Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8146 2025-08-02 MEDIUM 6.4 The Qi Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's TypeOut Text widget…
CVE-2025-7694 2025-08-02 MEDIUM 6.8 The Woffice Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the…
CVE-2025-6078 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application allows an authenticated user to add notes on the 'Notes' page…
CVE-2025-6077 2025-08-02 N/A 0.0 Partner Software's Partner Software Product and corresponding Partner Web application use the same default username and password for the administrator…
CVE-2025-6076 2025-08-02 N/A 0.0 Partner Software's Partner Software application and Partner Web application do not sanitize files uploaded on the "reports" tab, allowing an…
CVE-2025-54796 2025-08-02 HIGH 7.5 Copyparty is a portable file server. Versions prior to 1.18.9, the filter parameter for the "Recent Uploads" page allows arbitrary…
CVE-2025-54790 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not…
CVE-2025-54789 2025-08-02 N/A 0.0 Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move…
CVE-2025-54782 2025-08-02 N/A 0.0 Nest is a framework for building scalable Node.js server-side applications. In versions 0.2.0 and below, a critical Remote Code Execution…
CVE-2025-54781 2025-08-02 LOW 2.8 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version…
CVE-2025-54386 2025-08-02 N/A 0.0 Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a…
CVE-2025-54136 2025-08-02 HIGH 7.2 Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and…
CVE-2025-54133 2025-08-02 N/A 0.0 Cursor is a code editor built for programming with AI. In versions 1.17 through 1.2, there is a UI information…
CVE-2025-54792 2025-08-01 N/A 0.0 LocalSend is an open-source app to securely share files and messages with nearby devices over local networks without needing an…
CVE-2025-54424 2025-08-01 HIGH 8.1 1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server.…
CVE-2025-54132 2025-08-01 MEDIUM 4.4 Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid (which is used to render…
CVE-2025-54131 2025-08-01 MEDIUM 6.4 Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow…
CVE-2024-13978 2025-08-01 LOW 2.5 A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is…
CVE-2013-10063 2025-08-01 N/A 0.0 A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions
CVE-2013-10062 2025-08-01 N/A 0.0 A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and…
CVE-2013-10061 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45)…
CVE-2013-10060 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via…
CVE-2013-10059 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm…
CVE-2013-10058 2025-08-01 N/A 0.0 An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the…
CVE-2013-10057 2025-08-01 N/A 0.0 A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is…
CVE-2013-10055 2025-08-01 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The…
CVE-2013-10053 2025-08-01 N/A 0.0 A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername…
CVE-2013-10051 2025-08-01 N/A 0.0 A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within…
CVE-2013-10050 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via…
CVE-2013-10049 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint…
CVE-2013-10048 2025-08-01 N/A 0.0 An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and…
CVE-2013-10047 2025-08-01 N/A 0.0 An unrestricted file upload vulnerability exists in MiniWeb HTTP Server
CVE-2013-10046 2025-08-01 N/A 0.0 A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary…
CVE-2013-10044 2025-08-01 N/A 0.0 An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator…
CVE-2012-10022 2025-08-01 N/A 0.0 Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The…
CVE-2025-54564 2025-08-01 HIGH 7.8 uploadsm in ChargePoint Home Flex 5.5.4.13 does not validate a user-controlled string for bz2 decompression, which allows command execution as…
CVE-2025-50870 2025-08-01 CRITICAL 9.8 Institute-of-Current-Students 1.0 is vulnerable to Incorrect Access Control in the mydetailsstudent.php endpoint. The myds GET parameter accepts an email address…
CVE-2025-8480 2025-08-01 HIGH 8.0 Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8477 2025-08-01 HIGH 7.4 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-8476 2025-08-01 HIGH 7.1 Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of…
CVE-2025-8475 2025-08-01 HIGH 7.4 Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on…
CVE-2025-8474 2025-08-01 MEDIUM 6.8 Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on…
CVE-2025-8473 2025-08-01 MEDIUM 6.4 Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of…
CVE-2025-8472 2025-08-01 HIGH 7.4 Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code…
CVE-2025-6037 2025-08-01 MEDIUM 6.8 Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA…
CVE-2025-6015 2025-08-01 MEDIUM 5.7 Vault and Vault Enterprise’s (“Vault”) login MFA rate limits could be bypassed and TOTP tokens could be reused. Fixed in…
CVE-2025-6014 2025-08-01 MEDIUM 6.5 Vault and Vault Enterprise’s (“Vault”) TOTP Secrets Engine code validation endpoint is susceptible to code reuse within its validity period.…
CVE-2025-6011 2025-08-01 LOW 3.7 A timing side channel in Vault and Vault Enterprise’s (“Vault”) userpass auth method allowed an attacker to distinguish between existing…
CVE-2025-6004 2025-08-01 MEDIUM 5.3 Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault…
CVE-2025-6000 2025-08-01 CRITICAL 9.1 A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying…
Página 1 de 3359 Siguiente »