Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2020-37101 VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in '... | 7.8 | HIGH | β | 0 |
| CVE-2025-70083 An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local bu... | 7.8 | HIGH | β | 0 |
| CVE-2019-25309 Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can explo... | 7.8 | HIGH | β | 0 |
| CVE-2019-25307 WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the un... | 7.8 | HIGH | β | 0 |
| CVE-2019-25306 BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted ... | 7.8 | HIGH | β | 0 |
| CVE-2025-60865 Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component. | 7.8 | HIGH | β | 0 |
| CVE-2020-37099 Disk Savvy Enterprise 12.3.18 contains an unquoted service path vulnerability in its service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the ... | 7.8 | HIGH | β | 0 |
| CVE-2026-6776 Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | 7.8 | HIGH | β | 0 |
| CVE-2024-56808 A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerabi... | 7.8 | HIGH | β | 0 |
| CVE-2026-27821 GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd... | 7.8 | HIGH | β | 0 |
| CVE-2026-21353 DNG SDK versions 1.7.1 2410 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation o... | 7.8 | HIGH | β | 0 |
| CVE-2026-21352 DNG SDK versions 1.7.1 2410 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issu... | 7.8 | HIGH | β | 0 |
| CVE-2026-24071 It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploite... | 7.8 | HIGH | β | 0 |
| CVE-2026-27905 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is... | 7.8 | HIGH | β | 0 |
| CVE-2020-37098 Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted... | 7.8 | HIGH | β | 0 |
| CVE-2026-21347 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio... | 7.8 | HIGH | β | 0 |
| CVE-2026-21346 Bridge versions 15.1.3, 16.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this i... | 7.8 | HIGH | β | 0 |
| CVE-2026-25166 Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25546 Godot MCP is a Model Context Protocol (MCP) server for interacting with the Godot game engine. Prior to version 0.1.1, a command injection vulnerability in godot-mcp allows remote code execution. The ... | 7.8 | HIGH | β | 0 |
| CVE-2025-47379 Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. | 7.8 | HIGH | β | 0 |
| CVE-2026-21325 After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An ... | 7.8 | HIGH | β | 0 |
| CVE-2025-48654 In onStart of CompanionDeviceManagerService.java, there is a possible confused deputy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution pr... | 7.8 | HIGH | β | 0 |
| CVE-2026-21239 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21238 Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-21236 Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2019-25266 Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attacker... | 7.8 | HIGH | β | 0 |
| CVE-2019-25292 Alps HID Monitor Service 8.1.0.10 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the ... | 7.8 | HIGH | β | 0 |
| CVE-2026-26682 An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component | 7.8 | HIGH | β | 0 |
| CVE-2026-23162 In the Linux kernel, the following vulnerability has been resolved: drm/xe/nvm: Fix double-free on aux add failure After a successful auxiliary_device_init(), aux_dev->dev.release (xe_nvm_release_de... | 7.8 | HIGH | β | 0 |
| CVE-2026-26117 Authentication bypass using an alternate path or channel in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25655 A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP2). The affected application permits improper modification of a configuration file by a low-privileged user. This could allow a... | 7.8 | HIGH | β | 0 |
| CVE-2026-32076 Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23720 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while pa... | 7.8 | HIGH | β | 0 |
| CVE-2025-48646 In executeRequest of ActivityStarter.java, there is a possible launch anywhere due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed... | 7.8 | HIGH | β | 0 |
| CVE-2026-23719 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while pars... | 7.8 | HIGH | β | 0 |
| CVE-2026-3483 An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges. | 7.8 | HIGH | β | 0 |
| CVE-2025-70616 A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds ... | 7.8 | HIGH | β | 0 |
| CVE-2025-48645 In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privi... | 7.8 | HIGH | β | 0 |
| CVE-2026-25731 calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an eboo... | 7.8 | HIGH | β | 0 |
| CVE-2026-23105 In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make... | 7.8 | HIGH | β | 0 |
| CVE-2026-31796 iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow in icCurvesFromXml() causing heap memory corruption... | 7.8 | HIGH | β | 0 |
| CVE-2026-35243 Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Ea... | 7.8 | HIGH | β | 0 |
| CVE-2026-20412 In cameraisp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us... | 7.8 | HIGH | β | 0 |
| CVE-2026-32074 Double free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32078 Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32077 Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-40517 radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with n... | 7.8 | HIGH | β | 0 |
| CVE-2026-3223 Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer. | 7.8 | HIGH | β | 0 |
| CVE-2026-20411 In cameraisp, there is a possible escalation of privilege due to use after free. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interac... | 7.8 | HIGH | β | 0 |
| CVE-2025-15595 Privilege escalation via dll hijacking in Inno Setup 6.2.1 and ealier versions. | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.