Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54616 2025-08-06 MEDIUM 4.0 Out-of-bounds array access vulnerability in the ArkUI framework. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54615 2025-08-06 MEDIUM 6.2 Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54614 2025-08-06 MEDIUM 6.2 Input verification vulnerability in the home screen module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54613 2025-08-06 MEDIUM 5.9 Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-54612 2025-08-06 MEDIUM 5.9 Iterator failure vulnerability in the card management module. Impact: Successful exploitation of this vulnerability may affect function stability.
CVE-2025-54611 2025-08-06 HIGH 7.3 EXTRA_REFERRER resource read vulnerability in the Gallery module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54610 2025-08-06 MEDIUM 5.4 Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54609 2025-08-06 MEDIUM 5.4 Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-54608 2025-08-06 MEDIUM 6.2 Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be…
CVE-2025-54607 2025-08-06 HIGH 7.7 Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-54606 2025-08-06 HIGH 7.3 Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-54655 2025-08-06 HIGH 8.1 Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module.
CVE-2025-54653 2025-08-06 HIGH 8.4 Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.
CVE-2025-54652 2025-08-06 HIGH 8.4 Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.
CVE-2025-54884 2025-08-06 N/A 0.0 Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to…
CVE-2025-54883 2025-08-06 N/A 0.0 Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged…
CVE-2025-54876 2025-08-06 N/A 0.0 The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This…
CVE-2025-54873 2025-08-06 N/A 0.0 RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions…
CVE-2025-8130 2025-08-06 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2013-10069 2025-08-05 N/A 0.0 The web interface of multiple D-Link routers, including DIR-600 rev B (≤2.14b01) and DIR-300 rev B (≤2.13), contains an unauthenticated OS command injection vulnerability in command.php, which improperly…
CVE-2013-10067 2025-08-05 N/A 0.0 Glossword versions 1.8.8 through 1.8.12 contain an authenticated arbitrary file upload vulnerability. When deployed as a standalone application, the administrative interface (gw_admin.php) allows users with administrator privileges to…
CVE-2012-10030 2025-08-05 N/A 0.0 FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user…
CVE-2012-10023 2025-08-05 N/A 0.0 A stack-based buffer overflow vulnerability exists in FreeFloat FTP Server version 1.0.0. The server fails to properly validate input passed to the USER command, allowing remote attackers to…
CVE-2012-10034 2025-08-05 N/A 0.0 ClanSphere 2011.3 is vulnerable to a local file inclusion (LFI) flaw due to improper handling of the cs_lang cookie parameter. The application fails to sanitize user-supplied input, allowing…
CVE-2012-10033 2025-08-05 N/A 0.0 Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing…
CVE-2012-10029 2025-08-05 N/A 0.0 Nagios XI Network Monitor prior to Graph Explorer component version 1.3 contains a command injection vulnerability in `visApi.php`. An authenticated user can inject system commands via unsanitized parameters…
CVE-2025-8586 2025-08-05 LOW 3.3 A vulnerability, which was classified as problematic, was found in libav up to 12.3. This affects the function ff_seek_frame_binary of the file /libavformat/utils.c of the component MPEG File…
CVE-2025-8585 2025-08-05 MEDIUM 5.3 A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c of…
CVE-2012-10027 2025-08-05 N/A 0.0 WP-Property plugin for WordPress through version 1.35.0 contains an unauthenticated file upload vulnerability in the third-party `uploadify.php` script. A remote attacker can upload arbitrary PHP files to a…
CVE-2025-54253 2025-08-05 CRITICAL 10.0 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass…
CVE-2025-55027 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55026 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55025 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55024 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55023 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55022 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55021 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55020 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-55019 2025-08-06 N/A 0.0 Rejected reason: Not used
CVE-2025-53534 2025-08-05 N/A 0.0 RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited…
CVE-2025-52237 2025-08-05 MEDIUM 6.5 An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory traversal.
CVE-2025-51857 2025-08-05 MEDIUM 6.1 The reconcile method in the AttachmentReconciler class of the Halo system v.2.20.18LTS and before is vulnerable to XSS attacks.
CVE-2025-51628 2025-08-05 HIGH 7.5 Insecure Direct Object Reference (IDOR) vulnerability in PdfHandler component in Agenzia Impresa Eccobook v2.81.1 and below allows unauthenticated attackers to read confidential documents via the DocumentoId parameter.
CVE-2025-51627 2025-08-05 MEDIUM 6.5 Incorrect access control in CaricaVerbale in Agenzia Impresa Eccobook v2.81.1 allows authenticated attackers with low-level access to escalate privileges to Administrator.
CVE-2025-51060 2025-08-05 MEDIUM 6.5 An issue was discovered in CPUID cpuz.sys 1.0.5.4. An attacker can use DeviceIoControl with the unvalidated parameters 0x9C402440 and 0x9C402444 as IoControlCodes to perform RDMSR and WRMSR, respectively.…
CVE-2025-50688 2025-08-05 MEDIUM 6.5 A command injection vulnerability exists in TwistedWeb (version 14.0.0) due to improper input sanitization in the file upload functionality. An attacker can exploit this vulnerability by sending a…
CVE-2025-50454 2025-08-05 MEDIUM 6.5 An Authentication Bypass vulnerability in Blue Access' Cobalt X1 thru 02.000.187 allows an unauthorized attacker to log into the application as an administrator without valid credentials.
CVE-2025-8584 2025-08-05 LOW 3.3 A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function av_buffer_unref of the file libavutil/buffer.c of the component AVI…
CVE-2025-7674 2025-08-05 N/A 0.0 Improper Input Validation vulnerability in Roche Diagnostics navify Monitoring allows an attacker to manipulate input data, which may lead to a denial of service (DoS) due to negatively…
CVE-2025-54254 2025-08-05 HIGH 8.6 Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read.…
« Anterior Página 941 de 4305 Siguiente »