Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-7755 2025-07-17 MEDIUM 6.3 A vulnerability was found in code-projects Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/edit_product.php. The manipulation…
CVE-2025-23269 2025-07-17 MEDIUM 4.7 NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences…
CVE-2025-7433 2025-07-17 HIGH 8.8 A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.
CVE-2025-6249 2025-07-17 MEDIUM 6.7 An authentication bypass vulnerability was reported in FileZ client application that could allow a local attacker with elevated permissions access to application data.
CVE-2025-6248 2025-07-17 HIGH 7.4 A cross-site scripting (XSS) vulnerability was reported in the Lenovo Browser that could allow an attacker to obtain sensitive information if a user visits a web page with…
CVE-2025-6232 2025-07-17 HIGH 7.8 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying specific registry…
CVE-2025-6231 2025-07-17 HIGH 7.8 An improper validation vulnerability was reported in Lenovo Vantage that under certain conditions could allow a local attacker to execute code with elevated permissions by modifying an application…
CVE-2025-6230 2025-07-17 MEDIUM 5.3 A SQL injection vulnerability was reported in Lenovo Vantage that could allow a local attacker to modify the local SQLite database and execute code with elevated permissions.
CVE-2025-53964 2025-07-17 CRITICAL 9.6 GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term…
CVE-2025-4657 2025-07-17 MEDIUM 6.7 A buffer overflow vulnerability was reported in the Lenovo Protection Driver, prior to version 5.1.1110.4231, used in Lenovo PC Manager, Lenovo Browser, and Lenovo App Store could allow…
CVE-2025-3753 2025-07-17 HIGH 7.8 A code execution vulnerability has been identified in the Robot Operating System (ROS) 'rosbag' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the use…
CVE-2025-2818 2025-07-17 LOW 3.5 A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the…
CVE-2025-23270 2025-07-17 HIGH 7.1 NVIDIA Jetson Linux contains a vulnerability in UEFI Management mode, where an unprivileged local attacker may cause exposure of sensitive information via a side channel vulnerability. A successful…
CVE-2025-23267 2025-07-17 HIGH 8.5 NVIDIA Container Toolkit for all platforms contains a vulnerability in the update-ldcache hook, where an attacker could cause a link following by using a specially crafted container image.…
CVE-2025-23266 2025-07-17 CRITICAL 9.0 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A…
CVE-2025-1729 2025-07-17 MEDIUM 6.7 A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges.
CVE-2025-1700 2025-07-17 HIGH 7.0 A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of…
CVE-2025-0886 2025-07-17 HIGH 7.8 An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
CVE-2024-42209 2025-07-17 LOW 3.5 HCL Connections is vulnerable to an information disclosure vulnerability that could allow a user to obtain sensitive information they are not entitled to, which is caused by improper…
CVE-2024-41921 2025-07-17 HIGH 7.8 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the…
CVE-2024-41148 2025-07-17 HIGH 7.8 A code injection vulnerability has been discovered in the Robot Operating System (ROS) 'rostopic' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability lies in the…
CVE-2024-39835 2025-07-17 HIGH 7.8 A code injection vulnerability has been identified in the Robot Operating System (ROS) 'roslaunch' command-line tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability arises from the…
CVE-2024-39289 2025-07-17 HIGH 7.8 A code execution vulnerability has been discovered in the Robot Operating System (ROS) 'rosparam' tool, affecting ROS distributions Noetic Ninjemys and earlier. The vulnerability stems from the use…
CVE-2025-7472 2025-07-17 HIGH 7.5 A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer…
CVE-2025-54070 2025-07-17 N/A 0.0 OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 5.2.0 and prior to version 5.4.0, the `lastIndexOf(bytes,byte,uint256)` function of the `Bytes.sol` library may access…
CVE-2025-54068 2025-07-17 N/A 0.0 Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauthenticated attackers to achieve remote command execution in specific scenarios.…
CVE-2025-53817 2025-07-17 N/A 0.0 7-Zip is a file archiver with a high compression ratio. 7-Zip supports extracting from Compound Documents. Prior to version 25.0.0, a null pointer dereference in the Compound handler…
CVE-2025-53816 2025-07-17 N/A 0.0 7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in…
CVE-2025-46102 2025-07-17 MEDIUM 5.4 Cross Site Scripting vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version V.5.4.3 allows a remote attacker to obtain sensitive information via…
CVE-2024-13972 2025-07-17 HIGH 8.8 A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during…
CVE-2025-7749 2025-07-17 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /admin/getmanagerregion.php. The…
CVE-2025-7748 2025-07-17 LOW 3.5 A vulnerability classified as problematic was found in ZCMS 3.6.0. This vulnerability affects unknown code of the component Create Article Page. The manipulation of the argument Title leads…
CVE-2025-7747 2025-07-17 HIGH 8.8 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The…
CVE-2025-53644 2025-07-17 N/A 0.0 OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when…
CVE-2025-53638 2025-07-17 N/A 0.0 Solady is software that provides Solidity snippets with APIs. Starting in version 0.0.125 and prior to version 0.1.24, when an account is deployed via a proxy, using regular…
CVE-2025-51497 2025-07-17 N/A 0.0 An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs…
CVE-2025-23263 2025-07-17 HIGH 7.6 NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on…
CVE-2024-32323 2025-07-17 N/A 0.0 SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class.
CVE-2025-7339 2025-07-17 LOW 3.4 on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions `
CVE-2025-7338 2025-07-17 HIGH 7.5 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a…
CVE-2025-53867 2025-07-17 N/A 0.0 Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.
CVE-2025-52046 2025-07-17 N/A 0.0 Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute…
CVE-2025-25257 2025-07-17 CRITICAL 9.8 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through 7.2.10…
CVE-2023-47356 2025-07-17 N/A 0.0 Mingyu Security Gateway before v3.0-5.3p was discovered to contain a remote command execution (RCE) vulnerability via the log_type parameter at /log/fw_security.mds.
CVE-2023-41566 2025-07-17 N/A 0.0 OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and…
CVE-2025-54066 2025-07-17 MEDIUM 4.7 DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can…
CVE-2025-54064 2025-07-17 N/A 0.0 Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the `rucio-server`,…
CVE-2025-54062 2025-07-17 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6…
CVE-2025-54061 2025-07-17 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6…
CVE-2025-54060 2025-07-17 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6…
« Anterior Página 983 de 4307 Siguiente »