Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-0009 2025-09-06 MEDIUM 5.5 A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and…
CVE-2024-36354 2025-09-06 HIGH 7.5 Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control…
CVE-2024-36352 2025-09-06 HIGH 8.4 Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.
CVE-2024-36346 2025-09-06 MEDIUM 6.0 Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition.
CVE-2024-36342 2025-09-06 HIGH 8.8 Improper input validation in the GPU driver could allow an attacker to exploit a heap overflow potentially resulting in arbitrary code execution.
CVE-2024-36331 2025-09-06 LOW 3.2 Improper initialization of CPU cache memory could allow a privileged attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity.
CVE-2024-36326 2025-09-06 HIGH 8.4 Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and…
CVE-2024-21970 2025-09-06 MEDIUM 4.4 Improper validation of an array index in the AND power Management Firmware could allow a privileged attacker to corrupt AGESA memory potentially leading to a loss of integrity.
CVE-2024-21947 2025-09-06 HIGH 7.5 Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
CVE-2023-31365 2025-09-06 LOW 3.9 An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity…
CVE-2023-31351 2025-09-06 MEDIUM 5.3 Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity.
CVE-2023-31330 2025-09-06 LOW 2.5 An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.
CVE-2023-31326 2025-09-06 LOW 2.8 Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of…
CVE-2023-31325 2025-09-06 HIGH 7.2 Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of…
CVE-2023-31322 2025-09-06 HIGH 8.7 Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a…
CVE-2023-31306 2025-09-06 LOW 3.3 Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting…
CVE-2023-20516 2025-09-06 LOW 3.3 Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
CVE-2021-46750 2025-09-06 LOW 3.0 Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in…
CVE-2021-26377 2025-09-06 MEDIUM 4.1 Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential…
CVE-2025-10034 2025-09-06 HIGH 8.8 A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results…
CVE-2025-10033 2025-09-06 HIGH 7.3 A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to…
CVE-2025-10032 2025-09-06 MEDIUM 4.3 A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument…
CVE-2025-10031 2025-09-06 HIGH 7.3 A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument…
CVE-2025-10030 2025-09-06 HIGH 7.3 A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument…
CVE-2025-10029 2025-09-06 LOW 3.5 A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument…
CVE-2025-9961 2025-09-06 N/A 0.0 An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.  The exploit can only be conducted via a Man-In-The-Middle (MITM)…
CVE-2025-10046 2025-09-06 MEDIUM 4.9 The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3…
CVE-2025-10028 2025-09-06 LOW 3.5 A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads…
CVE-2025-6757 2025-09-06 MEDIUM 6.4 The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due…
CVE-2025-9493 2025-09-06 MEDIUM 6.4 The Admin Menu Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘placeholder’ parameter in all versions up to, and including, 1.14 due to insufficient…
CVE-2025-9442 2025-09-06 MEDIUM 6.4 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘vodsChannel’ parameter in all versions up to, and including, 1.1.5 due to insufficient…
CVE-2025-9126 2025-09-06 MEDIUM 6.4 The Smart Table Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.0.1 due to insufficient…
CVE-2025-8722 2025-09-06 MEDIUM 6.4 The Content Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid and List widgets in all versions up to, and including, 4.1 due…
CVE-2025-8564 2025-09-06 MEDIUM 6.4 The SKT Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.7 due to insufficient…
CVE-2025-8149 2025-09-06 MEDIUM 6.4 The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due…
CVE-2025-7045 2025-09-06 MEDIUM 6.5 The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in…
CVE-2025-7040 2025-09-06 HIGH 8.2 The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function…
CVE-2025-9853 2025-09-06 MEDIUM 6.4 The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient…
CVE-2025-9515 2025-09-06 HIGH 7.2 The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to,…
CVE-2025-9085 2025-09-06 MEDIUM 4.9 The User Registration & Membership plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in version 4.3.0. This is due to insufficient escaping on the…
CVE-2025-8360 2025-09-06 MEDIUM 6.4 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of the plugin's widgets in all versions up to, and including,…
CVE-2025-8359 2025-09-06 CRITICAL 9.8 The AdForest theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 6.0.9. This is due to the plugin not properly verifying a…
CVE-2025-58912 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58911 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58910 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58909 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58908 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58907 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58906 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58905 2025-09-06 N/A 0.0 Rejected reason: Not used
« Anterior Página 854 de 4304 Siguiente »