Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58787 2025-09-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Popup allows Stored XSS. This issue affects Themify Popup: from n/a through 1.4.4.
CVE-2025-58786 2025-09-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VW THEMES Ibtana – Ecommerce Product Addons allows DOM-Based XSS. This issue affects Ibtana – Ecommerce…
CVE-2025-58785 2025-09-05 MEDIUM 5.4 Missing Authorization vulnerability in jbhovik Ray Enterprise Translation allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ray Enterprise Translation: from n/a through 1.7.1.
CVE-2025-58784 2025-09-05 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arisoft ARI Fancy Lightbox allows Stored XSS. This issue affects ARI Fancy Lightbox: from n/a through…
CVE-2025-58783 2025-09-05 MEDIUM 4.3 Missing Authorization vulnerability in gutentor Gutentor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Gutentor: from n/a through 3.5.1.
CVE-2024-21977 2025-09-05 LOW 3.2 Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for…
CVE-2025-58313 2025-09-05 MEDIUM 5.1 Race condition vulnerability in the device standby module. Impact: Successful exploitation of this vulnerability may cause feature exceptions of the device standby module.
CVE-2025-58296 2025-09-05 HIGH 7.5 Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-58281 2025-09-05 HIGH 8.4 Out-of-bounds read vulnerability in the runtime interpreter module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58280 2025-09-05 HIGH 8.4 Vulnerability of exposing object heap addresses in the Ark eTS module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58276 2025-09-05 MEDIUM 6.8 Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-48395 2025-09-05 MEDIUM 4.7 An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security…
CVE-2025-8944 2025-09-05 MEDIUM 4.3 The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated…
CVE-2025-58400 2025-09-05 MEDIUM 6.7 RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the…
CVE-2025-55671 2025-09-05 HIGH 7.8 Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the…
CVE-2025-55037 2025-09-05 CRITICAL 9.8 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary…
CVE-2025-41408 2025-09-05 MEDIUM 4.3 Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user…
CVE-2025-58401 2025-09-05 MEDIUM 6.8 Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github…
CVE-2025-8684 2025-09-05 MEDIUM 6.4 The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization…
CVE-2025-9990 2025-09-05 HIGH 8.1 The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. This makes it…
CVE-2025-7445 2025-09-05 MEDIUM 6.5 Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.
CVE-2025-58362 2025-09-05 HIGH 7.5 Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow…
CVE-2025-58359 2025-09-05 N/A 0.0 ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). In versions 2.0.0 through 2.1.0, refresh shares with smaller min_signers will reduce security of group.…
CVE-2025-58352 2025-09-05 N/A 0.0 Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry…
CVE-2025-58179 2025-09-05 HIGH 7.2 Astro is a web framework for content-driven websites. Versions 11.0.3 through 12.6.5 are vulnerable to SSRF when using Astro's Cloudflare adapter. When configured with output: 'server' while using…
CVE-2025-55739 2025-09-05 N/A 0.0 api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and…
CVE-2025-55305 2025-09-04 MEDIUM 6.1 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6,…
CVE-2025-55244 2025-09-04 CRITICAL 9.0 Azure Bot Service Elevation of Privilege Vulnerability
CVE-2025-55242 2025-09-04 MEDIUM 6.5 Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
CVE-2025-55241 2025-09-04 CRITICAL 9.0 Azure Entra Elevation of Privilege Vulnerability
CVE-2025-55238 2025-09-04 HIGH 7.5 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
CVE-2025-55209 2025-09-04 N/A 0.0 contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0…
CVE-2025-55190 2025-09-04 CRITICAL 9.9 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens…
CVE-2025-54914 2025-09-04 CRITICAL 10.0 Azure Networking Elevation of Privilege Vulnerability
CVE-2025-58361 2025-09-04 CRITICAL 9.3 Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled…
CVE-2025-58353 2025-09-04 HIGH 8.2 Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi,…
CVE-2025-32322 2025-09-04 HIGH 7.8 In onCreate of MediaProjectionPermissionActivity.java , there is a possible way to grant a malicious app a token enabling unauthorized screen recording capabilities due to improper input validation. This…
CVE-2025-26439 2025-09-04 HIGH 7.8 In getComponentName of AccessibilitySettingsUtils.java, there is a possible way to for a malicious Talkback service to be enabled instead of the system component due to a logic error…
CVE-2025-22415 2025-09-04 MEDIUM 4.0 In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional…
CVE-2025-22414 2025-09-04 HIGH 7.8 In FrpBypassAlertActivity of FrpBypassAlertActivity.java, there is a possible way to bypass FRP due to a missing permission check. This could lead to local escalation of privilege with no…
CVE-2024-49731 2025-09-04 MEDIUM 4.0 In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the…
CVE-2024-40664 2025-09-04 MEDIUM 6.2 In setupAccessibilityServices of AccessibilityFragment.java , there is a possible way to hide an enabled accessibility service due to a logic error in the code. This could lead to…
CVE-2025-48581 2025-09-04 CRITICAL 9.8 In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates through mainline installations due to a logic error in the code. This could lead to…
CVE-2025-48563 2025-09-04 HIGH 7.8 In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional…
CVE-2025-48562 2025-09-04 N/A 0.0 In writeContent of RemotePrintDocument.java, there is a possible information disclosure due to a logic error. This could lead to local information disclosure with no additional execution privileges needed.…
CVE-2025-48561 2025-09-04 N/A 0.0 In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. This could lead to local information disclosure…
CVE-2025-48560 2025-09-04 MEDIUM 5.5 In AndroidManifest.xml, there is a possible way for an app to monitor motion events due to a confused deputy. This could lead to local information disclosure with no…
CVE-2025-48559 2025-09-04 MEDIUM 5.5 In multiple functions of AppOpsService.java, there is a possible add a large amount of app ops due to improper input validation. This could lead to local denial of…
CVE-2025-48558 2025-09-04 HIGH 7.8 In multiple functions of BatteryService.java, there is a possible way to hijack implicit intent intended for system app due to Implicit intent hijacking. This could lead to local…
CVE-2025-48556 2025-09-04 HIGH 7.3 In multiple methods of NotificationChannel.java, there is a possible desynchronization from persistence due to improper input validation. This could lead to local escalation of privilege with no additional…
« Anterior Página 860 de 4304 Siguiente »