Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-66445 2025-12-24 HIGH 7.1 Authorization bypass vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure…
CVE-2025-66444 2025-12-24 HIGH 8.2 Cross-site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component) and Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure…
CVE-2025-13773 2025-12-24 CRITICAL 9.8 The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update'…
CVE-2025-68695 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68694 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68693 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68692 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68691 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68690 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68689 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68688 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-68687 2025-12-24 N/A 0.0 Rejected reason: Not used
CVE-2025-15053 2025-12-24 HIGH 7.3 A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can…
CVE-2025-15052 2025-12-24 LOW 3.5 A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross…
CVE-2025-15050 2025-12-24 MEDIUM 6.3 A security vulnerability has been detected in code-projects Student File Management System 1.0. This affects an unknown part of the file /save_file.php. Such manipulation of the argument File…
CVE-2025-68696 2025-12-23 N/A 0.0 httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can…
CVE-2025-68669 2025-12-23 CRITICAL 9.6 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin…
CVE-2025-68667 2025-12-23 N/A 0.0 continuwuity is a Matrix homeserver written in Rust. Prior to version 0.5.0, this vulnerability allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary…
CVE-2025-68665 2025-12-23 HIGH 8.6 LangChain is a framework for building LLM-powered applications. Prior to @langchain/core versions 0.3.80 and 1.1.8, and prior to langchain versions 0.3.37 and 1.2.3, a serialization injection vulnerability exists…
CVE-2025-68664 2025-12-23 CRITICAL 9.3 LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The…
CVE-2025-68617 2025-12-23 HIGH 7.0 FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger…
CVE-2025-15049 2025-12-23 HIGH 7.3 A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql…
CVE-2025-15048 2025-12-23 HIGH 7.3 A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing manipulation of the argument…
CVE-2025-66213 2025-12-23 N/A 0.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount…
CVE-2025-66212 2025-12-23 N/A 0.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename…
CVE-2025-66211 2025-12-23 N/A 0.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling…
CVE-2025-66210 2025-12-23 N/A 0.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows…
CVE-2025-66209 2025-12-23 N/A 0.0 Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Backup functionality allows…
CVE-2025-15047 2025-12-23 CRITICAL 9.8 A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing manipulation of the argument…
CVE-2025-15046 2025-12-23 CRITICAL 9.8 A vulnerability has been found in Tenda WH450 1.0.0.18. The impacted element is an unknown function of the file /goform/PPTPClient of the component HTTP Request Handler. Such manipulation…
CVE-2025-14501 2025-12-23 HIGH 7.5 Sante PACS Server HTTP Content-Length Header Handling NULL Pointer Dereference Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Sante PACS…
CVE-2025-14500 2025-12-23 CRITICAL 9.8 IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit…
CVE-2025-14499 2025-12-23 HIGH 8.8 IceWarp gmaps Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of IceWarp. User interaction is required to exploit this vulnerability…
CVE-2025-14498 2025-12-23 HIGH 7.8 TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first…
CVE-2025-14497 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14496 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14495 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14494 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14493 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14492 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14491 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14490 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14489 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14488 2025-12-23 HIGH 7.8 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain…
CVE-2025-14425 2025-12-23 HIGH 7.8 GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is…
CVE-2025-14424 2025-12-23 HIGH 7.8 GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to…
CVE-2025-14423 2025-12-23 HIGH 7.8 GIMP LBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is…
CVE-2025-14422 2025-12-23 HIGH 7.8 GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required…
CVE-2025-14421 2025-12-23 LOW 3.3 pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User…
CVE-2025-14420 2025-12-23 HIGH 7.8 pdfforge PDF Architect CBZ File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect.…
Página 1 de 3755 Siguiente »