Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57631 2025-09-16 N/A 0.0 SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload…
CVE-2025-56264 2025-09-16 N/A 0.0 The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
CVE-2025-56263 2025-09-16 N/A 0.0 by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files…
CVE-2025-56697 2025-09-16 MEDIUM 6.1 A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the /users/adminpanel/admin/home.php?page=feedbacks file of Kashipara Computer Base Test v1.0. Attackers can…
CVE-2025-44034 2025-09-16 HIGH 8.0 SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in…
CVE-2025-41249 2025-09-16 HIGH 7.5 The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super…
CVE-2025-41248 2025-09-16 HIGH 7.5 The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super…
CVE-2025-43332 2025-09-15 MEDIUM 6.5 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8,…
CVE-2025-43328 2025-09-15 MEDIUM 5.3 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be…
CVE-2025-43308 2025-09-15 MEDIUM 5.3 This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS…
CVE-2025-34187 2025-09-16 N/A 0.0 Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain…
CVE-2025-34186 2025-09-16 N/A 0.0 Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a…
CVE-2025-34185 2025-09-16 N/A 0.0 Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a pre-authentication file disclosure vulnerability via the 'db_log' POST parameter. Remote attackers…
CVE-2025-34184 2025-09-16 N/A 0.0 Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers…
CVE-2025-34183 2025-09-16 N/A 0.0 Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains a vulnerability in its server-side logging mechanism that allows unauthenticated remote attackers…
CVE-2025-10563 2025-09-16 HIGH 7.3 A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the…
CVE-2025-59334 2025-09-16 CRITICAL 9.6 Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify…
CVE-2025-56557 2025-09-16 N/A 0.0 An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter…
CVE-2025-59050 2025-09-16 HIGH 8.4 Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message…
CVE-2025-59333 2025-09-16 HIGH 8.1 The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls…
CVE-2025-57145 2025-09-16 MEDIUM 5.4 A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly…
CVE-2025-56295 2025-09-16 HIGH 7.3 code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files…
CVE-2025-56293 2025-09-16 MEDIUM 5.4 code-projects Human Resource Integrated System 1.0 is vulnerable to Cross Site Scripting (XSS) in the Add Child Information section in…
CVE-2025-56289 2025-09-16 MEDIUM 5.4 code-projects Document Management System 1.0 has a Cross Site Scripting (XSS) vulnerability, where attackers can leak admin's cookie information by…
CVE-2025-56276 2025-09-16 MEDIUM 5.4 code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters…
CVE-2025-49728 2025-09-16 MEDIUM 4.0 Cleartext storage of sensitive information in Microsoft PC Manager allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-47967 2025-09-16 MEDIUM 4.7 Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a…
CVE-2025-43310 2025-09-15 MEDIUM 4.4 A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS…
CVE-2025-43294 2025-09-15 MEDIUM 5.3 An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed…
CVE-2025-10562 2025-09-16 HIGH 7.3 A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the…
CVE-2009-20007 2025-09-16 N/A 0.0 Talkative IRC v0.4.4.16 is vulnerable to a stack-based buffer overflow when processing specially crafted response strings sent to a connected…
CVE-2025-10537 2025-09-16 HIGH 8.8 Memory safety bugs present in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142. Some of these bugs…
CVE-2025-10290 2025-09-16 MEDIUM 6.5 Opening links via the contextual menu in Focus iOS for certain URL schemes would fail to load but would not…
CVE-2009-20006 2025-09-16 N/A 0.0 osCommerce versions up to and including 2.2 RC2a contain a vulnerability in its administrative file manager utility (admin/file_manager.php). The interface…
CVE-2009-20005 2025-09-16 N/A 0.0 A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a…
CVE-2025-57625 2025-09-16 N/A 0.0 CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these…
CVE-2025-57624 2025-09-16 N/A 0.0 A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via…
CVE-2025-57118 2025-09-15 CRITICAL 9.8 An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
CVE-2025-56562 2025-09-16 N/A 0.0 An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only…
CVE-2025-56280 2025-09-16 MEDIUM 5.4 code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation…
CVE-2025-56706 2025-09-16 HIGH 8.0 Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig…
CVE-2025-57117 2025-09-15 MEDIUM 5.4 A Clickjacking vulnerability exists in Rems' Employee Management System 1.0. This flaw allows remote attackers to execute arbitrary JavaScript on…
CVE-2025-56274 2025-09-15 HIGH 8.1 SourceCodester Web-based Pharmacy Product Management System 1.0 is vulnerable to Incorrect Access Control, which allows low-privileged users to forge high…
CVE-2025-54262 2025-09-16 HIGH 7.8 Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which…
CVE-2025-54237 2025-09-16 MEDIUM 5.5 Substance3D - Stager versions 3.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure.…
CVE-2025-43375 2025-09-15 MEDIUM 5.5 The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value…
CVE-2025-43371 2025-09-15 HIGH 8.2 This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to…
CVE-2025-43367 2025-09-15 MEDIUM 5.5 A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26.…
CVE-2025-43366 2025-09-15 MEDIUM 5.5 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may…
CVE-2025-43362 2025-09-15 CRITICAL 9.8 The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and…
Página 1 de 3483 Siguiente »