Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-60717 Use after free in Windows Broadcast DVR User Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-60718 Untrusted search path in Windows Administrator Protection allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-60719 Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-60720 Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-60723 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to deny service over a network. | 6.3 | MEDIUM | β | 0 |
| CVE-2025-60724 Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-60726 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | 7.1 | HIGH | β | 0 |
| CVE-2025-60727 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-60728 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | 4.3 | MEDIUM | β | 0 |
| CVE-2025-61819 Photoshop Desktop versions 26.8.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation ... | 7.8 | HIGH | β | 0 |
| CVE-2025-61820 Illustrator versions 28.7.10, 29.8.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati... | 7.8 | HIGH | β | 0 |
| CVE-2025-61826 Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.... | 7.8 | HIGH | β | 0 |
| CVE-2025-61827 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation... | 7.8 | HIGH | β | 0 |
| CVE-2025-61828 Illustrator on iPad versions 3.0.9 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th... | 7.8 | HIGH | β | 0 |
| CVE-2025-61829 Illustrator on iPad versions 3.0.9 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation... | 7.8 | HIGH | β | 0 |
| CVE-2025-61831 Illustrator versions 28.7.10, 29.8.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2025-61836 Illustrator on iPad versions 3.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user.... | 7.8 | HIGH | β | 0 |
| CVE-2025-61838 Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t... | 7.8 | HIGH | β | 0 |
| CVE-2025-62199 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-62200 Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-62201 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-62202 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | 7.1 | HIGH | β | 0 |
| CVE-2025-62203 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2025-13276 A vulnerability was detected in g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455. This vulnerability affects unknown code of the file /index.php. The manipulation of the ... | 7.3 | HIGH | β | 0 |
| CVE-2025-13277 A flaw has been found in code-projects Nero Social Networking Site 1.0. This issue affects some unknown processing of the file /friendsphoto.php. This manipulation of the argument ID causes sql inject... | 7.3 | HIGH | β | 0 |
| CVE-2025-40834 A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scr... | 5.7 | MEDIUM | β | 0 |
| CVE-2025-13278 A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefro... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13279 A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID resu... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13285 A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the argument Username leads to sql inj... | 7.3 | HIGH | β | 0 |
| CVE-2025-13286 A security flaw has been discovered in itsourcecode Online Voting System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_user. Performing manipulation of the argumen... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13287 A weakness has been identified in itsourcecode Online Voting System 1.0. This affects an unknown function of the file /index.php?page=categories. Executing manipulation of the argument id/category can... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13310 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2025-4321 In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard reset will bring the device to normal operation | N/A | NONE | β | 0 |
| CVE-2025-13288 A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buf... | 8.8 | HIGH | β | 0 |
| CVE-2025-13289 A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-63708 Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnera... | 6.1 | MEDIUM | β | 0 |
| CVE-2025-64046 OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-65083 GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without con... | 3.2 | LOW | β | 0 |
| CVE-2024-46336 kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php. | 6.1 | MEDIUM | β | 0 |
| CVE-2025-13193 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This r... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-13290 A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID l... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-13319 An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The API is not enabled by defaul... | 8.8 | HIGH | β | 0 |
| CVE-2024-44651 Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-44653 Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2024-44657 PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php. | 6.5 | MEDIUM | β | 0 |
| CVE-2025-13297 A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such man... | 7.3 | HIGH | β | 0 |
| CVE-2024-46335 PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php. | 4.6 | MEDIUM | β | 0 |
| CVE-2025-13216 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accide... | N/A | NONE | β | 0 |
| CVE-2025-64342 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address (AA) of 0x00000... | N/A | NONE | β | 0 |
| CVE-2025-64758 @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software ... | 4.8 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.