Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-53278 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in ubifs_sysfs_init() When insmod ubifs.ko, a kmemleak reported as below: unreferenced object 0xffff88817fb1a780 (size…
CVE-2023-53277 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: iwl3945: Add missing check for create_singlethread_workqueue Add the check for the return value of the create_singlethread_workqueue in…
CVE-2023-53276 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates…
CVE-2023-53275 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() The variable codec->regmap is often…
CVE-2023-53274 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, the SSPM related…
CVE-2023-53273 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Drivers: vmbus: Check for channel allocation before looking up relids relid2channel() assumes vmbus channel array to be allocated…
CVE-2023-53272 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances occasionally reset. Once recently logged…
CVE-2023-53271 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak:…
CVE-2023-53270 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_disksize exceeding i_size problem in paritally written case It is possible for i_disksize can exceed i_size,…
CVE-2023-53269 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for…
CVE-2023-53268 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put() to the correct location of_node_put() should have been done directly after mqs_priv->regmap = syscon_node_to_regmap(gpr_np);…
CVE-2023-53267 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() The kfree() should be called when memory fails to be…
CVE-2023-53266 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version…
CVE-2023-53265 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size
CVE-2023-53264 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imxrt1050: fix memory leak in imxrt1050_clocks_probe Use devm_of_iomap() instead of of_iomap() to automatically handle the unused…
CVE-2023-53263 2025-09-16 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create We can't simply free the connector after calling drm_connector_init on…
CVE-2025-9808 2025-09-16 MEDIUM 5.3 The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible…
CVE-2025-59453 2025-09-16 LOW 3.2 Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page,…
CVE-2025-59437 2025-09-16 LOW 3.2 The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this…
CVE-2025-59436 2025-09-16 LOW 3.2 The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this…
CVE-2025-43357 2025-09-15 N/A 0.0 This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able…
CVE-2025-43353 2025-09-15 N/A 0.0 The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may…
CVE-2025-6999 2025-09-15 N/A 0.0 An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site…
CVE-2025-6947 2025-09-15 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires…
CVE-2025-43802 2025-09-15 N/A 0.0 Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through…
CVE-2025-43797 2025-09-15 N/A 0.0 In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the…
CVE-2025-59145 2025-09-15 N/A 0.0 color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was…
CVE-2025-59056 2025-09-15 N/A 0.0 FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function…
CVE-2025-55211 2025-09-15 N/A 0.0 FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously…
CVE-2025-43799 2025-09-15 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and…
CVE-2025-43798 2025-09-15 N/A 0.0 Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times…
CVE-2025-10477 2025-09-15 MEDIUM 6.3 A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads…
CVE-2025-59332 2025-09-15 HIGH 8.6 3DAlloy is a lightWeight 3D-viewer for MediaWiki. From 1.0 through 1.8, the parser tag and the {{#3d}} parser function allow users to provide custom attributes that are then…
CVE-2025-59331 2025-09-15 N/A 0.0 is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack.…
CVE-2025-59330 2025-09-15 N/A 0.0 error-ex allows error subclassing and stack customization. On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published,…
CVE-2025-59162 2025-09-15 N/A 0.0 color-convert provides plain color conversion functions in JavaScript. On 8 September 2025, the npm publishing account for color-convert was taken over after a phishing attack. Version 3.1.1 was…
CVE-2025-59154 2025-09-15 MEDIUM 5.9 Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s SASL EXTERNAL mechanism for client TLS authentication contains a vulnerability in how it extracts user…
CVE-2025-59144 2025-09-15 N/A 0.0 debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally…
CVE-2025-59143 2025-09-15 N/A 0.0 color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1…
CVE-2025-59142 2025-09-15 N/A 0.0 color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version…
CVE-2025-59141 2025-09-15 N/A 0.0 simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to…
CVE-2025-59140 2025-09-15 N/A 0.0 backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally…
CVE-2025-56448 2025-09-15 MEDIUM 6.8 The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does…
CVE-2025-45091 2025-09-15 MEDIUM 5.4 Seafile versions 11.0.18-Pro, 12.0.10, and 12.0.10-Pro are vulnerable to a stored Cross-Site Scripting (XSS) attack. An authenticated attacker can exploit this vulnerability by modifying their username to include…
CVE-2025-10475 2025-09-15 MEDIUM 5.5 A weakness has been identified in SpyShelter up to 15.4.0.1015. Affected is an unknown function in the library SpyShelter.sys of the component IOCTL Handler. This manipulation causes denial…
CVE-2025-59399 2025-09-15 LOW 3.1 libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
CVE-2025-59398 2025-09-15 LOW 3.1 The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString object is created with…
CVE-2025-43800 2025-09-15 N/A 0.0 Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers…
CVE-2025-10472 2025-09-15 MEDIUM 5.3 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The…
CVE-2025-52344 2025-09-15 MEDIUM 6.1 Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name…
« Anterior Página 829 de 4304 Siguiente »