Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-23274 2025-09-24 MEDIUM 4.5 NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer…
CVE-2025-23273 2025-09-24 LOW 2.5 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvJPEG where a local authenticated user may cause a divide by zero error by submitting a specially crafted…
CVE-2025-23272 2025-09-24 MEDIUM 5.7 NVIDIA nvJPEG library contains a vulnerability where an attacker can cause an out-of-bounds read by means of a specially crafted JPEG file. A successful exploit of this vulnerability…
CVE-2025-23271 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-23255 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the cuobjdump binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-23248 2025-09-24 LOW 3.3 NVIDIA CUDA Toolkit for all platforms contains a vulnerability in the nvdisasm binary where a user may cause an out-of-bounds read by passing a malformed ELF file to…
CVE-2025-9353 2025-09-24 MEDIUM 6.4 The Themify Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 7.6.9 due to insufficient input sanitization…
CVE-2025-60020 2025-09-24 MEDIUM 6.4 nncp before 8.12.0 allows path traversal (for reading or writing) during freqing and file saving via a crafted path in packet data.
CVE-2025-10906 2025-09-24 HIGH 8.4 A flaw has been found in Magnetism Studios Endurance up to 3.3.0 on macOS. This affects the function loadModuleNamed:WithReply of the file /Applications/Endurance.app/Contents/Library/LaunchServices/com.MagnetismStudios.endurance.helper of the component NSXPC Interface.…
CVE-2025-9054 2025-09-24 CRITICAL 9.8 The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing…
CVE-2025-39890 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event Currently, in ath12k_service_ready_ext_event(), svc_rdy_ext.mac_phy_caps is not freed in the failure case,…
CVE-2025-39889 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: Check encryption key size on incoming connection This is required for passing GAP/SEC/SEM/BI-04-C PTS test case:…
CVE-2024-58241 2025-09-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about…
CVE-2025-58457 2025-09-24 MEDIUM 4.3 Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users…
CVE-2025-9031 2025-09-24 MEDIUM 4.3 Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
CVE-2025-41716 2025-09-24 MEDIUM 5.3 The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
CVE-2025-41715 2025-09-24 CRITICAL 9.8 The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
CVE-2025-58319 2025-09-24 HIGH 7.8 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context…
CVE-2025-58317 2025-09-24 HIGH 7.8 Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context…
CVE-2025-43819 2025-09-24 N/A 0.0 A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12…
CVE-2025-43779 2025-09-24 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote…
CVE-2025-58473 2025-09-23 MEDIUM 5.9 An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform…
CVE-2025-57882 2025-09-23 MEDIUM 5.9 An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform…
CVE-2025-55069 2025-09-23 HIGH 8.3 A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the…
CVE-2025-55038 2025-09-23 MEDIUM 6.8 An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users…
CVE-2025-59484 2025-09-23 HIGH 8.3 The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the…
CVE-2025-58069 2025-09-23 MEDIUM 5.3 The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains…
CVE-2025-54855 2025-09-23 MEDIUM 4.2 Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system,…
CVE-2024-21935 2025-09-23 MEDIUM 5.0 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially…
CVE-2024-21927 2025-09-23 MEDIUM 5.0 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like…
CVE-2025-59826 2025-09-23 HIGH 7.6 Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has…
CVE-2025-58354 2025-09-23 N/A 0.0 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and…
CVE-2025-56311 2025-09-23 N/A 0.0 In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious…
CVE-2025-59930 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59929 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59928 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59927 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59926 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59925 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59924 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2023-47538 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59825 2025-09-23 N/A 0.0 astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when…
CVE-2025-59822 2025-09-23 N/A 0.0 Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper…
CVE-2025-8282 2025-09-23 MEDIUM 6.1 The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform…
CVE-2025-57636 2025-09-23 N/A 0.0 OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
CVE-2025-54081 2025-09-23 MEDIUM 6.7 Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed…
CVE-2025-10548 2025-09-23 MEDIUM 6.5 The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a…
CVE-2024-4598 2025-09-23 MEDIUM 6.5 An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from…
CVE-2025-9900 2025-09-23 HIGH 8.8 A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large…
CVE-2025-59534 2025-09-23 HIGH 7.3 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
« Anterior Página 798 de 4304 Siguiente »