Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58904 2025-09-06 N/A 0.0 Rejected reason: Not used
CVE-2025-58437 2025-09-06 HIGH 8.1 Coder allows organizations to provision remote development environments via Terraform. In versions 2.22.0 through 2.24.3, 2.25.0 and 2.25.1, Coder can be compromised through insecure session handling in prebuilt…
CVE-2025-58374 2025-09-06 HIGH 7.8 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need…
CVE-2025-10003 2025-09-06 MEDIUM 6.5 The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘upload_file_remove’…
CVE-2025-9849 2025-09-06 MEDIUM 5.3 The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due…
CVE-2025-7368 2025-09-06 MEDIUM 5.3 The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the…
CVE-2025-7366 2025-09-06 HIGH 7.3 The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7.…
CVE-2025-6067 2025-09-06 MEDIUM 6.4 The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext`…
CVE-2025-58439 2025-09-06 HIGH 8.1 ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable…
CVE-2025-58375 2025-09-06 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2021-26383 2025-09-06 HIGH 7.9 Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of…
CVE-2025-58373 2025-09-05 MEDIUM 5.5 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks.…
CVE-2025-58372 2025-09-05 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace)…
CVE-2025-58371 2025-09-05 N/A 0.0 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a…
CVE-2025-58370 2025-09-05 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter…
CVE-2025-58369 2025-09-05 MEDIUM 5.3 fs2 is a compositional, streaming I/O library for Scala. Versions 3.12.2 and lower and 3.13.0-M1 through 3.13.0-M6 is vulnerable to denial of service attacks though TLS sessions using…
CVE-2025-58367 2025-09-05 N/A 0.0 DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor,…
CVE-2025-58366 2025-09-05 N/A 0.0 Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances…
CVE-2025-57807 2025-09-05 LOW 3.8 ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset…
CVE-2025-10027 2025-09-05 LOW 3.5 A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the…
CVE-2025-53791 2025-09-05 MEDIUM 4.7 Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-10061 2025-09-05 MEDIUM 6.5 An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator…
CVE-2025-10060 2025-09-05 MEDIUM 6.5 MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may…
CVE-2025-10059 2025-09-05 MEDIUM 6.5 An improper setting of the lsid field on any sharded query can cause a crash in MongoDB routers. This issue occurs when a generic argument (lsid) is provided…
CVE-2025-9566 2025-09-05 HIGH 8.1 There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap…
CVE-2025-10044 2025-09-05 MEDIUM 4.3 A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the error_description query parameter. This text is directly rendered in error pages…
CVE-2025-10043 2025-09-05 LOW 2.7 A path traversal validation flaw exists in Keycloak’s vault key handling on Windows. The previous fix for CVE-2024-10492 did not account for the Windows file separator (\). As…
CVE-2025-10026 2025-09-05 LOW 3.5 A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/-complex_header.php. The manipulation of the…
CVE-2025-10025 2025-09-05 HIGH 7.3 A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to…
CVE-2025-10013 2025-09-05 MEDIUM 6.3 A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack…
CVE-2025-10012 2025-09-05 MEDIUM 6.3 A security vulnerability has been detected in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file educar_historico_escolar_lst.php. Such manipulation of the argument…
CVE-2025-10011 2025-09-05 MEDIUM 6.3 A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID…
CVE-2025-9057 2025-09-05 MEDIUM 6.4 The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output…
CVE-2025-35452 2025-09-05 CRITICAL 9.8 PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
CVE-2025-35451 2025-09-05 CRITICAL 9.8 PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces.…
CVE-2025-26419 2025-09-04 LOW 3.3 In initPhoneSwitch of SystemSettingsFragment.java, there is a possible FRP bypass due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-26431 2025-09-04 HIGH 7.8 In setupAccessibilityServices of AccessibilityFragment.java, there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to local…
CVE-2025-9709 2025-09-05 N/A 0.0 On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection…
CVE-2025-39726 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response…
CVE-2025-39725 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list In shrink_folio_list(), the hwpoisoned folio may be large folio, which…
CVE-2025-39724 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: serial: 8250: fix panic due to PSLVERR When the PSLVERR_RESP_EN parameter is set to 1, the device generates…
CVE-2025-39723 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest…
CVE-2025-48524 2025-09-04 MEDIUM 5.5 In isSystem of WifiPermissionsUtil.java, there is a possible permission bypass due to a missing permission check. This could lead to local denial of service with no additional execution…
CVE-2025-39722 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP Since the CAAM on these SoCs is…
CVE-2025-39721 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT…
CVE-2025-39720 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix refcount leak causing resource not released When ksmbd_conn_releasing(opinfo->conn) returns true,the refcount was not decremented properly, causing…
CVE-2025-39719 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate…
CVE-2025-39718 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skb_put() When receiving a vsock packet in the guest, only the…
CVE-2025-39717 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE As described in commit 7a54947e727b ('Merge patch series "fs: allow…
CVE-2025-39716 2025-09-05 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: parisc: Revise __get_user() to probe user read access Because of the way read access support is implemented, read…
« Anterior Página 855 de 4304 Siguiente »