Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-56515 2025-10-01 HIGH 8.8 File upload vulnerability in Fiora chat application 1.0.0 through user avatar upload functionality. The application fails to validate SVG file content, allowing malicious SVG files with embedded foreignObject…
CVE-2025-56514 2025-10-01 N/A 0.0 Cross Site Scripting (XSS) vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users.
CVE-2023-50301 2025-10-01 LOW 1.9 IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user.
CVE-2025-61045 2025-10-01 N/A 0.0 TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the mac parameter in the setEasyMeshAgentCfg function.
CVE-2025-61044 2025-10-01 N/A 0.0 TOTOLINK X18 V9.1.0cu.2053_B20230309 was discovered to contain a command injection vulnerability via the agentName parameter in the setEasyMeshAgentCfg function.
CVE-2025-9512 2025-10-01 MEDIUM 6.1 The Schema & Structured Data for WP & AMP WordPress plugin before 1.50 does not properly handles HTML tag attribute modifications, making it possible for unauthenticated attackers to…
CVE-2025-59687 2025-10-01 N/A 0.0 IMPAQTR Aurora before 1.36 allows Insecure Direct Object Reference attacks against the users list, organization details, bookmarks, and notifications of an arbitrary organization.
CVE-2025-59686 2025-10-01 N/A 0.0 Kazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.
CVE-2025-59685 2025-10-01 N/A 0.0 Kazaar 1.25.12 allows a JWT with none in the alg field.
CVE-2025-59684 2025-10-01 HIGH 8.8 DigiSign DigiSigner ONE 1.0.4.60 allows DLL Hijacking.
CVE-2025-57275 2025-10-01 N/A 0.0 Storage Performance Development Kit (SPDK) 25.05 is vulnerable to Buffer Overflow in the NVMe-oF target component in SPDK - lib/nvmf.
CVE-2025-52042 2025-10-01 HIGH 8.2 In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query…
CVE-2025-52041 2025-10-01 HIGH 8.2 In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-52040 2025-10-01 HIGH 8.2 In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL…
CVE-2025-52039 2025-10-01 HIGH 8.2 In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-24525 2025-09-30 HIGH 7.5 Keysight Ixia Vision has an issue with hardcoded cryptographic material which may allow an attacker to intercept or decrypt payloads sent to the device via API calls or…
CVE-2025-61622 2025-10-01 CRITICAL 9.8 Deserialization of untrusted data in python in pyfory versions 0.12.0 through 0.12.2, or the legacy pyfury versions from 0.1.0 through 0.10.3: allows arbitrary code execution. An application is vulnerable if it reads pyfory…
CVE-2025-41421 2025-10-01 MEDIUM 4.7 Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an…
CVE-2025-10847 2025-10-01 N/A 0.0 DX Unified Infrastructure Management (Nimsoft/UIM) and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write…
CVE-2023-53502 2025-10-01 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-40648 2025-10-01 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'numero_conferencia' parameter in…
CVE-2025-40647 2025-10-01 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in Issabel v5.0.0, consisting of a stored XSS due to a lack of proper validation of user input, through the 'email' parameter in…
CVE-2023-53532 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix deinitialization of firmware resources Currently, in ath11k_ahb_fw_resources_init(), iommu domain mapping is done only for the…
CVE-2023-53531 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: null_blk: fix poll request timeout handling When doing io_uring benchmark on /dev/nullb0, it's easy to crash the kernel…
CVE-2023-53530 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC{0}:…
CVE-2023-53529 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Fix memory leak in rtw88_usb Kmemleak shows the following leak arising from routine in the usb…
CVE-2023-53528 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If create_qp does not fully succeed it is possible for qp…
CVE-2023-53527 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix memory leak in tb_handle_dp_bandwidth_request() The memory allocated in tb_queue_dp_bandwidth_request() needs to be released once the request…
CVE-2023-53526 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: jbd2: check 'jh->b_transaction' before removing it from checkpoint Following process will corrupt ext4 image: Step 1: jbd2_journal_commit_transaction __jbd2_journal_insert_checkpoint(jh,…
CVE-2023-53525 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Allow UD qp_type to join multicast only As for multicast: - The SIDR is the only mode…
CVE-2023-53524 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf An integer overflow occurs in the iwl_write_to_user_buf() function, which is…
CVE-2023-53523 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: fix time stamp counter initialization If the gs_usb device driver is unloaded (or unbound) before the…
CVE-2023-53522 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: cgroup,freezer: hold cpu_hotplug_lock before freezer_mutex syzbot is reporting circular locking dependency between cpu_hotplug_lock and freezer_mutex, for commit f5d39b020809…
CVE-2023-53521 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() A fix for: BUG: KASAN: slab-out-of-bounds in ses_intf_remove+0x23f/0x270 [ses] Read of size…
CVE-2023-53520 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix hci_suspend_sync crash If hci_unregister_dev() frees the hci_dev object but hci_suspend_notifier may still be accessing it, it…
CVE-2023-53519 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver.…
CVE-2023-53518 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix leak in devfreq_dev_release() srcu_init_notifier_head() allocates resources that need to be released with a srcu_cleanup_notifier_head()…
CVE-2023-53517 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation,…
CVE-2023-53516 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: macvlan: add forgotten nla_policy for IFLA_MACVLAN_BC_CUTOFF The previous commit 954d1fa1ac93 ("macvlan: Add netlink attribute for broadcast cutoff") added…
CVE-2023-53515 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: don't break lifecycle of vm_dev vm_dev has a separate lifecycle because it has a 'struct device' embedded.…
CVE-2023-53514 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix memory leak of device names The device names allocated by dev_set_name() need be freed before…
CVE-2023-53513 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbd_ioctl arg without…
CVE-2023-53512 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix a memory leak Add a forgotten kfree().
CVE-2023-53511 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix fget leak when fs don't support nowait buffered read Heming reported a BUG when using io_uring…
CVE-2023-53510 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix handling of lrbp->cmd ufshcd_queuecommand() may be called two times in a row for a…
CVE-2023-53509 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: qed: allow sleep in qed_mcp_trace_dump() By default, qed_mcp_cmd_and_union() delays 10us at a time in a loop that can…
CVE-2023-53508 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ublk: fail to start device if queue setup is interrupted In ublk_ctrl_start_dev(), if wait_for_completion_interruptible() is interrupted by signal,…
CVE-2023-53507 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister devlink params in case interface is down Currently, in case an interface is down, mlx5 driver…
CVE-2023-53506 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: udf: Do not bother merging very long extents When merging very long extents we try to push as…
CVE-2023-53505 2025-10-01 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error…
« Anterior Página 779 de 4304 Siguiente »