Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36907 2025-09-04 HIGH 7.3 In draw_surface_image() of abl/android/lib/draw/draw.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege via USB…
CVE-2025-36906 2025-09-04 N/A 0.0 In ConvertReductionOp of darwinn_mlir_converter_aidl.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no…
CVE-2025-36905 2025-09-04 HIGH 7.8 In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no…
CVE-2025-36904 2025-09-04 CRITICAL 9.8 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
CVE-2025-36903 2025-09-04 HIGH 7.8 In lwis_io_buffer_write, there is a possible OOB read/write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User…
CVE-2025-36902 2025-09-04 MEDIUM 6.7 In syna_cdev_ioctl_store_pid() of syna_tcm2_sysfs.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System…
CVE-2025-36901 2025-09-04 HIGH 8.8 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223.
CVE-2025-36900 2025-09-04 MEDIUM 6.7 In lwis_test_register_io of lwis_device_test.c, there is a possible OOB Write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed.…
CVE-2025-36899 2025-09-04 HIGH 8.4 There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution…
CVE-2025-36898 2025-09-04 HIGH 7.8 There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-36897 2025-09-04 CRITICAL 9.8 In unknown of cd_CnMsgCodecUserApi.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional…
CVE-2025-36896 2025-09-04 CRITICAL 9.8 WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106.
CVE-2025-36895 2025-09-04 HIGH 7.5 Information disclosure
CVE-2025-36894 2025-09-04 HIGH 7.5 In TBD of TBD, there is a possible DoS due to a missing null check. This could lead to remote denial of service with no additional execution privileges…
CVE-2025-36893 2025-09-04 MEDIUM 5.5 In ReadTachyonCommands of gxp_main_actor.cc, there is a possible information leak due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User…
CVE-2025-36892 2025-09-04 HIGH 7.5 Denial of service
CVE-2025-36891 2025-09-04 HIGH 8.8 Elevation of privilege
CVE-2025-36887 2025-09-04 HIGH 7.8 In wl_cfgscan_update_v3_schedscan_results() of wl_cfgscan.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no…
CVE-2025-2417 2025-09-04 HIGH 8.6 Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft e-Mutabakat allows Authentication Bypass.This issue affects e-Mutabakat: from 2.02.06 before v2.02.06.
CVE-2025-2411 2025-09-04 HIGH 8.6 Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06.
CVE-2024-56190 2025-09-04 HIGH 7.8 In wl_update_hidden_ap_ie() of wl_cfgscan.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional…
CVE-2024-56189 2025-09-04 HIGH 7.5 In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with…
CVE-2024-13073 2025-09-04 MEDIUM 4.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft TaskPano allows Cross-Site Scripting (XSS).This issue affects TaskPano: s1.06.04.
CVE-2024-13071 2025-09-04 MEDIUM 4.3 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft e-Mutabakat allows Cross-Site Scripting (XSS).This issue affects e-Mutabakat: from 2.02.05 before v2.02.06.
CVE-2025-9928 2025-09-03 HIGH 7.3 A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument…
CVE-2025-9927 2025-09-03 HIGH 7.3 A vulnerability was identified in projectworlds Travel Management System 1.0. The affected element is an unknown function of the file /viewpackage.php. Such manipulation of the argument t1 leads…
CVE-2025-8268 2025-09-03 MEDIUM 6.5 The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in…
CVE-2025-58056 2025-09-03 N/A 0.0 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts…
CVE-2025-57833 2025-09-03 HIGH 7.1 An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably…
CVE-2025-55748 2025-09-03 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx…
CVE-2025-55747 2025-09-03 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the…
CVE-2025-9926 2025-09-03 HIGH 7.3 A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection.…
CVE-2025-9925 2025-09-03 HIGH 7.3 A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in…
CVE-2025-9365 2025-09-03 HIGH 7.8 Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary…
CVE-2025-56139 2025-09-03 MEDIUM 5.3 LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment…
CVE-2025-55162 2025-09-03 MEDIUM 6.3 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4…
CVE-2025-53690 2025-09-03 CRITICAL 9.0 Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through…
CVE-2025-9924 2025-09-03 HIGH 7.3 A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to…
CVE-2025-9923 2025-09-03 MEDIUM 4.3 A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can…
CVE-2025-36193 2025-09-03 HIGH 8.4 IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor…
CVE-2025-56803 2025-09-03 HIGH 8.4 Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build…
CVE-2025-56752 2025-09-03 CRITICAL 9.4 A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and…
CVE-2025-52494 2025-09-03 HIGH 7.5 Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates…
CVE-2025-45805 2025-09-03 HIGH 7.6 In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization,…
CVE-2025-20336 2025-09-03 MEDIUM 5.3 A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated,…
CVE-2025-20335 2025-09-03 MEDIUM 5.3 A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated,…
CVE-2025-20330 2025-09-03 MEDIUM 6.1 A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a…
CVE-2025-20328 2025-09-03 MEDIUM 5.4 A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack…
CVE-2025-20326 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated,…
CVE-2025-20291 2025-09-03 MEDIUM 4.3 A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this…
« Anterior Página 865 de 4304 Siguiente »