Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2025-53510 A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made ... | 8.8 | HIGH | β | 0 |
| CVE-2025-57804 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting CRLF... | N/A | NONE | β | 0 |
| CVE-2025-25732 Incorrect access control in the EEPROM component of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows attackers to replace password h... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-25733 Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to... | 3.5 | LOW | β | 0 |
| CVE-2025-25734 Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute a... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-25735 Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers (PRRs), allowing attackers with soft... | 4.6 | MEDIUM | β | 0 |
| CVE-2025-25736 Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge (ADB) pre-installed (/mnt/c3platpersistent/opt/platform-tools/adb) ... | 6.8 | MEDIUM | β | 0 |
| CVE-2024-43166 Incorrect Default Permissions vulnerability in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the i... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-25737 Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack secure password requirements for its BIOS Supervisor and User acco... | 6.8 | MEDIUM | β | 0 |
| CVE-2025-55212 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":") to monta... | 3.7 | LOW | β | 0 |
| CVE-2025-9491 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows... | 7.8 | HIGH | β | 0 |
| CVE-2025-55298 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in Interpre... | 7.5 | HIGH | β | 0 |
| CVE-2023-41471 Cross Site Scripting vulnerability in copyparty before 1.9.2 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function. NOTE: this is disputed because WEEKE... | 7.8 | HIGH | β | 0 |
| CVE-2025-57803 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in the ... | 7.5 | HIGH | β | 0 |
| CVE-2025-40779 If a DHCPv4 client sends a request with some specific options, and Kea fails to find an appropriate subnet for the client, the `kea-dhcp4` process will abort with an assertion failure. This happens o... | 7.5 | HIGH | β | 0 |
| CVE-2023-7308 SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fail... | 7.5 | HIGH | β | 0 |
| CVE-2024-13982 SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rj_get_token.php endpoint. The flaw arise... | N/A | NONE | β | 0 |
| CVE-2025-54995 Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination.... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-8067 A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent throu... | 8.5 | HIGH | β | 0 |
| CVE-2024-13986 Nagios XI < 2024R1.3.2 contains a remote code execution vulnerability by chaining two flaws: an arbitrary file upload and a path traversal in the Core Config Snapshots interface. The issue arises from... | 8.8 | HIGH | β | 0 |
| CVE-2025-31972 HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data tra... | 6.5 | MEDIUM | β | 0 |
| CVE-2025-31977 HCL BigFix SM is affected by cryptographic weakness due to weak or outdated encryption algorithms.Β An attacker with network access could exploit this weakness to decrypt or manipulate encrypted commu... | 5.3 | MEDIUM | β | 0 |
| CVE-2025-58047 Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.3... | 7.5 | HIGH | β | 0 |
| CVE-2025-57052 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricte... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-43187 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. Running an hdiutil command may unexpectedly execute arbi... | 7.8 | HIGH | β | 0 |
| CVE-2025-43255 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.7, macOS Sequoia 15.6, macOS Ventura 13.7.7. An app may be able to cause unexpected system t... | 3.3 | LOW | β | 0 |
| CVE-2025-43268 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | 7.8 | HIGH | β | 0 |
| CVE-2025-9610 A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname cau... | 7.3 | HIGH | β | 0 |
| CVE-2025-9647 A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. ... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-9667 A vulnerability was detected in code-projects Simple Grading System 1.0. This affects an unknown part of the file /delete_account.php of the component Admin Panel. Performing manipulation of the argum... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-43558 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | β | 0 |
| CVE-2025-44033 SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.ja... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9665 A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This m... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-9666 A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-7403 Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption. | 7.6 | HIGH | β | 0 |
| CVE-2025-58068 Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. Thi... | 9.1 | CRITICAL | β | 0 |
| CVE-2025-34164 A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or execute arbitrary cod... | N/A | NONE | β | 0 |
| CVE-2025-9733 A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /login_timeee.php. Performing manipulation of the argument emp_i... | 7.3 | HIGH | β | 0 |
| CVE-2025-9789 A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argu... | 7.3 | HIGH | β | 0 |
| CVE-2025-9790 A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results in... | 7.3 | HIGH | β | 0 |
| CVE-2025-9841 A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductI... | 6.3 | MEDIUM | β | 0 |
| CVE-2022-43559 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | β | 0 |
| CVE-2024-28988 SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This... | 9.8 | CRITICAL | β | 0 |
| CVE-2025-9800 A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of th... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-9801 A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path trav... | 5.4 | MEDIUM | β | 0 |
| CVE-2025-9805 A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulat... | 6.3 | MEDIUM | β | 0 |
| CVE-2025-43726 Dell Alienware Command Center 5.x (AWCC), versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access ('Link Following')" vulnerability. A low privileged attacker with local ac... | 6.7 | MEDIUM | β | 0 |
| CVE-2022-43560 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used. | N/A | NONE | β | 0 |
| CVE-2025-58458 In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying... | 4.3 | MEDIUM | β | 0 |
| CVE-2025-58459 Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs. | 4.3 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.