Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-29792 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-29793 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 7.2 | HIGH | — | 0 |
| CVE-2025-29794 Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | 8.8 | HIGH | — | 0 |
| CVE-2025-29800 Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-29801 Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-29802 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-29804 Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-29805 Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-29809 Insecure storage of sensitive information in Windows Kerberos allows an authorized attacker to bypass a security feature locally. | 7.1 | HIGH | — | 0 |
| CVE-2025-29810 Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-29811 Improper input validation in Windows Mobile Broadband allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-29812 Untrusted pointer dereference in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-53170 Null pointer dereference vulnerability in the application exit cause module Impact: Successful exploitation of this vulnerability may affect function stability. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-29816 Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-29819 External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | — | 0 |
| CVE-2025-29820 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-29822 Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-29823 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | — | 0 |
| CVE-2025-30281 ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary code execution. A high-privileged attacker could levera... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-26479 Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.0, contains an out-of-bounds write vulnerability. An attacker could potentially exploit this vulnerability in NFS workflows, leading to data inte... | 3.1 | LOW | — | 0 |
| CVE-2025-3100 The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-30677 Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive config... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-31672 Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for m... | 5.3 | MEDIUM | — | 0 |
| CVE-2023-33844 IBM Security Verify Governance 10.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-27391 Insertion of Sensitive Information into Log File vulnerability in Apache ActiveMQ Artemis. All the values of the broker properties are logged when the org.apache.activemq.artemis.core.config.impl.Conf... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-22471 Dell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an integer overflow or wraparound vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulner... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0539 In affected Microsoft Windows versions of Octopus Deploy, the server can be coerced into sending server-side requests that contain authentication material allowing a suitably positioned attacker to co... | 8.8 | HIGH | — | 0 |
| CVE-2023-42007 IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended f... | 5.4 | MEDIUM | — | 0 |
| CVE-2023-43035 IBM Sterling Control Center 6.2.1, 6.3.1, and 6.4.0 allows web pages to be stored locally which can be read by another user on the system. | 4.0 | MEDIUM | — | 0 |
| CVE-2023-43037 IBM Maximo Application Suite 8.11 and 9.0 could allow an authenticated user to perform unauthorized actions due to improper input validation. | 6.5 | MEDIUM | — | 0 |
| CVE-2025-0120 A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their p... | 7.0 | HIGH | — | 0 |
| CVE-2025-32067 Improper Input Validation vulnerability in The Wikimedia Foundation Mediawiki - Growth Experiments Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Growth Experiments Extensi... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-29803 Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. | 7.3 | HIGH | — | 0 |
| CVE-2025-29834 Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | 7.5 | HIGH | — | 0 |
| CVE-2025-32726 Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. | 6.8 | MEDIUM | — | 0 |
| CVE-2024-13337 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is du... | 4.3 | MEDIUM | — | 0 |
| CVE-2024-13338 The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is du... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-3282 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-2947 IBM i 7.6 contains a privilege escalation vulnerability due to incorrect profile swapping in an OS command. A malicious actor can use the command to elevate privileges to gain root access to the ho... | 7.2 | HIGH | — | 0 |
| CVE-2025-3292 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-1455 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Woo Grid widget in all versions up to, and including, 1.7.1012 due to insufficient in... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-1456 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `widgetGrid`, `widgetCountDown`, and `widgetInstagramFeed` methods in all versions up... | 6.4 | MEDIUM | — | 0 |
| CVE-2025-3531 A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-3532 A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of th... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-43852 IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-3533 A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. T... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-3423 IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intende... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-3538 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the a... | 8.8 | HIGH | — | 0 |
| CVE-2025-3555 A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper rest... | 3.7 | LOW | — | 0 |
| CVE-2025-3556 A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipul... | 3.7 | LOW | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.