Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59413 2025-09-22 MEDIUM 6.5 CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that…
CVE-2025-9487 2025-09-22 MEDIUM 4.7 The Admin and Site Enhancements (ASE) WordPress plugin before 7.9.8 does not sanitise SVG files when uploaded via xmlrpc.php when…
CVE-2025-9115 2025-09-22 MEDIUM 5.6 The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute,…
CVE-2025-59412 2025-09-22 MEDIUM 5.4 CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied…
CVE-2025-59411 2025-09-22 MEDIUM 5.4 CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that…
CVE-2025-59335 2025-09-22 HIGH 7.1 CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a…
CVE-2025-57434 2025-09-22 N/A 0.0 Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access…
CVE-2025-57431 2025-09-22 N/A 0.0 The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update…
CVE-2025-43807 2025-09-22 N/A 0.0 Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through…
CVE-2025-10807 2025-09-22 MEDIUM 6.3 A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing…
CVE-2025-10806 2025-09-22 MEDIUM 6.3 A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file…
CVE-2025-10775 2025-09-22 MEDIUM 4.7 A security vulnerability has been detected in Wavlink WL-NU516U1 240425. This vulnerability affects the function sub_4012A0 of the file /cgi-bin/login.cgi.…
CVE-2025-57682 2025-09-22 MEDIUM 6.5 Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through…
CVE-2025-57605 2025-09-22 N/A 0.0 Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges…
CVE-2025-57602 2025-09-22 N/A 0.0 Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded…
CVE-2025-57601 2025-09-22 N/A 0.0 AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all…
CVE-2025-57433 2025-09-22 N/A 0.0 The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a…
CVE-2025-57432 2025-09-22 N/A 0.0 Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote…
CVE-2025-57430 2025-09-22 N/A 0.0 Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal…
CVE-2025-51006 2025-09-22 HIGH 7.8 Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered…
CVE-2025-36202 2025-09-22 HIGH 7.5 IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the…
CVE-2025-36037 2025-09-22 MEDIUM 5.4 IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to…
CVE-2025-35042 2025-09-22 CRITICAL 9.8 Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI…
CVE-2025-35041 2025-09-22 HIGH 7.5 Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A…
CVE-2025-10805 2025-09-22 MEDIUM 6.3 A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file…
CVE-2025-10804 2025-09-22 MEDIUM 6.3 A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality…
CVE-2025-10789 2025-09-22 HIGH 7.3 A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. The impacted element is an unknown function of the…
CVE-2025-10788 2025-09-22 HIGH 7.3 A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. The affected element is an unknown function of the…
CVE-2025-10787 2025-09-22 MEDIUM 6.3 A vulnerability was found in MuYuCMS up to 2.7. Impacted is an unknown function of the file /index/index.html of the…
CVE-2025-10783 2025-09-22 HIGH 7.3 A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected by this vulnerability is an unknown functionality…
CVE-2025-10782 2025-09-22 HIGH 7.3 A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the…
CVE-2025-10781 2025-09-22 HIGH 7.3 A vulnerability was identified in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/edit_class.php.…
CVE-2025-10780 2025-09-22 MEDIUM 6.3 A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This…
CVE-2025-10779 2025-09-22 HIGH 8.8 A vulnerability was found in D-Link DCS-935L up to 1.13.01. The impacted element is the function sub_402280 of the file…
CVE-2025-10776 2025-09-22 LOW 3.7 A vulnerability was detected in LionCoders SalePro POS up to 5.5.0. This issue affects some unknown processing of the component…
CVE-2025-9038 2025-09-22 N/A 0.0 Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile…
CVE-2025-56075 2025-09-22 MEDIUM 5.4 A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows…
CVE-2025-9541 2025-09-22 MEDIUM 4.7 The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role…
CVE-2025-9540 2025-09-22 MEDIUM 4.7 The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role…
CVE-2025-10803 2025-09-22 HIGH 8.8 A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of…
CVE-2025-25177 2025-09-22 MEDIUM 5.1 Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
CVE-2025-10802 2025-09-22 HIGH 7.3 A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php.…
CVE-2025-56074 2025-09-22 N/A 0.0 A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows…
CVE-2025-10801 2025-09-22 HIGH 7.3 A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the…
CVE-2025-10800 2025-09-22 HIGH 7.3 A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the…
CVE-2025-10790 2025-09-22 MEDIUM 6.3 A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the…
CVE-2025-59797 2025-09-22 MEDIUM 5.8 Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the…
CVE-2025-10854 2025-09-22 HIGH 8.1 The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to…
CVE-2025-10799 2025-09-22 HIGH 7.3 A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of…
CVE-2025-46711 2025-09-22 MEDIUM 5.5 Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel…
Página 1 de 3496 Siguiente »