Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58096 2025-10-15 HIGH 7.5 When the database variable tm.tcpudptxchecksum is configured as non-default value Software-only on a BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which…
CVE-2025-55670 2025-10-15 MEDIUM 6.5 On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software…
CVE-2025-55669 2025-10-15 HIGH 7.5 When the BIG-IP Advanced WAF and ASM security policy and a server-side HTTP/2 profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel…
CVE-2025-55036 2025-10-15 HIGH 7.5 When BIG-IP SSL Orchestrator explicit forward proxy is configured on a virtual server and the proxy connect feature is enabled, undisclosed traffic may cause memory corruption.  Note: Software versions…
CVE-2025-54893 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (Hosts templates configuration modules) allows Stored XSS by users with elevated…
CVE-2025-54892 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps group configuration modules) allows Stored XSS by users with…
CVE-2025-54858 2025-10-15 HIGH 7.5 When a BIG-IP Advanced WAF or BIG-IP ASM Security Policy is configured with a JSON content profile that has a malformed JSON schema, and the security policy is…
CVE-2025-54854 2025-10-15 HIGH 7.5 When a BIG-IP APM OAuth access profile (Resource Server or Resource Client) is configured on a virtual server, undisclosed traffic can cause the apmd process to terminate.  Note: Software versions…
CVE-2025-54891 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) allows Stored XSS by users with…
CVE-2025-54889 2025-10-14 MEDIUM 6.8 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon Infra Monitoring (SNMP traps manufacturer configuration modules) allows Stored XSS by users with…
CVE-2025-54805 2025-10-15 MEDIUM 6.5 When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM)…
CVE-2025-54755 2025-10-15 MEDIUM 4.9 A directory traversal vulnerability exists in TMUI that allows an authenticated attacker to access files which are not limited to the intended files.  Note: Software versions which have…
CVE-2025-54479 2025-10-15 HIGH 7.5 When a classification profile is configured on a virtual server without an HTTP or HTTP/2 profile, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software…
CVE-2025-53868 2025-10-15 HIGH 8.7 When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software…
CVE-2025-53856 2025-10-15 HIGH 7.5 When a virtual server, network address translation (NAT) object, or secure network address translation (SNAT) object uses the embedded Packet Velocity Acceleration (ePVA) feature, undisclosed traffic can cause…
CVE-2025-53521 2025-10-15 HIGH 7.5 When a BIG-IP APM Access Policy is configured on a virtual server, undisclosed traffic can cause TMM to terminate.   Note: Software versions which have reached End of Technical…
CVE-2025-53474 2025-10-15 HIGH 7.5 When an iRule using an ILX::call command is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have…
CVE-2025-48008 2025-10-15 HIGH 7.5 When a TCP profile with Multipath TCP (MPTCP) enabled is configured on a virtual server, undisclosed traffic along with conditions beyond the attacker's control can cause the Traffic…
CVE-2025-47150 2025-10-15 MEDIUM 6.5 When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization.  Note: Software versions which have reached End…
CVE-2025-47148 2025-10-15 MEDIUM 6.5 When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an…
CVE-2025-46706 2025-10-15 HIGH 7.5 When an iRule containing the HTTP::respond command is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached…
CVE-2025-41430 2025-10-15 HIGH 7.5 When BIG-IP SSL Orchestrator is enabled, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS)…
CVE-2025-37145 2025-10-14 MEDIUM 4.9 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to…
CVE-2025-37144 2025-10-14 MEDIUM 4.9 Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to…
CVE-2025-25255 2025-10-14 MEDIUM 4.3 An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiProxy 7.6.0 through 7.6.3, 7.4 all versions, 7.2 all versions, 7.0.1 through 7.0.21, and FortiOS 7.6.0 through 7.6.3…
CVE-2025-11577 2025-10-14 HIGH 7.6 Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow…
CVE-2025-10406 2025-10-15 MEDIUM 5.5 The BlindMatrix e-Commerce WordPress plugin before 3.1 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users, such…
CVE-2025-9640 2025-10-15 MEDIUM 4.3 A flaw was found in Samba, in the vfs_streams_xattr module, where uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read…
CVE-2025-10869 2025-10-15 N/A 0.0 Stored Cross-site Scripting (XSS) in Oct8ne Chatbot v2.3. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by injecting a malicious payload through the…
CVE-2025-55082 2025-10-15 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of…
CVE-2025-55081 2025-10-15 N/A 0.0 In Eclipse Foundation NextX Duo before 6.4.4, a module of ThreadX, the _nx_secure_tls_process_clienthello() function was missing length verification of certain SSL/TLS client hello message: the ciphersuite length and…
CVE-2025-39998 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of…
CVE-2025-39996 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does…
CVE-2025-39995 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer…
CVE-2025-39994 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee…
CVE-2025-39993 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe…
CVE-2025-9967 2025-10-15 CRITICAL 9.8 The Orion SMS OTP Verification plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.7. This is due to…
CVE-2025-11728 2025-10-15 MEDIUM 5.3 The Oceanpayment CreditCard Gateway plugin for WordPress is vulnerable to unauthenticated and unauthorized modification of data due to missing authentication and capability checks on the 'return_payment' and 'notice_payment'…
CVE-2025-11722 2025-10-15 HIGH 7.5 The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode.…
CVE-2025-11701 2025-10-15 MEDIUM 5.3 The Zip Attachments plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check as well as missing post status validation in the…
CVE-2025-11692 2025-10-15 MEDIUM 5.3 The Zip Attachments plugin for WordPress is vulnerable to unauthorized loss of data due to a missing authorization and capability checks on the download.php file in all versions…
CVE-2025-11365 2025-10-15 MEDIUM 6.5 The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'google_map' shortcode in all versions up to, and…
CVE-2025-11196 2025-10-15 MEDIUM 4.3 The External Login plugin for WordPress is vulnerable to sensitive information exposure in all versions up to, and including, 1.11.2 due to the 'exlog_test_connection' AJAX action lacking capability…
CVE-2025-11177 2025-10-15 HIGH 7.5 The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on…
CVE-2025-10754 2025-10-15 HIGH 7.2 The DocoDoco Store Locator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up…
CVE-2025-10743 2025-10-15 HIGH 7.5 The Outdoor plugin for WordPress is vulnerable to SQL Injection via the 'edit' action in all versions up to, and including, 1.3.2 due to insufficient escaping on the…
CVE-2025-10730 2025-10-15 MEDIUM 6.5 The Wp tabber widget plugin for WordPress is vulnerable to SQL Injection via the 'wp-tabber-widget' shortcode in all versions up to, and including, 4.0 due to insufficient escaping…
CVE-2025-10682 2025-10-15 MEDIUM 6.5 The TARIFFUXX plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 1.4. This is due to insufficient neutralization of user-supplied input used directly…
CVE-2025-10660 2025-10-15 MEDIUM 6.5 The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping…
CVE-2025-10648 2025-10-15 MEDIUM 5.3 The YourMembership Single Sign On – YM SSO Login plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'moym_display_test_attributes'…
« Anterior Página 739 de 4304 Siguiente »