Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4393 2025-07-24 MEDIUM 6.5 Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash…
CVE-2025-1299 2025-07-24 MEDIUM 4.3 An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 18.0.5, all versions starting from 18.1 before 18.1.3, all versions starting from 18.2…
CVE-2025-0765 2025-07-24 MEDIUM 4.3 An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an unauthorized…
CVE-2025-54377 2025-07-23 HIGH 7.8 Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command…
CVE-2025-54371 2025-07-23 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-53942 2025-07-23 N/A 0.0 authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols. In versions 2025.4.4 and earlier, as well as versions…
CVE-2025-53537 2025-07-23 HIGH 7.5 LibHTP is a security-aware parser for the HTTP protocol and its related bits and pieces. In versions 0.5.50 and below, there is a traffic-induced memory leak that can…
CVE-2025-47281 2025-07-23 HIGH 7.7 Kyverno is a policy engine designed for cloud native platform engineering teams. In versions 1.14.1 and below, a Denial of Service (DoS) vulnerability exists due to improper handling…
CVE-2025-32019 2025-07-23 MEDIUM 4.1 Harbor is an open source trusted cloud native registry project that stores, signs, and scans content. Versions 2.11.2 and below, as well as versions 2.12.0-rc1 and 2.13.0-rc1, contain…
CVE-2025-8058 2025-07-23 N/A 0.0 The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished…
CVE-2025-50477 2025-07-23 MEDIUM 5.4 A URL redirection in lbry-desktop v0.53.9 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-47187 2025-07-23 HIGH 7.5 A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to…
CVE-2025-44109 2025-07-23 MEDIUM 5.4 A URL redirection in Pinokio v3.6.23 allows attackers to redirect victim users to attacker-controlled pages.
CVE-2025-46686 2025-07-23 MEDIUM 4.9 Redis through 7.4.3 allows memory consumption via a multi-bulk command composed of many bulks, sent by an authenticated user. This occurs because the server allocates memory for the…
CVE-2025-53882 2025-07-23 CRITICAL 9.1 A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSEs mailman3 package allows potential escalation from mailman to rootThis issue affects openSUSE Tumbleweed:…
CVE-2025-4700 2025-07-23 HIGH 8.7 An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under specific circumstances, could have…
CVE-2025-4439 2025-07-23 HIGH 7.7 An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed an authenticated…
CVE-2025-50481 2025-07-23 MEDIUM 4.8 A cross-site scripting (XSS) vulnerability in the component /blog/blogpost/add of Mezzanine CMS v6.1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into…
CVE-2025-8069 2025-07-23 HIGH 7.8 During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a…
CVE-2025-8060 2025-07-23 HIGH 8.8 A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component…
CVE-2025-8044 2025-07-22 CRITICAL 9.8 Memory safety bugs present in Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of…
CVE-2025-8043 2025-07-22 CRITICAL 9.8 Focus incorrectly truncated URLs towards the beginning instead of around the origin. This vulnerability affects Firefox < 141 and Thunderbird < 141.
CVE-2025-8040 2025-07-22 HIGH 8.8 Memory safety bugs present in Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence of memory corruption and we presume…
CVE-2025-8035 2025-07-22 HIGH 8.8 Memory safety bugs present in Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these bugs showed evidence…
CVE-2025-7724 2025-07-22 N/A 0.0 An unauthenticated OS command injection vulnerability exists in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1…
CVE-2025-46171 2025-07-23 MEDIUM 5.4 vBulletin 3.8.7 is vulnerable to a denial-of-service condition via the misc.php?do=buddylist endpoint. If an authenticated user has a sufficiently large buddy list, processing the list can consume excessive…
CVE-2025-2634 2025-07-23 HIGH 7.8 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an…
CVE-2025-2633 2025-07-23 HIGH 7.8 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires…
CVE-2025-8037 2025-07-22 CRITICAL 9.1 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included…
CVE-2025-8036 2025-07-22 HIGH 8.1 Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird <…
CVE-2025-6174 2025-07-23 MEDIUM 6.1 The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to…
CVE-2025-8020 2025-07-23 HIGH 8.2 All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP…
CVE-2025-8030 2025-07-22 HIGH 8.1 Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR…
CVE-2025-8029 2025-07-22 HIGH 8.1 Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141,…
CVE-2025-8028 2025-07-22 CRITICAL 9.8 On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of…
CVE-2025-8019 2025-07-22 HIGH 8.8 A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi.…
CVE-2025-6018 2025-07-23 HIGH 7.8 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user…
CVE-2025-54139 2025-07-23 MEDIUM 4.3 HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below,…
CVE-2025-48964 2025-07-22 MEDIUM 6.5 ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because…
CVE-2025-48498 2025-07-22 HIGH 7.5 A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol…
CVE-2025-40598 2025-07-23 MEDIUM 6.1 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
CVE-2025-40597 2025-07-23 HIGH 7.5 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-40596 2025-07-23 HIGH 7.3 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-46354 2025-07-22 HIGH 7.5 A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of…
CVE-2025-36520 2025-07-22 HIGH 7.5 A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of…
CVE-2025-36117 2025-07-23 MEDIUM 6.3 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on…
CVE-2025-36116 2025-07-23 MEDIUM 6.3 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could…
CVE-2025-33077 2025-07-23 HIGH 8.8 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer…
CVE-2025-33076 2025-07-23 HIGH 8.8 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer…
CVE-2025-33020 2025-07-23 MEDIUM 5.9 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
« Anterior Página 968 de 4306 Siguiente »