Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-23156 In the Linux kernel, the following vulnerability has been resolved: efivarfs: fix error propagation in efivar_entry_get() efivar_entry_get() always returns success even if the underlying __efivar_en... | 7.8 | HIGH | β | 0 |
| CVE-2025-66374 CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | 7.8 | HIGH | β | 0 |
| CVE-2026-20610 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges. | 7.8 | HIGH | β | 0 |
| CVE-2021-47878 eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can ex... | 7.8 | HIGH | β | 0 |
| CVE-2021-47879 eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers c... | 7.8 | HIGH | β | 0 |
| CVE-2021-47880 Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unq... | 7.8 | HIGH | β | 0 |
| CVE-2021-47882 FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path t... | 7.8 | HIGH | β | 0 |
| CVE-2026-23158 In the Linux kernel, the following vulnerability has been resolved: gpio: virtuser: fix UAF in configfs release path The gpio-virtuser configfs release path uses guard(mutex) to protect the device s... | 7.8 | HIGH | β | 0 |
| CVE-2026-23208 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate... | 7.8 | HIGH | β | 0 |
| CVE-2026-23209 In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth... | 7.8 | HIGH | β | 0 |
| CVE-2026-24856 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Versions prior to 2.3.1.2 have an undefined behavior issue ... | 7.8 | HIGH | β | 0 |
| CVE-2020-37060 Atomic Alarm Clock 6.3 contains a local privilege escalation vulnerability in its service configuration that allows attackers to execute arbitrary code with SYSTEM privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2026-1333 A Use of Uninitialized Variable vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow... | 7.8 | HIGH | β | 0 |
| CVE-2020-37059 Popcorn Time 6.2.1.14 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated system privileges. Attackers can insert malicious... | 7.8 | HIGH | β | 0 |
| CVE-2020-37058 Andrea ST Filters Service 1.0.64.7 contains an unquoted service path vulnerability in its Windows service configuration. Local attackers can exploit the unquoted path to inject malicious code that wil... | 7.8 | HIGH | β | 0 |
| CVE-2020-36983 Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured serv... | 7.8 | HIGH | β | 0 |
| CVE-2020-37030 Outline Service 1.3.3 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | β | 0 |
| CVE-2025-69604 An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and F... | 7.8 | HIGH | β | 0 |
| CVE-2026-1361 ASDA-Soft Stack-based Buffer Overflow Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2025-15310 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. | 7.8 | HIGH | β | 0 |
| CVE-2025-33246 NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. A s... | 7.8 | HIGH | β | 0 |
| CVE-2025-33236 NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalati... | 7.8 | HIGH | β | 0 |
| CVE-2025-33239 NVIDIA Megatron Bridge contains a vulnerability in a data merging tutorial, where malicious input could cause a code injection. A successful exploit of this vulnerability might lead to code execution,... | 7.8 | HIGH | β | 0 |
| CVE-2026-21353 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2026-21352 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu... | 7.8 | HIGH | β | 0 |
| CVE-2026-21347 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | β | 0 |
| CVE-2026-21346 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i... | 7.8 | HIGH | β | 0 |
| CVE-2026-21345 Substance3D - Stager versions 3.1.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory struct... | 7.8 | HIGH | β | 0 |
| CVE-2026-20412 In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us... | 7.8 | HIGH | β | 0 |
| CVE-2026-32864 There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW.Β This vulnerability may result in information disclosure or arbitrary code execu... | 7.8 | HIGH | β | 0 |
| CVE-2026-23245 In the Linux kernel, the following vulnerability has been resolved: net/sched: act_gate: snapshot parameters with RCU on replace The gate action can be replaced while the hrtimer callback or dump pa... | 7.8 | HIGH | β | 0 |
| CVE-2026-27806 Fleet is open source device management software. Prior to 4.81.1, the Orbit agent's FileVault disk encryption key rotation flow on collects a local user's password via a GUI dialog and interpolates it... | 7.8 | HIGH | β | 0 |
| CVE-2026-23227 In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Displa... | 7.8 | HIGH | β | 0 |
| CVE-2026-40029 parseusbs before 1.9 contains an OS command injection vulnerability in parseUSBs.py where LNK file paths are passed unsanitized into an os.popen() shell command, allowing arbitrary command execution v... | 7.8 | HIGH | β | 0 |
| CVE-2026-40030 parseusbs before 1.9 contains an OS command injection vulnerability where the volume listing path argument (-v flag) is passed unsanitized into an os.popen() shell command with ls, allowing arbitrary ... | 7.8 | HIGH | β | 0 |
| CVE-2026-28261 Dell Elastic Cloud Storage, version 3.8.1.7 and prior, and Dell ObjectScale,Β versions prior to 4.1.0.3 and version 4.2.0.0, contains an Insertion of Sensitive Information into Log File vulnerability. ... | 7.8 | HIGH | β | 0 |
| CVE-2026-23253 In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: fix wrong reinitialization of ringbuffer on reopen dvb_dvr_open() calls dvb_ringbuffer_init() when a new reader o... | 7.8 | HIGH | β | 0 |
| CVE-2026-25656 A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3), User Management Component (UMC) (All versions < V2.15.2.1). The affected application permits improper modification of a conf... | 7.8 | HIGH | β | 0 |
| CVE-2026-26176 Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-34628 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-34631 InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this iss... | 7.8 | HIGH | β | 0 |
| CVE-2026-27292 Adobe Framemaker versions 2022.8 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue... | 7.8 | HIGH | β | 0 |
| CVE-2026-27293 Adobe Framemaker versions 2022.8 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2026-27294 Adobe Framemaker versions 2022.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure... | 7.8 | HIGH | β | 0 |
| CVE-2026-23012 In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, t... | 7.8 | HIGH | β | 0 |
| CVE-2026-23010 In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited c... | 7.8 | HIGH | β | 0 |
| CVE-2026-23001 In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan... | 7.8 | HIGH | β | 0 |
| CVE-2026-33150 libfuse is the reference implementation of the Linux FUSE. From version 3.18.0 to before version 3.18.2, a use-after-free vulnerability in the io_uring subsystem of libfuse allows a local attacker to ... | 7.8 | HIGH | β | 0 |
| CVE-2026-32032 OpenClaw versions prior to 2026.2.22 contain an arbitrary shell execution vulnerability in shell environment fallback that trusts the unvalidated SHELL path from the host environment. An attacker with... | 7.8 | HIGH | β | 0 |
| CVE-2026-27296 Adobe Framemaker versions 2022.8 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. E... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.