Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-33252 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
| CVE-2026-25502 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in ic... | 7.8 | HIGH | β | 0 |
| CVE-2019-25272 TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path i... | 7.8 | HIGH | β | 0 |
| CVE-2019-25308 Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code wi... | 7.8 | HIGH | β | 0 |
| CVE-2023-20548 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to corrupt memory resulting in loss of integrity, confidentiality, or availability. | 7.8 | HIGH | β | 0 |
| CVE-2026-29120 The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation (IDC) SFX Series(SFX2100) SuperFlex Satellite Receiver insecurely stores the hardcoded root password ... | 7.8 | HIGH | β | 0 |
| CVE-2026-1284 An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attac... | 7.8 | HIGH | β | 0 |
| CVE-2026-0032 In multiple functions of mem_protect.c, there is a possible out-of-bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileg... | 7.8 | HIGH | β | 0 |
| CVE-2023-31324 A Time-of-check time-of-use (TOCTOU) race condition in the AMD Secure Processor (ASP) could allow an attacker to modify External Global Memory Interconnect Trusted Agent (XGMI TA) commands as they are... | 7.8 | HIGH | β | 0 |
| CVE-2020-36989 ForensiT AppX Management Service 2.2.0.4 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can ex... | 7.8 | HIGH | β | 0 |
| CVE-2026-2914 CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and lower allow potential unauthorized privilege elevation leveraging CyberArk elevation dialogs | 7.8 | HIGH | β | 0 |
| CVE-2019-25274 ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquote... | 7.8 | HIGH | β | 0 |
| CVE-2019-25275 BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exp... | 7.8 | HIGH | β | 0 |
| CVE-2026-3437 An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to ... | 7.8 | HIGH | β | 0 |
| CVE-2026-0875 A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cau... | 7.8 | HIGH | β | 0 |
| CVE-2019-25305 JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and e... | 7.8 | HIGH | β | 0 |
| CVE-2026-26102 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 7.8 | HIGH | β | 0 |
| CVE-2019-25304 SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit th... | 7.8 | HIGH | β | 0 |
| CVE-2025-41727 A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access. | 7.8 | HIGH | β | 0 |
| CVE-2026-0662 A maliciously crafted project directory, when opening a max file in Autodesk 3ds Max, could lead to execution of arbitrary code in the context of the current process due to an Untrusted Search Path be... | 7.8 | HIGH | β | 0 |
| CVE-2026-0661 A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the co... | 7.8 | HIGH | β | 0 |
| CVE-2026-0660 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code... | 7.8 | HIGH | β | 0 |
| CVE-2019-25435 Sricam DeviceViewer 3.12.0.1 contains a local buffer overflow vulnerability in the user management add user function that allows authenticated attackers to execute arbitrary code by bypassing data exe... | 7.8 | HIGH | β | 0 |
| CVE-2026-22980 In the Linux kernel, the following vulnerability has been resolved: nfsd: provide locking for v4_end_grace Writing to v4_end_grace can race with server shutdown and result in memory being accessed a... | 7.8 | HIGH | β | 0 |
| CVE-2025-71155 In the Linux kernel, the following vulnerability has been resolved: KVM: s390: Fix gmap_helper_zap_one_page() again A few checks were missing in gmap_helper_zap_one_page(), which can lead to memory ... | 7.8 | HIGH | β | 0 |
| CVE-2025-71145 In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change fixing a device reference leak in a UDC driver introduced... | 7.8 | HIGH | β | 0 |
| CVE-2026-0659 A maliciously crafted USD file, when loaded or imported into Autodesk Arnold or Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to e... | 7.8 | HIGH | β | 0 |
| CVE-2026-0538 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the... | 7.8 | HIGH | β | 0 |
| CVE-2026-26101 Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | 7.8 | HIGH | β | 0 |
| CVE-2020-36979 Atheros Coex Service Application 8.0.0.255 contains an unquoted service path vulnerability in its Windows service configuration. Attackers can exploit the unquoted path by placing malicious executable... | 7.8 | HIGH | β | 0 |
| CVE-2020-36980 SAntivirus IC 10.0.21.61 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit t... | 7.8 | HIGH | β | 0 |
| CVE-2020-36981 Motorola Device Manager 2.4.5 contains an unquoted service path vulnerability in the PST Service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path ... | 7.8 | HIGH | β | 0 |
| CVE-2020-36982 Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit t... | 7.8 | HIGH | β | 0 |
| CVE-2020-36983 Quick 'n Easy FTP Service 3.2 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code during service startup. Attackers can exploit the misconfigured serv... | 7.8 | HIGH | β | 0 |
| CVE-2026-23599 A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attac... | 7.8 | HIGH | β | 0 |
| CVE-2026-24905 Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, ... | 7.8 | HIGH | β | 0 |
| CVE-2026-2627 A security flaw has been discovered in Softland FBackup up to 9.9. This impacts an unknown function in the library C:\Program Files\Common Files\microsoft shared\ink\HID.dll of the component Backup/Re... | 7.8 | HIGH | β | 0 |
| CVE-2026-23648 Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable an... | 7.8 | HIGH | β | 0 |
| CVE-2026-0874 A maliciously crafted CATPART file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, c... | 7.8 | HIGH | β | 0 |
| CVE-2025-33251 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
| CVE-2026-0536 A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code... | 7.8 | HIGH | β | 0 |
| CVE-2026-1442 Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker (or anyone paying attention), the firmware updates may be altered by an ... | 7.8 | HIGH | β | 0 |
| CVE-2026-1361 ASDA-Soft Stack-based Buffer Overflow Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2026-3223 Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | 7.8 | HIGH | β | 0 |
| CVE-2026-23208 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate... | 7.8 | HIGH | β | 0 |
| CVE-2026-27905 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is... | 7.8 | HIGH | β | 0 |
| CVE-2025-66374 CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | 7.8 | HIGH | β | 0 |
| CVE-2025-15311 Tanium addressed an unauthorized code execution vulnerability in Tanium Appliance. | 7.8 | HIGH | β | 0 |
| CVE-2026-26208 ADB Explorer is a fluent UI for ADB on Windows. Prior to Beta 0.9.26020, ADB Explorer is vulnerable to Insecure Deserialization leading to Remote Code Execution. The application attempts to deserializ... | 7.8 | HIGH | β | 0 |
| CVE-2025-33250 NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, denial of service, informat... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.