Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-23353 NVIDIA Megatron-LM for all platforms contains a vulnerability in the msdp preprocessing script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerab... | 7.8 | HIGH | β | 0 |
| CVE-2025-23354 NVIDIA Megatron-LM for all platforms contains a vulnerability in the ensemble_classifer script where malicious data created by an attacker may cause an injection. A successful exploit of this vulnerab... | 7.8 | HIGH | β | 0 |
| CVE-2025-48868 Horilla is a free and open source Human Resource Management System (HRMS). An authenticated Remote Code Execution (RCE) vulnerability exists in Horilla 1.3.0 due to the unsafe use of Pythonβs eval() f... | 7.2 | HIGH | β | 0 |
| CVE-2025-21476 Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake. | 7.8 | HIGH | β | 0 |
| CVE-2025-21481 Memory corruption while performing private key encryption in trusted application. | 7.8 | HIGH | β | 0 |
| CVE-2025-27030 information disclosure while invoking calibration data from user space to update firmware size. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-27033 Information disclosure while running video usecase having rogue firmware. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-27036 Information disclosure when Video engine escape input data is less than expected minimum size. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-27037 Memory corruption while processing config_dev IOCTL when camera kernel driver drops its reference to CPU buffers. | 7.8 | HIGH | β | 0 |
| CVE-2025-27077 Memory corruption while processing message in guest VM. | 7.8 | HIGH | β | 0 |
| CVE-2025-47314 Memory corruption while processing data sent by FE driver. | 7.8 | HIGH | β | 0 |
| CVE-2025-47315 Memory corruption while handling repeated memory unmap requests from guest VM. | 7.8 | HIGH | β | 0 |
| CVE-2025-47316 Memory corruption due to double free when multiple threads race to set the timestamp store. | 7.8 | HIGH | β | 0 |
| CVE-2025-47317 Memory corruption due to global buffer overflow when a test command uses an invalid payload type. | 7.8 | HIGH | β | 0 |
| CVE-2025-47326 Transient DOS while handling command data during power control processing. | 7.5 | HIGH | β | 0 |
| CVE-2025-47327 Memory corruption while encoding the image data. | 7.8 | HIGH | β | 0 |
| CVE-2025-47328 Transient DOS while processing power control requests with invalid antenna or stream values. | 7.5 | HIGH | β | 0 |
| CVE-2025-47329 Memory corruption while handling invalid inputs in application info setup. | 7.8 | HIGH | β | 0 |
| CVE-2025-56819 An issue in Datart v.1.0.0-rc.3 allows a remote attacker to execute arbitrary code via the INIT connection parameter. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-10500 Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-10501 Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-20339 A vulnerability in the access control list (ACL) processing of IPv4 packets of Cisco SD-WAN vEdge Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerabi... | 5.8 | MEDIUM | β | 0 |
| CVE-2025-10502 Heap buffer overflow in ANGLE in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High... | 8.8 | HIGH | β | 0 |
| CVE-2025-10890 Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | 9.1 | CRITICAL | β | 0 |
| CVE-2025-10891 Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-10892 Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | HIGH | β | 0 |
| CVE-2025-10909 A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the arg... | 2.4 | LOW | β | 0 |
| CVE-2025-20334 A vulnerability in the HTTP API subsystem of Cisco IOS XE Software could allow a remote attacker to inject commands that will execute with root privileges into the underlying operating system. This... | 8.8 | HIGH | β | 0 |
| CVE-2025-20364 A vulnerability in the Device Analytics action frame processing of Cisco Wireless Access Point (AP) Software could allow an unauthenticated, adjacent attacker to inject wireless 802.11 action frames w... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-20365 A vulnerability in the IPv6 Router Advertisement (RA) packet processing of Cisco Access Point Software could allow an unauthenticated, adjacent attacker to modify the IPv6 gateway on an affected devic... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-56815 Datart 1.0.0-rc.3 is vulnerable to Directory Traversal in the POST /viz/image interface, since the server directly uses MultipartFile.transferTo() to save the uploaded file to a path controllable by t... | 7.1 | HIGH | β | 0 |
| CVE-2025-56816 Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The a... | 8.8 | HIGH | β | 0 |
| CVE-2025-20149 A vulnerability in the CLI of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of ser... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-20160 A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentic... | 8.1 | HIGH | β | 0 |
| CVE-2025-20240 A vulnerability in the Web Authentication feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting attack (XSS) on an affected devic... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-20327 A vulnerability in the web UI of Cisco IOS Software could allow an authenticated, remote attacker with low privileges to cause a denial of service (DoS) condition on an affected device. This vulner... | 7.7 | HIGH | β | 0 |
| CVE-2025-20293 A vulnerability in the Day One setup process of Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers for Cloud (9800-CL) could allow an unauthenticated, remote attacker to access the pu... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-20311 A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to becom... | 7.4 | HIGH | β | 0 |
| CVE-2025-20312 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an aff... | 7.7 | HIGH | β | 0 |
| CVE-2025-20313 Multiple vulnerabilities in Cisco IOS XE Software of could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute ... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20314 A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute pers... | 6.7 | MEDIUM | β | 0 |
| CVE-2025-20315 A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, causing a de... | 8.6 | HIGH | β | 0 |
| CVE-2025-20316 A vulnerability in the access control list (ACL) programming of Cisco IOS XE Software for Cisco Catalyst 9500X and 9600X Series Switches could allow an unauthenticated, remote attacker to bypass a con... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-48867 Horilla is a free and open source Human Resource Management System (HRMS). A stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inje... | 4.8 | MEDIUM | β | 0 |
| CVE-2025-48869 Horilla is a free and open source Human Resource Management System (HRMS). Unauthenticated users can access uploaded resume files in Horilla 1.3.0 by directly guessing or predicting file URLs. These f... | 7.5 | HIGH | β | 0 |
| CVE-2025-52906 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1360... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-52907 Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | 8.8 | HIGH | β | 0 |
| CVE-2025-57350 The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to... | 8.6 | HIGH | β | 0 |
| CVE-2025-57352 A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input inv... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-57349 The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions... | 7.5 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.