Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-68812 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | β | 0 |
| CVE-2025-68813 In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensu... | N/A | NONE | β | 0 |
| CVE-2025-68814 In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in __io_openat_prep() __io_openat_prep() allocates a struct filename using getname(). However, for th... | N/A | NONE | β | 0 |
| CVE-2025-68819 In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does ... | N/A | NONE | β | 0 |
| CVE-2025-68820 In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh ... | N/A | NONE | β | 0 |
| CVE-2025-68821 In the Linux kernel, the following vulnerability has been resolved: fuse: fix readahead reclaim deadlock Commit e26ee4efbc79 ("fuse: allocate ff->release_args only if release is needed") skips alloc... | N/A | NONE | β | 0 |
| CVE-2025-68822 In the Linux kernel, the following vulnerability has been resolved: Input: alps - fix use-after-free bugs caused by dev3_register_work The dev3_register_work delayed work item is initialized within ... | N/A | NONE | β | 0 |
| CVE-2025-69990 phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted. | 9.1 | CRITICAL | β | 0 |
| CVE-2025-69991 phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. | 9.8 | CRITICAL | β | 0 |
| CVE-2025-71024 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Servic... | 7.5 | HIGH | β | 0 |
| CVE-2025-71025 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service ... | 7.5 | HIGH | β | 0 |
| CVE-2025-71026 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (... | 7.5 | HIGH | β | 0 |
| CVE-2025-71027 Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (Do... | 7.5 | HIGH | β | 0 |
| CVE-2025-71064 In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps in the vf driver to apply for resources Currently, hdev->htqp is allocated using hdev->num_tqps, and... | N/A | NONE | β | 0 |
| CVE-2025-71065 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock As Jiaming Zhang and syzbot reported, there is potential deadlock in f2fs as below: Chain e... | N/A | NONE | β | 0 |
| CVE-2025-71066 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The... | N/A | NONE | β | 0 |
| CVE-2025-71069 In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that ge... | N/A | NONE | β | 0 |
| CVE-2025-71070 In the Linux kernel, the following vulnerability has been resolved: ublk: clean up user copy references on ublk server exit If a ublk server process releases a ublk char device file, any requests di... | N/A | NONE | β | 0 |
| CVE-2026-20803 Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network. | 7.2 | HIGH | β | 0 |
| CVE-2025-71068 In the Linux kernel, the following vulnerability has been resolved: svcrdma: bound check rq_pages index in inline path svc_rdma_copy_inline_range indexed rqstp->rq_pages[rc_curpage] without verifyin... | 7.8 | HIGH | β | 0 |
| CVE-2026-21298 Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of... | 7.8 | HIGH | β | 0 |
| CVE-2025-71080 In the Linux kernel, the following vulnerability has been resolved: ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT On PREEMPT_RT kernels, after rt6_get_pcpu_route() returns NULL, the curre... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71086 In the Linux kernel, the following vulnerability has been resolved: net: rose: fix invalid array index in rose_kill_by_device() rose_kill_by_device() collects sockets into a local array[] and then i... | 7.8 | HIGH | β | 0 |
| CVE-2025-71087 In the Linux kernel, the following vulnerability has been resolved: iavf: fix off-by-one issues in iavf_config_rss_reg() There are off-by-one bugs when configuring RSS hash key and lookup table, cau... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-71088 In the Linux kernel, the following vulnerability has been resolved: mptcp: fallback earlier on simult connection Syzkaller reports a simult-connect race leading to inconsistent fallback status: W... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-21299 Substance3D - Modeler versions 1.22.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of... | 7.8 | HIGH | β | 0 |
| CVE-2025-47855 An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in Fortinet FortiFone 7.0.0 through 7.0.1, FortiFone 3.0.13 through 3.0.23 allows an unauthenticated attacker to o... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-58693 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 allows a privileged attacker ... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-59922 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.4, FortiClientEMS 7.4.0 throug... | 7.2 | HIGH | β | 0 |
| CVE-2025-62182 Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file. | N/A | NONE | β | 0 |
| CVE-2025-67685 A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox 4.4 all versions, FortiSandbox 4.2 all versions, FortiSandbox 4.0 ... | 3.8 | LOW | β | 0 |
| CVE-2025-8090 Null pointer dereference in the MsgRegisterEvent() system call could allowΒ an attacker with local access and code execution abilities to crash theΒ QNX Neutrino kernel. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-0386 Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network. | 7.5 | HIGH | β | 0 |
| CVE-2026-20804 Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | 7.7 | HIGH | β | 0 |
| CVE-2026-20808 Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-20809 Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21300 Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user in... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20810 Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20811 Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20812 Improper input validation in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to perform tampering over a network. | 6.5 | MEDIUM | β | 0 |
| CVE-2026-20814 Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-21301 Substance3D - Modeler versions 1.22.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. Exploitation of this issue requires user in... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20815 Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | β | 0 |
| CVE-2026-20816 Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20817 Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20818 Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally. | 6.2 | MEDIUM | β | 0 |
| CVE-2026-20819 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2021-47775 YouTube Video Grabber, now referred to as YouTube Downloader, 1.9.9.1 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the Structured Exception H... | 8.4 | HIGH | β | 0 |
| CVE-2026-20820 Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2023-7343 HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to t... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.