Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-39969 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in…
CVE-2025-39968 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can…
CVE-2025-39967 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow…
CVE-2025-39966 2025-10-15 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the…
CVE-2025-11501 2025-10-15 HIGH 7.5 The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'tax_query' parameter in all versions up to, and including, 1.1 due to insufficient escaping…
CVE-2025-11161 2025-10-15 MEDIUM 6.4 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vc_custom_heading shortcode in all versions up to, and including, 8.6.1. This is due…
CVE-2025-11160 2025-10-15 MEDIUM 6.4 The WPBakery Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom JS module in all versions up to, and including, 8.6.1. This is…
CVE-2025-8561 2025-10-15 MEDIUM 6.4 The Ova Advent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.1.7 due to insufficient input…
CVE-2025-6042 2025-10-15 HIGH 7.3 The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,…
CVE-2025-55080 2025-10-15 N/A 0.0 In Eclipse ThreadX before 6.4.3, when memory protection is enabled, syscall parameters verification wasn't enough, allowing an attacker to obtain an arbitrary memory read/write.
CVE-2025-31702 2025-10-15 MEDIUM 6.8 A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to…
CVE-2025-26861 2025-10-15 HIGH 7.8 RemoteCall Remote Support Program (for Operator) versions prior to 5.3.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with…
CVE-2025-26860 2025-10-15 HIGH 7.8 RemoteCall Remote Support Program (for Operator) versions prior to 5.1.0 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with…
CVE-2025-26859 2025-10-15 HIGH 7.8 RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected…
CVE-2025-11176 2025-10-15 MEDIUM 4.3 The Quick Featured Images plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 13.7.2 via the qfi_set_thumbnail and qfi_delete_thumbnail AJAX…
CVE-2025-55079 2025-10-15 N/A 0.0 In Eclipse ThreadX before version 6.4.3, the thread module has a setting of maximum priority. In some cases the check of that maximum priority wasn't performed, allowing, as…
CVE-2025-62448 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62447 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62446 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62445 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62444 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62443 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62442 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62441 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-62440 2025-10-15 N/A 0.0 Rejected reason: Not used
CVE-2025-11746 2025-10-15 HIGH 8.8 The XStore theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.5.4 via theet_ajax_required_plugins_popup() function. This makes it possible for authenticated…
CVE-2025-54278 2025-10-15 MEDIUM 5.5 Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2025-54268 2025-10-15 HIGH 7.8 Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2018-25117 2025-10-15 N/A 0.0 VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at…
CVE-2017-20205 2025-10-15 N/A 0.0 Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer…
CVE-2017-20204 2025-10-15 N/A 0.0 DBLTek GoIP devices (models GoIP 1, 4, 8, 16, and 32) contain an undocumented vendor backdoor in the Telnet administrative interface that allows remote authentication as an undocumented…
CVE-2011-10033 2025-10-15 N/A 0.0 The WordPress plugin is-human
CVE-2025-61804 2025-10-15 HIGH 7.8 Animate versions 23.0.13, 24.0.10 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-54279 2025-10-15 HIGH 7.8 Animate versions 23.0.13, 24.0.10 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-54270 2025-10-15 MEDIUM 5.5 Animate versions 23.0.13, 24.0.10 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2025-54269 2025-10-15 MEDIUM 5.5 Animate versions 23.0.13, 24.0.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive…
CVE-2025-59230 2025-10-14 HIGH 7.8 Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-24990 2025-10-14 HIGH 7.8 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal…
CVE-2025-62376 2025-10-14 N/A 0.0 pwn.college DOJO is an education platform for learning cybersecurity. In versions up to and including commit 781d91157cfc234a434d0bab45cbcf97894c642e, the /workspace endpoint contains an improper authentication vulnerability that allows an…
CVE-2025-61797 2025-10-14 MEDIUM 5.4 Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-61796 2025-10-14 MEDIUM 5.4 Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-54272 2025-10-14 MEDIUM 5.4 Adobe Experience Manager versions 11.6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-54196 2025-10-14 LOW 3.1 Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to…
CVE-2025-49553 2025-10-14 CRITICAL 9.3 Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute malicious scripts in a…
CVE-2025-49552 2025-10-14 HIGH 7.3 Adobe Connect versions 12.9 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a high-privileged attacker to execute malicious scripts in…
CVE-2025-54277 2025-10-14 MEDIUM 5.3 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures…
CVE-2025-54267 2025-10-14 MEDIUM 6.5 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security…
CVE-2025-54266 2025-10-14 MEDIUM 4.8 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker…
CVE-2025-54265 2025-10-14 MEDIUM 5.9 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures…
CVE-2025-54264 2025-10-14 HIGH 8.1 Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by…
« Anterior Página 741 de 4304 Siguiente »