Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-24311 An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted Contro... | 8.4 | HIGH | โ | 0 |
| CVE-2025-26395 SolarWinds Observability Self-Hosted was susceptible to a cross-site scripting (XSS) vulnerability due to an unsanitized field in the URL. The attack requires authentication using an administrator-l... | 7.1 | HIGH | โ | 0 |
| CVE-2025-5335 A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the Autodesk Installer application. Ex... | 7.8 | HIGH | โ | 0 |
| CVE-2025-5986 A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-49133 Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the ... | 5.9 | MEDIUM | โ | 0 |
| CVE-2025-24922 A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior toย 6.2.26.36. A specially craft... | 8.8 | HIGH | โ | 0 |
| CVE-2025-4231 A command injection vulnerability in Palo Alto Networks PAN-OSยฎ enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the manageme... | 7.2 | HIGH | โ | 0 |
| CVE-2025-28380 A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter. | 6.1 | MEDIUM | โ | 0 |
| CVE-2025-28381 A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers. | 7.5 | HIGH | โ | 0 |
| CVE-2025-28382 An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. | 7.5 | HIGH | โ | 0 |
| CVE-2025-28384 An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal. | 9.1 | CRITICAL | โ | 0 |
| CVE-2025-28388 OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-69328 Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Ma... | 8.8 | HIGH | โ | 0 |
| CVE-2025-6095 A vulnerability, which was classified as critical, was found in codesiddhant Jasmin Ransomware 1.0.1. Affected is an unknown function of the file /checklogin.php. The manipulation of the argument user... | 7.3 | HIGH | โ | 0 |
| CVE-2025-6096 A vulnerability has been found in codesiddhant Jasmin Ransomware up to 1.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard.php. The mani... | 6.3 | MEDIUM | โ | 0 |
| CVE-2025-48976 Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; fro... | 7.5 | HIGH | โ | 0 |
| CVE-2025-48988 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 thr... | 7.5 | HIGH | โ | 0 |
| CVE-2025-49124 Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Ap... | 8.4 | HIGH | โ | 0 |
| CVE-2025-49125 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.ย When using PreResources or PostResources mounted other than at the root of the web application, it was possibl... | 7.5 | HIGH | โ | 0 |
| CVE-2025-49795 A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of serv... | 7.5 | HIGH | โ | 0 |
| CVE-2025-6159 A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument... | 7.3 | HIGH | โ | 0 |
| CVE-2025-6161 A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the ar... | 7.3 | HIGH | โ | 0 |
| CVE-2006-0331 Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | N/A | NONE | โ | 0 |
| CVE-2006-2249 Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2)... | N/A | NONE | โ | 0 |
| CVE-2025-4404 A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the uniqueness of the `krbCanonicalName` for the admin account by defau... | 9.1 | CRITICAL | โ | 0 |
| CVE-2025-34508 A path traversal vulnerability exists in the file dropoff functionality of ZendTo versions 6.15-7 and prior. This could allow a remote, authenticated attacker to retrieve the files of other ZendTo us... | 6.3 | MEDIUM | โ | 0 |
| CVE-2025-6199 A flaw was found in the GIF parser of GdkPixbufโs LZW decoder. When an invalid symbol is encountered during decompression, the decoder sets the reported output size to the full buffer length rather th... | 3.3 | LOW | โ | 0 |
| CVE-2025-38008 In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted... | 4.7 | MEDIUM | โ | 0 |
| CVE-2025-38010 In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses bias_pad_enable as a reference c... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38012 In the Linux kernel, the following vulnerability has been resolved: sched_ext: bpf_iter_scx_dsq_new() should always initialize iterator BPF programs may call next() and destroy() on BPF iterators ev... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38013 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating the... | 7.8 | HIGH | โ | 0 |
| CVE-2025-38014 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Refactor remove call with idxd_cleanup() helper The idxd_cleanup() helper cleans up perfmon, interrupts, internal... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38016 In the Linux kernel, the following vulnerability has been resolved: HID: bpf: abort dispatch if device destroyed The current HID bpf implementation assumes no output report/request will go through i... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38019 In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices The driver only offloads neighbors that are constructed o... | 7.8 | HIGH | โ | 0 |
| CVE-2025-38021 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check of pipe_ctx->plane_state for update_dchubp_dpp Similar to commit 6a057072ddd1 ("drm/amd/display: F... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38025 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7606: check for NULL before calling sw_mode_config() Check that the sw_mode_config function pointer is not NULL before... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38028 In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fix a race in nfs_local_open_fh() Once the clp->cl_uuid.lock has been dropped, another CPU could come in and free the... | 4.7 | MEDIUM | โ | 0 |
| CVE-2025-38029 In the Linux kernel, the following vulnerability has been resolved: kasan: avoid sleepable page allocation from atomic context apply_to_pte_range() enters the lazy MMU mode and then invokes kasan_po... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38032 In the Linux kernel, the following vulnerability has been resolved: mr: consolidate the ipmr_can_free_table() checks. Guoyu Yin reported a splat in the ipmr netns cleanup path: WARNING: CPU: 2 PID:... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38033 In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88 Calling core::fmt::write() from rust code while FineIBT is enab... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38036 In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Perform early GT MMIO initialization to read GMDID VFs need to communicate with the GuC to obtain the GMDID value and e... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38038 In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost set_boost is a per-policy function call, hence a driver wide lock... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38050 In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix kernel NULL pointer dereference when replacing free hugetlb folios A kernel crash was observed when replacing free... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-69329 Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through < 1.4.1. | 9.8 | CRITICAL | โ | 0 |
| CVE-2025-38039 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is al... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38041 In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparent GPU clock during frequency changes The H616 manual does not state that the GPU PLL supports dynamic ... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38042 In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn The user of k3_udma_glue_reset_rx_chn() e.g. ti... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38045 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the du... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38047 In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the ... | 5.5 | MEDIUM | โ | 0 |
| CVE-2025-38053 In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpf_features_check idpf_features_check is used to validate the TX packet. skb header length is compar... | 5.5 | MEDIUM | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.