Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-23355 2025-10-01 MEDIUM 6.7 NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may…
CVE-2025-23297 2025-10-01 HIGH 7.8 NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK…
CVE-2025-59538 2025-10-01 HIGH 7.5 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. For versions 2.9.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.6 and 3.0.17, when the webhook.azuredevops.username and webhook.azuredevops.password are…
CVE-2025-59537 2025-10-01 HIGH 7.5 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious…
CVE-2025-59531 2025-10-01 HIGH 7.5 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious…
CVE-2025-59337 2025-10-01 N/A 0.0 Discourse is an open-source community discussion platform. In versions 3.5.0 and below, malicious meta-commands could be embedded in a backup dump and executed during restore. In multisite setups,…
CVE-2025-59150 2025-10-01 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Version 8.0.0's usage of the tls.subjectaltname keyword…
CVE-2025-57389 2025-10-01 MEDIUM 5.4 A reflected cross-site scripted (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via…
CVE-2025-61855 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61854 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61853 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61852 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61851 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61850 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61849 2025-10-02 N/A 0.0 Rejected reason: Not used
CVE-2025-61189 2025-10-01 MEDIUM 6.3 Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. The endpoint is /sys/comment/addFile. This vulnerability allows attackers to upload files with system-whitelisted extensions to the…
CVE-2025-61188 2025-10-01 MEDIUM 6.3 Jeecgboot versions 3.8.2 and earlier are affected by a path traversal vulnerability. This vulnerability allows attackers to upload files with system-whitelisted extensions to the system directory /opt, instead…
CVE-2025-59149 2025-10-01 MEDIUM 6.2 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In version 8.0.0, rules using keyword ldap.responses.attribute_type…
CVE-2025-59148 2025-10-01 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 8.0.0 and below incorrectly handle the…
CVE-2025-59147 2025-10-01 HIGH 7.5 Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Versions 7.0.11 and below, as well as…
CVE-2025-58769 2025-10-01 LOW 3.3 auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not…
CVE-2025-57444 2025-10-01 MEDIUM 6.1 An authenticated cross-site scripting (XSS) vulnerability in the Administrative interface of Radware AlteonOS Web UI Management v33.0.4.50 allows attackers to execute arbitrary web scripts or HTML via injecting…
CVE-2025-56588 2025-10-01 HIGH 8.8 Dolibarr ERP & CRM v21.0.1 were discovered to contain a remote code execution (RCE) vulnerability in the User module configuration via the computed field parameter.
CVE-2025-43718 2025-10-01 MEDIUM 5.4 Poppler 24.06.1 through 25.x before 25.04.0 allows stack consumption and a SIGSEGV via deeply nested structures within the metadata (such as GTS_PDFEVersion) of a PDF document, e.g., a…
CVE-2025-59682 2025-10-01 LOW 3.1 An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract() function, used by the "startapp --template" and "startproject --template" commands,…
CVE-2025-60991 2025-10-01 HIGH 8.8 A reflected cross-site scripted (XSS) vulnerability in Codazon Magento Themes v1.1.0.0 to v2.4.7 allows attackers to execute arbitrary Javascript in the context of a user's browser via a…
CVE-2025-59681 2025-10-01 HIGH 7.1 An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column…
CVE-2025-58055 2025-10-01 MEDIUM 4.3 Discourse is an open-source community discussion platform. In versions 3.5.0 and below, the Discourse AI suggestion endpoints for topic “Title”, “Category”, and “Tags” allowed authenticated users to extract…
CVE-2025-58054 2025-10-01 LOW 3.5 Discourse is an open-source community discussion platform. Versions 3.5.0 and below are vulnerable to XSS attacks through parsing and rendering of chat channel titles and chat thread titles…
CVE-2025-46205 2025-10-01 HIGH 8.1 A heap-use-after free in the PdfTokenizer::ReadDictionary function of podofo v0.10.0 to v0.10.5 allows attackers to cause a Denial of Service (DoS) via supplying a crafted PDF file.
CVE-2025-28357 2025-10-01 HIGH 8.8 A CRLF injection vulnerability in Neto CMS v6.313.0 through v6.314.0 allows attackers to execute arbitrary code via supplying a crafted HTTP request.
CVE-2025-10578 2025-10-01 N/A 0.0 A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges…
CVE-2024-57494 2025-10-01 MEDIUM 6.5 Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter.
CVE-2025-8679 2025-10-01 N/A 0.0 In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an…
CVE-2025-57393 2025-10-01 HIGH 8.8 A stored cross-site scripting (XSS) in Kissflow Work Platform Kissflow Application Versions 7337 Account v2.0 to v4.2vallows attackers to execute arbitrary web scripts or HTML via injecting a…
CVE-2025-61596 2025-10-01 N/A 0.0 Rejected reason: This is a fork and is not in the Rust registry.
CVE-2025-34182 2025-10-01 N/A 0.0 In Deciso OPNsense before 25.7.4, when creating an "Interfaces: Devices: Point-to-Point" entry, the value of the parameter ptpid is not sanitized of HTML-related characters/strings. This value is directly…
CVE-2025-20371 2025-10-01 HIGH 7.5 In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side…
CVE-2025-20370 2025-10-01 MEDIUM 4.9 In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains…
CVE-2025-20369 2025-10-01 MEDIUM 4.6 In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the…
CVE-2025-20368 2025-10-01 MEDIUM 5.7 In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the…
CVE-2025-20367 2025-10-01 MEDIUM 5.7 In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin'…
CVE-2025-20366 2025-10-01 MEDIUM 6.5 In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin…
CVE-2025-20361 2025-10-01 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an…
CVE-2025-20357 2025-10-01 MEDIUM 5.4 A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of…
CVE-2025-20356 2025-10-01 MEDIUM 5.4 A vulnerability in the web-based management interface of Cisco Cyber Vision Center could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of…
CVE-2025-11233 2025-10-01 N/A 0.0 Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, causing the standard library's Path API to ignore path…
CVE-2023-50300 2025-10-01 MEDIUM 5.1 IBM Transformation Extender Advanced 10.0.1 could allow a local user to perform unauthorized actions due to improper access controls.
CVE-2023-49883 2025-10-01 MEDIUM 5.9 IBM Transformation Extender Advanced 10.0.1 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVE-2023-49881 2025-10-01 MEDIUM 6.3 IBM Transformation Extender Advanced 10.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
« Anterior Página 778 de 4304 Siguiente »