Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-2634 2025-07-23 HIGH 7.8 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in fontmgr may result in information disclosure or arbitrary code execution. Successful exploitation requires an…
CVE-2025-2633 2025-07-23 HIGH 7.8 Out of bounds read vulnerability due to improper bounds checking in NI LabVIEW in lvre!UDecStrToNum that may result in information disclosure or arbitrary code execution. Successful exploitation requires…
CVE-2025-8037 2025-07-22 CRITICAL 9.1 Setting a nameless cookie with an equals sign in the value shadowed other cookies. Even if the nameless cookie was set over HTTP and the shadowed cookie included…
CVE-2025-8036 2025-07-22 HIGH 8.1 Thunderbird cached CORS preflight responses across IP address changes. This allowed circumventing CORS with DNS rebinding. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird <…
CVE-2025-6174 2025-07-23 MEDIUM 6.1 The Qwizcards | online quizzes and flashcards WordPress plugin through 3.9.4 does not sanitise and escape the "_stylesheet" parameter before outputting it back in the page, leading to…
CVE-2025-8020 2025-07-23 HIGH 8.2 All versions of the package private-ip are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide an IP or hostname that resolves to a multicast IP…
CVE-2025-8030 2025-07-22 HIGH 8.1 Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability affects Firefox < 141, Firefox ESR…
CVE-2025-8029 2025-07-22 HIGH 8.1 Thunderbird executed `javascript:` URLs when used in `object` and `embed` tags. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141,…
CVE-2025-8028 2025-07-22 CRITICAL 9.8 On arm64, a WASM `br_table` instruction with a lot of entries could lead to the label being too far from the instruction causing truncation and incorrect computation of…
CVE-2025-8019 2025-07-22 HIGH 8.8 A vulnerability was found in Shenzhen Libituo Technology LBT-T300-T310 2.2.3.6. It has been rated as critical. Affected by this issue is the function sub_40B6F0 of the file at/appy.cgi.…
CVE-2025-6018 2025-07-23 HIGH 7.8 A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). This flaw allows an unprivileged local attacker (for example, a user…
CVE-2025-54139 2025-07-23 MEDIUM 4.3 HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below,…
CVE-2025-48964 2025-07-22 MEDIUM 6.5 ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because…
CVE-2025-48498 2025-07-22 HIGH 7.5 A null pointer dereference vulnerability exists in the Distributed Transaction component of Bloomberg Comdb2 8.1 when processing a number of fields used for coordination. A specially crafted protocol…
CVE-2025-40598 2025-07-23 MEDIUM 6.1 A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.
CVE-2025-40597 2025-07-23 HIGH 7.5 A Heap-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-40596 2025-07-23 HIGH 7.3 A Stack-based buffer overflow vulnerability in the SMA100 series web interface allows remote, unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution.
CVE-2025-46354 2025-07-22 HIGH 7.5 A denial of service vulnerability exists in the Distributed Transaction Commit/Abort Operation functionality of Bloomberg Comdb2 8.1. A specially crafted network packet can lead to a denial of…
CVE-2025-36520 2025-07-22 HIGH 7.5 A null pointer dereference vulnerability exists in the net_connectmsg Protocol Buffer Message functionality of Bloomberg Comdb2 8.1. A specially crafted network packets can lead to a denial of…
CVE-2025-36117 2025-07-23 MEDIUM 6.3 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 does not disallow the session id after use which could allow an authenticated user to impersonate another user on…
CVE-2025-36116 2025-07-23 MEDIUM 6.3 IBM Db2 Mirror for i 7.4, 7.5, and 7.6 GUI is affected by cross-site WebSocket hijacking vulnerability. By sending a specially crafted request, an unauthenticated malicious actor could…
CVE-2025-33077 2025-07-23 HIGH 8.8 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer…
CVE-2025-33076 2025-07-23 HIGH 8.8 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer…
CVE-2025-33020 2025-07-23 MEDIUM 5.9 IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information.
CVE-2025-31701 2025-07-23 HIGH 8.1 A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or…
CVE-2025-31700 2025-07-23 HIGH 8.1 A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or…
CVE-2016-15045 2025-07-23 N/A 0.0 A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin…
CVE-2025-8039 2025-07-22 HIGH 8.1 In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability affects Firefox < 141, Firefox ESR < 140.1,…
CVE-2025-8038 2025-07-22 CRITICAL 9.8 Thunderbird ignored paths when checking the validity of navigations in a frame. This vulnerability affects Firefox < 141, Firefox ESR < 140.1, Thunderbird < 141, and Thunderbird <…
CVE-2025-8011 2025-07-22 HIGH 8.8 Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-8034 2025-07-22 HIGH 8.8 Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox ESR 140.0, Thunderbird ESR 140.0, Firefox 140 and Thunderbird 140. Some of these…
CVE-2025-8033 2025-07-22 MEDIUM 6.5 The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox < 141, Firefox…
CVE-2025-8032 2025-07-22 HIGH 8.1 XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1,…
CVE-2025-8031 2025-07-22 CRITICAL 9.8 The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13,…
CVE-2025-8027 2025-07-22 MEDIUM 6.5 On 64-bit platforms IonMonkey-JIT only wrote 32 bits of the 64-bit return value space on the stack. Baseline-JIT, however, read the entire 64 bits. This vulnerability affects Firefox…
CVE-2025-54090 2025-07-23 MEDIUM 6.3 A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Users are recommended to upgrade to version 2.4.65, which fixes the…
CVE-2025-8010 2025-07-22 HIGH 8.8 Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-46099 2025-07-23 HIGH 7.1 In Pluck CMS 4.7.20-dev, an authenticated attacker can upload or create a crafted PHP file under the albums module directory and access it via the module routing logic…
CVE-2025-40599 2025-07-23 CRITICAL 9.1 An authenticated arbitrary file upload vulnerability exists in the SMA 100 series web management interface. A remote attacker with administrative privileges can exploit this flaw to upload arbitrary…
CVE-2022-4978 2025-07-23 N/A 0.0 Remote Control Server, maintained by Steppschuh, 3.1.1.12 allows unauthenticated remote code execution when authentication is disabled, which is the default configuration. The server exposes a custom UDP-based control protocol…
CVE-2018-25114 2025-07-23 N/A 0.0 A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/…
CVE-2018-25113 2025-07-23 N/A 0.0 An unauthenticated path traversal vulnerability exists in Dicoogle PACS Web Server version 2.5.0 and possibly earlier. The vulnerability allows remote attackers to read arbitrary files on the underlying…
CVE-2017-20198 2025-07-23 N/A 0.0 The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container…
CVE-2015-10141 2025-07-23 N/A 0.0 An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens…
CVE-2010-10012 2025-07-23 N/A 0.0 A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending…
CVE-2025-4411 2025-07-23 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dataprom Informatics PACS-ACSS allows Cross-Site Scripting (XSS).This issue affects PACS-ACSS: before 16.05.2025.
CVE-2025-54297 2025-07-23 N/A 0.0 A stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla was discovered.
CVE-2025-54296 2025-07-23 N/A 0.0 A stored XSS vulnerability in ProFiles component 1.0-1.5.0 for Joomla was discovered.
CVE-2025-54295 2025-07-23 N/A 0.0 A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
CVE-2025-54294 2025-07-23 N/A 0.0 A SQLi vulnerability in Komento component 4.0.0-4.0.7for Joomla was discovered. The issue allows unprivileged users to execute arbitrary SQL commands.
« Anterior Página 969 de 4306 Siguiente »