Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-37972 In the Linux kernel, the following vulnerability has been resolved: Input: mtk-pmic-keys - fix possible null pointer dereference In mtk_pmic_keys_probe, the regs parameter is only set if the button ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37979 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver supp... | 7.8 | HIGH | β | 0 |
| CVE-2025-43755 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.13, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 202... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-37982 In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETI... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37983 In the Linux kernel, the following vulnerability has been resolved: qibfs: fix _another_ leak failure to allocate inode => leaked dentry... this one had been there since the initial merge; to be fa... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37985 In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a cha... | 4.7 | MEDIUM | β | 0 |
| CVE-2025-37989 In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-9817 SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | 7.8 | HIGH | β | 0 |
| CVE-2025-37990 In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37991 In the Linux kernel, the following vulnerability has been resolved: parisc: Fix double SIGFPE crash Camm noticed that on parisc a SIGFPE exception will crash an application with a second SIGFPE in t... | 7.8 | HIGH | β | 0 |
| CVE-2025-44893 FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function. | 9.8 | CRITICAL | β | 0 |
| CVE-2022-31807 A vulnerability has been identified in Building X - Security Manager Edge Controller (ACC-AP) (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow... | 6.2 | MEDIUM | β | 0 |
| CVE-2025-43776 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-5114 A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9l... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-37992 In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only t... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-48742 The installer in SIGB PMB before and fixed in v.8.0.1.2 allows remote code execution. | 5.4 | MEDIUM | β | 0 |
| CVE-2025-48057 Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.1... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-37994 In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37995 In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is ... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37997 In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the regi... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-37998 In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in outp... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-4967 Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portalβs SSRF protections. | 9.1 | CRITICAL | β | 0 |
| CVE-2025-47952 Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using a PathPrefix, Pa... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-4433 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to pe... | 8.8 | HIGH | β | 0 |
| CVE-2025-62034 Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4. | 8.8 | HIGH | β | 0 |
| CVE-2024-7096 A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user with elevated permissions only when a... | 4.2 | MEDIUM | β | 0 |
| CVE-2023-26226 A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682 | 9.8 | CRITICAL | β | 0 |
| CVE-2025-5409 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the component API ... | 7.3 | HIGH | β | 0 |
| CVE-2025-5410 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middl... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-5411 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The manipulation... | 3.5 | LOW | β | 0 |
| CVE-2025-38003 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the pro... | 5.5 | MEDIUM | β | 0 |
| CVE-2025-5412 A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication Endpoin... | 3.5 | LOW | β | 0 |
| CVE-2024-12168 Yandex Telemost for Desktop before 2.7.0Β has a DLL Hijacking Vulnerability because an untrusted search path is used. | 7.8 | HIGH | β | 0 |
| CVE-2024-53010 Memory corruption may occur while attaching VM when the HLOS retains access to VM. | 7.8 | HIGH | β | 0 |
| CVE-2024-53015 Memory corruption while processing IOCTL command to handle buffers associated with a session. | 6.6 | MEDIUM | β | 0 |
| CVE-2024-53020 Information disclosure may occur while decoding the RTP packet with invalid header extension from network. | 8.2 | HIGH | β | 0 |
| CVE-2024-53021 Information disclosure may occur while processing goodbye RTCP packet from network. | 8.2 | HIGH | β | 0 |
| CVE-2024-53026 Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call. | 8.2 | HIGH | β | 0 |
| CVE-2025-21463 Transient DOS while processing the EHT operation IE in the received beacon frame. | 7.5 | HIGH | β | 0 |
| CVE-2025-38004 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer... | 7.1 | HIGH | β | 0 |
| CVE-2025-30360 webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access a mal... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-49000 InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in `label-sheet` plugin lacks an upper bound, so a large value forces the server to alloc... | 3.5 | LOW | β | 0 |
| CVE-2025-20994 Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitr... | 4.5 | MEDIUM | β | 0 |
| CVE-2025-20995 Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files. | 4.9 | MEDIUM | β | 0 |
| CVE-2025-5601 Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | 7.8 | HIGH | β | 0 |
| CVE-2025-38000 In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue... | 7.8 | HIGH | β | 0 |
| CVE-2025-5916 A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT6... | 3.9 | LOW | β | 0 |
| CVE-2025-5917 A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write ove... | 2.8 | LOW | β | 0 |
| CVE-2023-20599 Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASPβs Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of c... | 7.9 | HIGH | β | 0 |
| CVE-2025-2474 Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the pro... | 9.8 | CRITICAL | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.