Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54092 2025-09-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54091 2025-09-09 HIGH 7.8 Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53810 2025-09-09 MEDIUM 6.7 Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53809 2025-09-09 MEDIUM 6.5 Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2025-53808 2025-09-09 MEDIUM 6.7 Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53807 2025-09-09 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53806 2025-09-09 MEDIUM 6.5 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53805 2025-09-09 HIGH 7.5 Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.
CVE-2025-53804 2025-09-09 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-53803 2025-09-09 MEDIUM 5.5 Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-53802 2025-09-09 HIGH 7.0 Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53801 2025-09-09 HIGH 7.8 Untrusted pointer dereference in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-53800 2025-09-09 HIGH 7.8 No cwe for this issue in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53799 2025-09-09 MEDIUM 5.5 Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53798 2025-09-09 MEDIUM 6.5 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53797 2025-09-09 MEDIUM 6.5 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53796 2025-09-09 MEDIUM 6.5 Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53348 2025-09-09 MEDIUM 5.3 Missing Authorization vulnerability in Laborator Kalium. This issue affects Kalium: from n/a through 3.18.3.
CVE-2025-53340 2025-09-09 MEDIUM 5.3 Missing Authorization vulnerability in awesomesupport Awesome Support. This issue affects Awesome Support: from n/a through 6.3.4.
CVE-2025-53303 2025-09-09 HIGH 8.8 Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core allows Object Injection. This issue affects ThemeMove Core: from n/a through 1.4.2.
CVE-2025-53291 2025-09-09 MEDIUM 5.4 Missing Authorization vulnerability in spoddev2021 Spreadconnect. This issue affects Spreadconnect: from n/a through 2.1.5.
CVE-2025-49860 2025-09-09 MEDIUM 5.3 Missing Authorization vulnerability in Majestic Support Majestic Support. This issue affects Majestic Support: from n/a through 1.1.0.
CVE-2025-49734 2025-09-09 HIGH 7.0 Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-49692 2025-09-09 HIGH 7.8 Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-49430 2025-09-09 HIGH 7.2 Server-Side Request Forgery (SSRF) vulnerability in FWDesign Ultimate Video Player allows Server Side Request Forgery. This issue affects Ultimate Video Player: from n/a through 10.1.
CVE-2025-48101 2025-09-09 HIGH 8.8 Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1.
CVE-2025-47997 2025-09-09 MEDIUM 6.5 Concurrent execution using shared resource with improper synchronization ('race condition') in SQL Server allows an authorized attacker to disclose information over a network.
CVE-2025-47695 2025-09-09 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a…
CVE-2025-47694 2025-09-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in solwin Blog Designer PRO. This issue affects Blog Designer PRO: from n/a through 3.4.7.
CVE-2025-47579 2025-09-09 CRITICAL 9.0 Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2.
CVE-2025-47571 2025-09-09 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in highwarden Super Store Finder. This issue affects Super Store Finder: from n/a…
CVE-2025-47570 2025-09-09 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13.
CVE-2025-47569 2025-09-09 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized…
CVE-2025-47437 2025-09-09 MEDIUM 6.4 Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.
CVE-2025-39553 2025-09-09 MEDIUM 4.3 Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.
CVE-2025-39541 2025-09-09 MEDIUM 6.5 Missing Authorization vulnerability in Roland Murg WP Simple Booking Calendar. This issue affects WP Simple Booking Calendar: from n/a through 2.0.13.
CVE-2025-39523 2025-09-09 MEDIUM 4.7 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in GoodBarber GoodBarber. This issue affects GoodBarber: from n/a through 1.0.26.
CVE-2025-8712 2025-09-09 MEDIUM 5.4 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 22.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-8711 2025-09-09 MEDIUM 5.4 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix…
CVE-2025-55148 2025-09-09 HIGH 7.6 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-55147 2025-09-09 HIGH 8.8 CSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix…
CVE-2025-55146 2025-09-09 MEDIUM 4.9 An unchecked return value in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access…
CVE-2025-55145 2025-09-09 HIGH 8.9 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-55144 2025-09-09 MEDIUM 5.4 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-55143 2025-09-09 MEDIUM 6.1 Reflected text injection in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before…
CVE-2025-55142 2025-09-09 HIGH 8.8 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-55141 2025-09-09 HIGH 8.8 Missing authorization in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4…
CVE-2025-55139 2025-09-09 MEDIUM 6.8 SSRF in Ivanti Connect Secure before 22.7R2.9 or 22.8R2, Ivanti Policy Secure before 22.7R1.6, Ivanti ZTA Gateway before 2.8R2.3-723 and Ivanti Neurons for Secure Access before 22.8R1.4 (Fix…
CVE-2025-43776 2025-09-09 N/A 0.0 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0…
CVE-2025-10183 2025-09-09 CRITICAL 9.1 A blind XML External Entity (XXE) injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect…
« Anterior Página 849 de 4304 Siguiente »