Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54245 2025-09-09 HIGH 7.8 Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-54244 2025-09-09 HIGH 7.8 Substance3D - Viewer versions 0.25.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-54243 2025-09-09 HIGH 7.8 Substance3D - Viewer versions 0.25.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-54241 2025-09-09 MEDIUM 5.5 After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue…
CVE-2025-54240 2025-09-09 MEDIUM 5.5 After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue…
CVE-2025-54239 2025-09-09 MEDIUM 5.5 After Effects versions 25.3, 24.6.7 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure, potentially disclosing sensitive information. Exploitation of this issue…
CVE-2025-43491 2025-09-09 N/A 0.0 A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
CVE-2025-34178 2025-09-09 N/A 0.0 In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker…
CVE-2025-34177 2025-09-09 N/A 0.0 In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker…
CVE-2025-34176 2025-09-09 N/A 0.0 In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While…
CVE-2025-23344 2025-09-09 HIGH 7.3 The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful exploit of this…
CVE-2025-23343 2025-09-09 HIGH 7.6 The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information…
CVE-2025-23342 2025-09-09 HIGH 8.2 The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this vulnerability may lead…
CVE-2025-10159 2025-09-09 CRITICAL 9.8 An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
CVE-2025-9111 2025-09-09 MEDIUM 6.1 The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to…
CVE-2025-8889 2025-09-09 MEDIUM 6.5 The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server…
CVE-2025-58762 2025-09-09 CRITICAL 9.1 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the `pms_image_proxy` endpoint…
CVE-2025-58760 2025-09-09 HIGH 8.6 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `/image` API endpoint in Tautulli v2.15.3 and earlier is vulnerable to path traversal, allowing…
CVE-2025-58759 2025-09-09 MEDIUM 5.1 TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to…
CVE-2025-58758 2025-09-09 MEDIUM 5.1 TinyEnv is an environment variable loader for PHP applications. In versions 1.0.1, 1.0.2, 1.0.9, and 1.0.10, TinyEnv did not require the `.env` file to exist when loading environment…
CVE-2025-58753 2025-09-09 N/A 0.0 Copyparty is a portable file server. In versions prior to 1.19.8, there was a missing permission-check in the shares feature (the `shr` global-option). When a share was created…
CVE-2025-58442 2025-09-09 MEDIUM 5.3 Saleor is an e-commerce platform. Starting in version 3.21.0 and prior to version 3.21.16, requesting certain fields in the response of `accountRegister` may result in errors that could…
CVE-2025-58435 2025-09-09 N/A 0.0 Open OnDemand is an open-source HPC portal. Prior to versions 3.1.15 and 4.0.7, noVNC interactive applications did not correctly rotate the password when TurboVNC was higher than version…
CVE-2025-58180 2025-09-09 N/A 0.0 OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a…
CVE-2025-55054 2025-09-09 MEDIUM 6.1 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55053 2025-09-09 MEDIUM 6.5 CWE-328: Use of Weak Hash
CVE-2025-54257 2025-09-09 HIGH 7.8 Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-53914 2025-09-09 N/A 0.0 Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
CVE-2025-53913 2025-09-09 N/A 0.0 Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
CVE-2025-47415 2025-09-09 N/A 0.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001.…
CVE-2025-43786 2025-09-09 N/A 0.0 Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA…
CVE-2025-36125 2025-09-09 MEDIUM 6.4 IBM Hardware Management Console - Power 10.3.1050.0 and 11.1.1110.0 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the…
CVE-2025-36011 2025-09-09 MEDIUM 4.3 IBM Jazz for Service Management 1.1.3.0 through 1.1.3.24 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie…
CVE-2025-34175 2025-09-09 N/A 0.0 In pfSense CE /usr/local/www/suricata/suricata_filecheck.php, the value of the filehash parameter is directly displayed without sanitizing for HTML-related characters/strings. This can result in reflected cross-site scripting if the victim is…
CVE-2025-34174 2025-09-09 N/A 0.0 In pfSense CE /usr/local/www/status_traffic_totals.php, the value of the start-day parameter is not ensured to be a numeric value or sanitized of HTML-related characters/strings before being directly displayed in the…
CVE-2025-34173 2025-09-09 N/A 0.0 In pfSense CE /usr/local/www/snort/snort_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related characters/strings before being used to check if a file exists. While the contents…
CVE-2025-34172 2025-09-09 N/A 0.0 In pfSense CE /usr/local/www/haproxy/haproxy_stats.php, the value of the showsticktablecontent parameter is displayed after being read from HTTP GET requests. This can enable reflected cross-site scripting when the victim is…
CVE-2025-5005 2025-09-09 HIGH 7.3 A vulnerability was detected in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. This affects an unknown function of the file crm/WeiXinApp/dingtalk/index_event.php. The manipulation of the argument…
CVE-2025-57278 2025-09-09 N/A 0.0 The LB-Link BL-CPE300M AX300 4G LTE Router firmware version BL-R8800_B10_ALK_SL_V01.01.02P42U14_06 does not implement proper session handling. After a user authenticates from a specific IP address, the router grants…
CVE-2025-55730 2025-09-09 CRITICAL 10.0 XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55729 2025-09-09 CRITICAL 10.0 XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55728 2025-09-09 CRITICAL 10.0 XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5, missing escaping of the…
CVE-2025-55052 2025-09-09 MEDIUM 4.3 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-55051 2025-09-09 CRITICAL 10.0 CWE-1392: Use of Default Credentials
CVE-2025-55050 2025-09-09 CRITICAL 9.8 CWE-1242: Inclusion of Undocumented Features
CVE-2025-55048 2025-09-09 CRITICAL 9.8 Multiple CWE-78
CVE-2025-55047 2025-09-09 HIGH 8.4 CWE-798 Use of Hard-coded Credentials
CVE-2025-54256 2025-09-09 HIGH 8.6 Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-54242 2025-09-09 HIGH 7.8 Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43781 2025-09-09 N/A 0.0 Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to…
« Anterior Página 846 de 4304 Siguiente »