Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-10742 2025-10-16 CRITICAL 9.8 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled…
CVE-2025-10706 2025-10-16 HIGH 8.8 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and…
CVE-2025-58778 2025-10-16 HIGH 7.2 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the…
CVE-2025-0275 2025-10-16 MEDIUM 5.3 HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal…
CVE-2025-11814 2025-10-16 MEDIUM 6.4 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output…
CVE-2025-0274 2025-10-16 MEDIUM 5.3 HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access…
CVE-2025-10700 2025-10-16 MEDIUM 4.3 The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to…
CVE-2025-62580 2025-10-16 HIGH 7.8 ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-62579 2025-10-16 HIGH 7.8 ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-11683 2025-10-16 MEDIUM 6.5 YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows…
CVE-2025-62375 2025-10-15 N/A 0.0 go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2…
CVE-2025-11619 2025-10-15 HIGH 8.8 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.
CVE-2025-11568 2025-10-15 MEDIUM 4.4 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this…
CVE-2025-11832 2025-10-15 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-62410 2025-10-15 N/A 0.0 In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still…
CVE-2025-62382 2025-10-15 HIGH 7.7 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any…
CVE-2025-62381 2025-10-15 N/A 0.0 sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can…
CVE-2025-62371 2025-10-15 HIGH 7.4 OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all…
CVE-2025-55039 2025-10-15 MEDIUM 6.5 This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication…
CVE-2025-56749 2025-10-15 CRITICAL 9.4 Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading…
CVE-2025-56748 2025-10-15 MEDIUM 6.4 Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid…
CVE-2025-62380 2025-10-15 N/A 0.0 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with…
CVE-2025-62378 2025-10-15 MEDIUM 6.1 CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName…
CVE-2025-58133 2025-10-15 MEDIUM 5.3 Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-58132 2025-10-15 MEDIUM 4.1 Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2025-54271 2025-10-15 MEDIUM 5.6 Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker…
CVE-2025-20360 2025-10-15 MEDIUM 5.8 Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine…
CVE-2025-20359 2025-10-15 MEDIUM 6.5 Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the disclosure of possible sensitive…
CVE-2025-20351 2025-10-15 MEDIUM 6.1 A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software…
CVE-2025-20350 2025-10-15 HIGH 7.5 A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software…
CVE-2025-20329 2025-10-15 MEDIUM 4.9 A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear…
CVE-2025-10577 2025-10-15 N/A 0.0 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is…
CVE-2025-10576 2025-10-15 N/A 0.0 Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. HP is…
CVE-2025-62379 2025-10-15 LOW 3.1 Reflex is a library to build full-stack web apps in pure Python. In versions 0.5.4 through 0.8.14, the /auth-codespace endpoint automatically assigns the redirect_to query parameter value directly…
CVE-2025-62370 2025-10-15 HIGH 7.5 Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloy_dyn_abi::TypedData could lead to…
CVE-2025-61990 2025-10-15 HIGH 7.5 When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End…
CVE-2025-61935 2025-10-15 HIGH 7.5 When a BIG IP Advanced WAF or ASM security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.  Note: Software versions which…
CVE-2025-61933 2025-10-15 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of BIG-IP APM that allows an attacker to run JavaScript in the context of the targeted logged-out…
CVE-2025-59419 2025-10-15 N/A 0.0 Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to…
CVE-2025-58071 2025-10-15 HIGH 7.5 When IPsec is configured on the BIG-IP system, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support…
CVE-2025-57780 2025-10-15 HIGH 8.8 A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker…
CVE-2025-53860 2025-10-15 MEDIUM 4.1 A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions…
CVE-2025-2529 2025-10-15 LOW 2.9 Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
CVE-2025-56746 2025-10-15 LOW 2.2 Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by predetermining…
CVE-2025-9548 2025-10-15 MEDIUM 5.5 A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
CVE-2025-8486 2025-10-15 HIGH 7.8 A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
CVE-2025-6026 2025-10-15 LOW 3.1 An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application…
CVE-2025-55083 2025-10-15 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
CVE-2025-10699 2025-10-15 MEDIUM 5.3 A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
CVE-2025-10581 2025-10-15 HIGH 7.8 A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with…
« Anterior Página 77 de 3643 Siguiente »