Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62630 2025-11-06 HIGH 8.8 Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
CVE-2025-62034 2025-11-06 HIGH 8.8 Incorrect Privilege Assignment vulnerability in uxper Togo togo.This issue affects Togo: from n/a through < 1.0.4.
CVE-2025-59171 2025-11-06 HIGH 7.5 Due to insufficient sanitization, an attacker can upload a specially crafted configuration file to traverse directories and achieve remote code execution with system-level permissions.
CVE-2025-62016 2025-11-06 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in hogash Kallyas kallyas.This issue affects Kallyas: from n/a through
CVE-2025-62014 2025-11-06 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme ITok itok.This issue affects ITok: from n/a through
CVE-2025-53573 2025-11-06 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jegtheme Epic Review epic-review allows Reflected XSS.This issue affects Epic Review: from n/a through
CVE-2025-34299 2025-11-07 N/A 0.0 Monsta FTP versions 2.11 and earlier contain a vulnerability that allows unauthenticated arbitrary file uploads. This flaw enables attackers to execute arbitrary code by uploading a specially crafted…
CVE-2025-12857 2025-11-07 MEDIUM 4.7 A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument…
CVE-2025-12856 2025-11-07 MEDIUM 4.7 A weakness has been identified in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/reservation.php. This manipulation of the argument email causes sql…
CVE-2025-12855 2025-11-07 MEDIUM 4.7 A security flaw has been discovered in code-projects Responsive Hotel Site 1.0. This issue affects some unknown processing of the file /admin/newsletterdel.php. The manipulation of the argument eid…
CVE-2025-12036 2025-11-06 HIGH 8.8 Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML…
CVE-2025-11756 2025-11-06 HIGH 8.8 Use after free in Safe Browsing in Google Chrome prior to 141.0.7390.107 allowed a remote attacker who had compromised the renderer process to potentially perform out of bounds…
CVE-2025-12808 2025-11-06 MEDIUM 6.5 Improper access control in Devolutions allows a View-only user to retrieve sensitive third-level nested fields, such as password lists custom values, resulting in password disclosure. This issue affects the…
CVE-2025-12485 2025-11-06 HIGH 8.8 Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does not bypass the…
CVE-2025-11458 2025-11-06 HIGH 8.1 Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.…
CVE-2025-11219 2025-11-06 LOW 3.1 Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.…
CVE-2025-11216 2025-11-06 MEDIUM 6.3 Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity:…
CVE-2025-11210 2025-11-06 MEDIUM 5.4 Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI…
CVE-2025-11208 2025-11-06 MEDIUM 6.3 Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing…
CVE-2025-11206 2025-11-06 HIGH 7.1 Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…
CVE-2025-11205 2025-11-06 HIGH 8.8 Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a…
CVE-2025-12854 2025-11-07 LOW 3.7 A vulnerability was identified in newbee-mall-plus up to 2.4.1. This vulnerability affects the function executeSeckill of the file /seckillExecution/. The manipulation of the argument userid leads to authorization…
CVE-2025-12853 2025-11-07 MEDIUM 4.7 A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can…
CVE-2025-10968 2025-11-07 HIGH 8.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows…
CVE-2025-10870 2025-11-07 N/A 0.0 SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in…
CVE-2025-46413 2025-11-07 MEDIUM 4.3 Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained…
CVE-2025-10955 2025-11-06 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Netcad Software Inc. Netigma allows XSS Through HTTP Query Strings.This issue affects Netigma: from…
CVE-2025-10966 2025-11-07 N/A 0.0 curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM…
CVE-2025-64346 2025-11-07 N/A 0.0 archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library…
CVE-2025-64343 2025-11-07 HIGH 7.8 (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent…
CVE-2025-64339 2025-11-07 N/A 0.0 ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Playlists feature is vulnerable to stored Cross-site Scripting (XSS),specifically in the Playlist…
CVE-2025-12527 2025-11-07 MEDIUM 4.3 The Page & Post Notes plugin for WordPress is vulnerable to unauthorized modification of notes due to a missing capability check on the 'yydev_notes_save_dashboard_data' function in all versions…
CVE-2025-12520 2025-11-07 MEDIUM 4.0 The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient…
CVE-2025-64338 2025-11-07 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-64336 2025-11-07 N/A 0.0 ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular…
CVE-2025-64329 2025-11-07 N/A 0.0 containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation…
CVE-2025-4522 2025-11-07 MEDIUM 6.5 The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Insecure Direct Object Reference via the admin_post_donor_delete() function in versions 2.0.0 to…
CVE-2025-4519 2025-11-07 HIGH 8.8 The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function…
CVE-2025-12352 2025-11-07 CRITICAL 9.8 The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and…
CVE-2025-64328 2025-11-07 N/A 0.0 FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is…
CVE-2025-64323 2025-11-07 MEDIUM 5.3 kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS…
CVE-2025-64187 2025-11-07 N/A 0.0 OctoPrint provides a web interface for controlling consumer 3D printers. Versions 1.11.3 and below are affected by a vulnerability that allows injection of arbitrary HTML and JavaScript into…
CVE-2025-64184 2025-11-07 HIGH 8.8 Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote…
CVE-2025-64180 2025-11-07 CRITICAL 10.0 Manager-io/Manager is accounting software. In Manager Desktop and Server versions 25.11.1.3085 and below, a critical vulnerability permits unauthorized access to internal network resources. The flaw lies in the…
CVE-2025-5483 2025-11-07 HIGH 8.1 The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. This makes…
CVE-2025-11546 2025-11-07 N/A 0.0 CLUSTERPRO X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2 and EXPRESSCLUSTER X for Linux 4.0, 4.1, 4.2, 5.0, 5.1 and 5.2, CLUSTERPRO X SingleServerSafe for Linux…
CVE-2025-52662 2025-11-07 MEDIUM 6.9 A vulnerability in Nuxt DevTools has been fixed in version **2.6.4***. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are…
CVE-2025-48985 2025-11-07 LOW 3.7 A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files.…
CVE-2025-12789 2025-11-07 MEDIUM 6.1 A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that occurs during the logout process. The redirect_uri parameter associated with the…
CVE-2025-64302 2025-11-06 MEDIUM 6.4 Insufficient input sanitization in the dashboard label or path can allow an attacker to trigger a device error causing information disclosure or data manipulation.
Página 1 de 3624 Siguiente »