Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-13064 2025-09-03 MEDIUM 4.3 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akinsoft MyRezzta allows Cross-Site Scripting (XSS).This issue affects MyRezzta: from s2.02.02 before v2.05.01.
CVE-2024-13063 2025-09-03 MEDIUM 6.8 Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing.This issue affects MyRezzta: from s2.02.02 before v2.05.01.
CVE-2025-9817 2025-09-03 HIGH 7.8 SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service
CVE-2025-9378 2025-09-03 MEDIUM 6.4 The Vayu Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attributes in the Lottie block in all…
CVE-2025-8663 2025-09-03 N/A 0.0 Insertion of Sensitive Information into Log File vulnerability in upKeeper Solutions upKeeper Manager allows Use of Known Domain Credentials.This issue affects upKeeper Manager: from 5.0.0 before 5.2.12.
CVE-2025-58210 2025-09-03 MEDIUM 5.3 Missing Authorization vulnerability in ThemeMove Makeaholic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Makeaholic: from n/a through 1.8.5.
CVE-2024-32444 2025-09-03 CRITICAL 9.8 Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6.
CVE-2025-9785 2025-09-03 N/A 0.0 PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer…
CVE-2025-58272 2025-09-03 LOW 3.7 Cross-site request forgery vulnerability exists in Web Caster V130 versions 1.08 and earlier. If a logged-in user views a malicious page created by an attacker, the settings of…
CVE-2025-21041 2025-09-03 MEDIUM 6.2 Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
CVE-2025-21040 2025-09-03 MEDIUM 5.1 Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21039 2025-09-03 MEDIUM 5.1 Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21038 2025-09-03 MEDIUM 5.1 Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
CVE-2025-21037 2025-09-03 MEDIUM 4.1 Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
CVE-2025-21036 2025-09-03 MEDIUM 5.0 Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
CVE-2025-21035 2025-09-03 MEDIUM 4.6 Improper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers to access data across multiple user profiles.
CVE-2025-21034 2025-09-03 MEDIUM 4.0 Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
CVE-2025-21033 2025-09-03 MEDIUM 4.0 Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
CVE-2025-21032 2025-09-03 MEDIUM 5.9 Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
CVE-2025-21030 2025-09-03 MEDIUM 4.3 Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
CVE-2025-21029 2025-09-03 MEDIUM 4.0 Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
CVE-2025-21028 2025-09-03 MEDIUM 5.5 Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
CVE-2025-21027 2025-09-03 MEDIUM 5.1 Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
CVE-2025-21026 2025-09-03 MEDIUM 4.0 Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
CVE-2025-21025 2025-09-03 MEDIUM 5.1 Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
CVE-2023-21483 2025-09-03 MEDIUM 6.4 Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
CVE-2023-21482 2025-09-03 MEDIUM 6.1 Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through…
CVE-2023-21481 2025-09-03 MEDIUM 5.4 Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
CVE-2023-21480 2025-09-03 HIGH 8.5 Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.
CVE-2023-21479 2025-09-03 MEDIUM 5.3 Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.
CVE-2023-21478 2025-09-03 MEDIUM 6.0 Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
CVE-2023-21477 2025-09-03 HIGH 7.9 Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
CVE-2023-21474 2025-09-03 MEDIUM 6.3 Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
CVE-2023-21470 2025-09-03 MEDIUM 4.0 Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
CVE-2023-21469 2025-09-03 MEDIUM 4.0 Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
CVE-2023-21468 2025-09-03 MEDIUM 5.9 Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
CVE-2025-58351 2025-09-03 MEDIUM 6.8 Outline is a service that allows for collaborative documentation. In versions 0.72.0 through 0.83.0, Outline introduced a feature which facilitates local file system storage capabilities as an optional…
CVE-2025-58170 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-58169 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-58168 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-58167 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-58166 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-58165 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE, CVE-2025-58163.
CVE-2025-58164 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE, CVE-2025-58163.
CVE-2025-58163 2025-09-03 N/A 0.0 FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated…
CVE-2025-9848 2025-09-03 HIGH 7.3 A security vulnerability has been detected in ScriptAndTools Real Estate Management System 1.0. The affected element is an unknown function of the file /admin/userlist.php. Such manipulation leads to…
CVE-2025-9847 2025-09-03 MEDIUM 6.3 A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes…
CVE-2025-7039 2025-09-03 LOW 3.7 A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or…
CVE-2025-9843 2025-09-03 MEDIUM 5.3 A flaw has been found in Das Parking Management System 停车场管理系统 6.2.0. Affected is an unknown function of the file /Operator/FindAll. This manipulation causes information disclosure. It is…
CVE-2025-57806 2025-09-03 N/A 0.0 Local Deep Research is an AI-powered research assistant for deep, iterative research. Versions 0.2.0 through 0.6.7 stored confidential information, including API keys, in a local SQLite database without…
« Anterior Página 869 de 4304 Siguiente »