Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55333 2025-10-14 MEDIUM 6.1 Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55332 2025-10-14 MEDIUM 6.1 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55331 2025-10-14 HIGH 7.0 Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
CVE-2025-55330 2025-10-14 MEDIUM 6.1 Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-55328 2025-10-14 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-55326 2025-10-14 HIGH 7.5 Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
CVE-2025-55325 2025-10-14 MEDIUM 5.5 Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-55320 2025-10-14 MEDIUM 6.7 Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-55315 2025-10-14 CRITICAL 9.9 Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVE-2025-55248 2025-10-14 MEDIUM 4.8 Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55247 2025-10-14 HIGH 7.3 Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-55240 2025-10-14 HIGH 7.3 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-54603 2025-10-14 MEDIUM 6.5 An incorrect OIDC authentication flow in Claroty Secure Access 3.3.0 through 4.0.2 can result in unauthorized user creation or impersonation of existing OIDC users.
CVE-2025-53782 2025-10-14 HIGH 8.4 Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
CVE-2025-53768 2025-10-14 HIGH 7.8 Use after free in Xbox allows an authorized attacker to elevate privileges locally.
CVE-2025-53717 2025-10-14 HIGH 7.0 Reliance on untrusted inputs in a security decision in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-53150 2025-10-14 HIGH 7.8 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-53139 2025-10-14 HIGH 7.7 Cleartext transmission of sensitive information in Windows Hello allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-50175 2025-10-14 HIGH 7.8 Use after free in Windows Digital Media allows an authorized attacker to elevate privileges locally.
CVE-2025-50174 2025-10-14 HIGH 7.0 Use after free in Windows Device Association Broker service allows an authorized attacker to elevate privileges locally.
CVE-2025-50152 2025-10-14 HIGH 7.8 Out-of-bounds read in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-49708 2025-10-14 CRITICAL 9.9 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
CVE-2025-48813 2025-10-14 MEDIUM 6.3 Use of a key past its expiration date in Virtual Secure Mode allows an authorized attacker to perform spoofing locally.
CVE-2025-48004 2025-10-14 HIGH 7.4 Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47989 2025-10-14 HIGH 7.0 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-47979 2025-10-14 MEDIUM 5.5 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-37146 2025-10-14 HIGH 7.2 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow…
CVE-2025-37143 2025-10-14 MEDIUM 4.9 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor…
CVE-2025-36730 2025-10-14 N/A 0.0 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to…
CVE-2025-25004 2025-10-14 HIGH 7.3 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-24052 2025-10-14 HIGH 7.8 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal…
CVE-2024-6211 2025-10-13 N/A 0.0 Rejected reason: loading template...
CVE-2025-62242 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through…
CVE-2025-62241 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment…
CVE-2025-58084 2025-10-13 LOW 3.5 Mattermost Desktop App versions
CVE-2025-62243 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-62170 2025-10-13 HIGH 7.5 rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can…
CVE-2025-61775 2025-10-13 N/A 0.0 Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated…
CVE-2025-7707 2025-10-13 HIGH 7.1 The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local…
CVE-2025-62244 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-11695 2025-10-13 HIGH 8.0 When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
CVE-2025-43991 2025-10-13 MEDIUM 6.3 SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged…
CVE-2025-6919 2025-10-13 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue…
CVE-2025-39965 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891…
CVE-2025-39964 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus…
CVE-2025-37729 2025-10-13 CRITICAL 9.1 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and…
CVE-2025-9902 2025-10-13 HIGH 7.5 Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version…
CVE-2025-9337 2025-10-13 N/A 0.0 A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash…
CVE-2025-9336 2025-10-13 N/A 0.0 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other…
CVE-2025-11184 2025-10-13 N/A 0.0 Cross-site scripting vulnerability in QGIS QWC2 Registration GUI
« Anterior Página 89 de 3644 Siguiente »