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Monitoring recurrent downtime scheduler modules) allows Stored XSS.This issue affects Infra…
CVE-2025-8430 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Commands Connectors configuration modules) allows Stored XSS by users with elevated…
CVE-2025-8429 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Action access configuration modules) allows Stored XSS by users with…
CVE-2025-61974 2025-10-15 HIGH 7.5 When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End…
CVE-2025-61960 2025-10-15 HIGH 7.5 When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions…
CVE-2025-61958 2025-10-15 HIGH 8.7 A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a…
CVE-2025-61955 2025-10-15 HIGH 8.8 A vulnerability exists in F5OS-A and F5OS-C systems that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker…
CVE-2025-61951 2025-10-15 HIGH 7.5 Undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  This issue may occur when a Datagram Transport Layer Security (DTLS) 1.2 virtual server is enabled with…
CVE-2025-61938 2025-10-15 HIGH 7.5 When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either…
CVE-2025-60016 2025-10-15 HIGH 7.5 When Diffie-Hellman (DH) group Elliptic Curve Cryptography (ECC) Brainpool curves are configured in an SSL profile's Cipher Rule or Cipher Group, and that profile is applied to a…
CVE-2025-60015 2025-10-15 MEDIUM 5.7 An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
CVE-2025-60013 2025-10-15 MEDIUM 5.7 When a user attempts to initialize the rSeries FIPS module using a password with special shell metacharacters, the FIPS hardware security module (HSM) may fail to initialize.  Note:…
CVE-2025-59781 2025-10-15 HIGH 7.5 When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization.   Note: Software versions…
CVE-2025-59778 2025-10-15 HIGH 7.5 When the Allowed IP Addresses feature is configured on the F5OS-C partition control plane, undisclosed traffic can cause multiple containers to terminate.   Note: Software versions which have reached…
CVE-2025-59483 2025-10-15 MEDIUM 6.5 A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2025-59481 2025-10-15 HIGH 8.7 A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute…
CVE-2025-59478 2025-10-15 HIGH 7.5 When a BIG-IP AFM denial-of-service (DoS) protection profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) process to terminate.  Note: Software versions…
CVE-2025-59269 2025-10-15 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the…
CVE-2025-59268 2025-10-15 MEDIUM 5.3 On the BIG-IP system, undisclosed endpoints that contain static non-sensitive information are accessible to an unauthenticated remote attacker through the Configuration utility.  Note: Software versions which have reached End…
CVE-2025-58474 2025-10-15 MEDIUM 5.3 When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery (SSRF) protection or when an NGINX server is configured with App Protect Bot Defense,…
CVE-2025-58424 2025-10-15 LOW 3.7 On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End…
CVE-2025-58153 2025-10-15 MEDIUM 5.9 Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.  Note: Software versions…
CVE-2025-58120 2025-10-15 HIGH 7.5 When HTTP/2 Ingress is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not…
« Anterior Página 738 de 4304 Siguiente »