Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-53675 2025-07-09 MEDIUM 6.5 Jenkins Warrior Framework Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read…
CVE-2025-53674 2025-07-09 MEDIUM 5.3 Jenkins Sensedia Api Platform tools Plugin 1.0 does not mask the Sensedia API Manager integration token on the global configuration form, increasing the potential for attackers to observe…
CVE-2025-53673 2025-07-09 MEDIUM 6.5 Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be…
CVE-2025-53672 2025-07-09 MEDIUM 6.5 Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users…
CVE-2025-53671 2025-07-09 MEDIUM 6.5 Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers…
CVE-2025-53670 2025-07-09 MEDIUM 6.5 Jenkins Nouvola DiveCloud Plugin 1.08 and earlier stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in job config.xml files on the Jenkins controller, where they can be…
CVE-2025-53669 2025-07-09 MEDIUM 4.3 Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture…
CVE-2025-53668 2025-07-09 MEDIUM 6.5 Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with…
CVE-2025-53667 2025-07-09 MEDIUM 5.3 Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture…
CVE-2025-53666 2025-07-09 MEDIUM 6.5 Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with…
CVE-2025-53665 2025-07-09 MEDIUM 4.3 Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe…
CVE-2025-53664 2025-07-09 MEDIUM 6.5 Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by…
CVE-2025-53663 2025-07-09 MEDIUM 6.5 Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users…
CVE-2025-53662 2025-07-09 MEDIUM 6.5 Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by…
CVE-2025-53661 2025-07-09 MEDIUM 4.3 Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe…
CVE-2025-53660 2025-07-09 MEDIUM 4.3 Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe…
CVE-2025-53659 2025-07-09 MEDIUM 6.5 Jenkins QMetry Test Management Plugin 1.13 and earlier stores Qmetry Automation API Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by…
CVE-2025-53658 2025-07-09 MEDIUM 5.4 Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers…
CVE-2025-53657 2025-07-09 MEDIUM 4.3 Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential…
CVE-2025-53656 2025-07-09 MEDIUM 6.5 Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier stores SLM License Access Keys, client secrets, and passwords unencrypted in job config.xml files on the Jenkins controller, where they…
CVE-2025-53655 2025-07-09 MEDIUM 5.3 Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture…
CVE-2025-53654 2025-07-09 MEDIUM 6.5 Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by…
CVE-2025-53653 2025-07-09 MEDIUM 4.3 Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed…
CVE-2025-53652 2025-07-09 HIGH 8.2 Jenkins Git Parameter Plugin 439.vb_0e46ca_14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered choices, allowing attackers with…
CVE-2025-53651 2025-07-09 MEDIUM 6.3 Jenkins HTML Publisher Plugin 425 and earlier displays log messages that include the absolute paths of files archived during the Publish HTML reports post-build step, exposing information about…
CVE-2025-53650 2025-07-09 HIGH 7.3 Jenkins Credentials Binding Plugin 687.v619cb_15e923f and earlier does not properly mask (i.e., replace with asterisks) credentials present in exception error messages that are written to the build log.
CVE-2025-49604 2025-07-09 MEDIUM 5.4 For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment…
CVE-2025-44526 2025-07-09 MEDIUM 6.5 Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause…
CVE-2025-44177 2025-07-09 HIGH 8.2 A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the…
CVE-2025-7204 2025-07-09 MEDIUM 6.5 In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an…
CVE-2025-53753 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53752 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53751 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53750 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53749 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53748 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53747 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-53746 2025-07-10 N/A 0.0 Rejected reason: Not used
CVE-2025-0646 2025-07-09 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-10391 2025-07-09 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-52364 2025-07-09 HIGH 7.5 Insecure Permissions vulnerability in Tenda CP3 Pro Firmware V22.5.4.93 allows the telnet service (telnetd) by default at boot via the initialization script /etc/init.d/eth.sh. This allows remote attackers to…
CVE-2025-53547 2025-07-08 HIGH 8.5 Helm is a package manager for Charts for Kubernetes. Prior to 3.18.4, a specially crafted Chart.yaml file along with a specially linked Chart.lock file can lead to local…
CVE-2025-7196 2025-07-08 HIGH 7.3 A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The…
CVE-2025-53546 2025-07-09 CRITICAL 9.1 Folo organizes feeds content into one timeline. Using pull_request_target on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets (from…
CVE-2025-7030 2025-07-08 MEDIUM 6.5 Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0.
CVE-2025-2670 2025-07-09 MEDIUM 4.3 IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of…
CVE-2025-1112 2025-07-09 MEDIUM 4.3 IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
CVE-2025-7207 2025-07-09 LOW 3.3 A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler.…
CVE-2025-7206 2025-07-09 CRITICAL 9.8 A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd.…
CVE-2025-7200 2025-07-08 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation…
« Anterior Página 1003 de 4307 Siguiente »