Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2013-10052 2025-08-04 N/A 0.0 ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to…
CVE-2025-8518 2025-08-04 MEDIUM 4.7 A vulnerability was found in givanz Vvveb 1.0.5. It has been rated as critical. Affected by this issue is the function Save of the file admin/controller/editor/code.php of the…
CVE-2025-51535 2025-08-04 MEDIUM 6.5 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability.
CVE-2025-50422 2025-08-04 MEDIUM 6.5 An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content…
CVE-2025-50420 2025-08-04 HIGH 7.5 An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a…
CVE-2025-44963 2025-08-04 CRITICAL 9.0 RUCKUS Network Director (RND) before 4.5 allows spoofing of an administrator JWT by an attacker who knows the hardcoded value of a certain secret key.
CVE-2025-44962 2025-08-04 MEDIUM 5.0 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows ../ directory traversal to read files.
CVE-2025-44961 2025-08-04 CRITICAL 9.9 In RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build, OS command injection can occur via an IP address field provided by an authenticated user.
CVE-2025-44960 2025-08-04 HIGH 8.5 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build allows OS command injection via a certain parameter in an API route.
CVE-2025-44958 2025-08-04 MEDIUM 5.3 RUCKUS Network Director (RND) before 4.5 stores passwords in a recoverable format.
CVE-2025-44957 2025-08-04 HIGH 8.5 Ruckus SmartZone (SZ) before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers.
CVE-2025-44954 2025-08-04 CRITICAL 9.0 RUCKUS SmartZone (SZ) before 6.1.2p3 Refresh Build has a hardcoded SSH private key for a root-equivalent user account.
CVE-2025-8517 2025-08-04 MEDIUM 6.3 A vulnerability was found in givanz Vvveb 1.0.6.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation.…
CVE-2025-8516 2025-08-04 MEDIUM 5.3 A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition up to 8.2. It has been classified as problematic. Affected is the function BaseServiceFactory.getFileUploadService.deleteFileAction of the file K3Cloud\BBCMallSite\WEB-INF\lib\Kingdee.K3.O2O.Base.WebApp.jar!\kingdee\k3\o2o\base\webapp\action\FileUploadAction.class of…
CVE-2025-5988 2025-08-04 MEDIUM 5.3 A flaw was found in the Ansible aap-gateway. Cross-site request forgery (CSRF) origin checking is not done on requests from the gateway to external components, such as the…
CVE-2025-44955 2025-08-04 HIGH 8.8 RUCKUS Network Director (RND) before 4.5 allows jailed users to obtain root access vis a weak, hardcoded password.
CVE-2025-38739 2025-08-04 HIGH 7.2 Dell Digital Delivery, versions prior to 5.6.1.0, contains an Insufficiently Protected Credentials vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to Information Disclosure.
CVE-2025-54980 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54979 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54978 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54977 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54976 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54975 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54974 2025-08-05 N/A 0.0 Rejected reason: Not used
CVE-2025-54797 2025-08-05 N/A 0.0 Rejected reason: This CVE is a duplicate of CVE-2025-52464.
CVE-2025-20701 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with…
CVE-2025-20697 2025-08-04 MEDIUM 6.7 In Power HAL, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious…
CVE-2025-51536 2025-08-04 CRITICAL 9.8 Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 as discovered to contain a hardcoded Administrator password.
CVE-2025-44643 2025-08-04 HIGH 8.6 Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration…
CVE-2025-36594 2025-08-04 CRITICAL 9.8 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions…
CVE-2025-30099 2025-08-04 HIGH 7.8 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions…
CVE-2025-30098 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions…
CVE-2025-30097 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions…
CVE-2025-30096 2025-08-04 MEDIUM 6.7 Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.1.0.10, LTS2024 release Versions 7.13.1.0 through 7.13.1.25, LTS 2023 release versions…
CVE-2025-26065 2025-08-04 HIGH 7.3 A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the…
CVE-2025-8109 2025-08-04 N/A 0.0 Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
CVE-2025-36607 2025-08-04 HIGH 7.8 Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell…
CVE-2025-36606 2025-08-04 HIGH 7.8 Dell Unity, version(s) 5.5 and prior, contain(s) an OS Command Injection Vulnerability in its svc_nfssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell…
CVE-2025-36605 2025-08-04 MEDIUM 6.1 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the CWE-79: Improper Neutralization of Input During Web…
CVE-2025-36604 2025-08-04 HIGH 7.3 Dell Unity, version(s) 5.5 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access…
CVE-2025-8515 2025-08-04 LOW 3.1 A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The…
CVE-2025-6205 2025-08-04 CRITICAL 9.1 A missing authorization vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to gain privileged access to the application.
CVE-2025-6204 2025-08-04 HIGH 8.0 An Improper Control of Generation of Code (Code Injection) vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could allow an attacker to execute arbitrary code.
CVE-2025-0932 2025-08-04 N/A 0.0 Use After Free vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm 5th Gen GPU Architecture Userspace Driver allows a…
CVE-2025-8341 2025-08-04 MEDIUM 5.0 Grafana is an open-source platform for monitoring and observability. The Infinity datasource plugin, maintained by Grafana Labs, allows visualizing data from JSON, CSV, XML, GraphQL, and HTML endpoints.…
CVE-2025-41691 2025-08-04 HIGH 7.5 An unauthenticated remote attacker may trigger a NULL pointer dereference in the affected CODESYS Control runtime systems by sending specially crafted communication requests, potentially leading to a denial-of-service…
CVE-2025-41659 2025-08-04 HIGH 8.3 A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data…
CVE-2025-41658 2025-08-04 MEDIUM 5.5 CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
CVE-2025-20702 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution…
CVE-2025-20700 2025-08-04 HIGH 8.8 In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead…
« Anterior Página 945 de 4306 Siguiente »