Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11513 2025-10-09 HIGH 7.3 A vulnerability was determined in code-projects E-Commerce Website 1.0. This affects an unknown part of the file /pages/supplier_update.php. This manipulation of the argument supp_id causes sql injection. The…
CVE-2025-11512 2025-10-09 MEDIUM 4.3 A vulnerability was found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/voters_add.php. The manipulation of the argument Firstname/Lastname/Platform results…
CVE-2025-61913 2025-10-08 CRITICAL 9.9 Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not…
CVE-2025-11511 2025-10-08 MEDIUM 6.3 A flaw has been found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/supplier_add.php. Executing manipulation of the argument supp_email can lead to…
CVE-2025-11509 2025-10-08 MEDIUM 6.3 A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/product_add.php. Performing manipulation of the argument prod_name results in sql injection.…
CVE-2025-11508 2025-10-08 MEDIUM 4.7 A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/voters_add.php. Such manipulation of the argument photo leads to…
CVE-2025-11535 2025-10-08 N/A 0.0 MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24.
CVE-2025-11507 2025-10-08 HIGH 7.3 A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument…
CVE-2025-11506 2025-10-08 HIGH 7.3 A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/search-appointment.php. The manipulation of the…
CVE-2025-11505 2025-10-08 HIGH 7.3 A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/new-appointment.php. The manipulation of the argument delid leads to…
CVE-2017-20202 2025-10-08 N/A 0.0 Web Developer for Chrome v0.4.9 contained malicious code that generated a domain via a DGA and fetched a remote script. The fetched script conditionally loaded follow-on modules that…
CVE-2017-20201 2025-10-08 N/A 0.0 CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 (32-bit builds) contained a malicious pre-entry-point loader that diverts execution from __scrt_common_main_seh into a custom loader. That loader decodes an embedded blob…
CVE-2025-60311 2025-10-08 HIGH 8.8 ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page
CVE-2025-11503 2025-10-08 HIGH 7.3 A vulnerability was determined in PHPGurukul Beauty Parlour Management System 1.1. This issue affects some unknown processing of the file /admin/manage-services.php. Executing manipulation of the argument delid can…
CVE-2025-11495 2025-10-08 LOW 3.3 A vulnerability was determined in GNU Binutils 2.45. The affected element is the function elf_x86_64_relocate_section of the file elf64-x86-64.c of the component Linker. This manipulation causes heap-based buffer…
CVE-2025-11494 2025-10-08 LOW 3.3 A vulnerability was found in GNU Binutils 2.45. Impacted is the function _bfd_x86_elf_late_size_sections of the file bfd/elfxx-x86.c of the component Linker. The manipulation results in out-of-bounds read. The…
CVE-2025-36636 2025-10-08 MEDIUM 4.3 In Tenable Security Center versions prior to 6.7.0, an improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
CVE-2025-60299 2025-10-08 MEDIUM 5.4 Novel-Plus with 5.2.0 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /book/addCommentReply endpoint. An authenticated user can inject malicious JavaScript through the replyContent parameter…
CVE-2025-11470 2025-10-08 MEDIUM 4.7 A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The…
CVE-2025-11471 2025-10-08 HIGH 7.3 A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /edit_customer.php. The manipulation of the argument ID results…
CVE-2025-11472 2025-10-08 HIGH 7.3 A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /edit_room.php. This manipulation of the argument ID…
CVE-2025-11473 2025-10-08 HIGH 7.3 A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /edit_curr.php. Such manipulation of the argument currsymbol…
CVE-2025-11474 2025-10-08 MEDIUM 6.3 A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_booking.php. Performing manipulation of the…
CVE-2025-61524 2025-10-08 HIGH 7.2 An issue in the permission verification module and organization/application editing interface in Casdoor before 2.26.0 allows remote authenticated administrators of any organization within the system to bypass the…
CVE-2025-57457 2025-10-08 HIGH 8.8 An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter.
CVE-2025-11490 2025-10-08 MEDIUM 6.3 A vulnerability has been found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The affected element is the function extractBaseCommand of the file src/command-manager.ts of the component Absolute Path Handler.…
CVE-2025-11491 2025-10-08 MEDIUM 6.3 A vulnerability was found in wonderwhy-er DesktopCommanderMCP up to 0.2.13. The impacted element is the function CommandManager of the file src/command-manager.ts. Performing manipulation results in os command injection.…
CVE-2025-9868 2025-10-08 N/A 0.0 Server-Side Request Forgery (SSRF) in the Remote Browser Plugin in Sonatype Nexus Repository 2.x up to and including 2.15.2 allows unauthenticated remote attackers to exfiltrate proxy repository credentials…
CVE-2025-42706 2025-10-08 MEDIUM 6.5 A logic error exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary…
CVE-2025-42701 2025-10-08 MEDIUM 5.6 A race condition exists in the Falcon sensor for Windows that could allow an attacker, with the prior ability to execute code on a host, to delete arbitrary…
CVE-2025-11489 2025-10-08 MEDIUM 4.5 A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following.…
CVE-2025-11488 2025-10-08 HIGH 7.3 A weakness has been identified in D-Link DIR-852 up to 20251002. This affects an unknown part of the file /HNAP1/. Executing manipulation can lead to command injection. The…
CVE-2025-9970 2025-10-08 HIGH 7.4 Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2025-53967 2025-10-08 HIGH 8.0 Framelink Figma MCP Server before 0.6.3 allows an unauthenticated remote attacker to execute arbitrary operating system commands via a crafted HTTP POST request with shell metacharacters in input…
CVE-2025-11486 2025-10-08 MEDIUM 6.3 A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name…
CVE-2025-11485 2025-10-08 LOW 2.4 A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation…
CVE-2025-11481 2025-10-08 MEDIUM 6.3 A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname…
CVE-2025-60318 2025-10-08 MEDIUM 6.1 SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/profile.php via the fname (First Name) and lname (Last Name) fields.
CVE-2025-5009 2025-10-08 N/A 0.0 In Gemini iOS, when a user shared a snippet of a conversation, it would share the entire conversation via a sharable public link that contained the entire conversation…
CVE-2025-59303 2025-10-08 MEDIUM 6.4 HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress…
CVE-2025-61672 2025-10-08 N/A 0.0 Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the…
CVE-2025-60834 2025-10-08 MEDIUM 6.5 A fastjson deserialization vulnerability in uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying a crafted input.
CVE-2025-60313 2025-10-08 MEDIUM 6.1 Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting (XSS) in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary…
CVE-2025-43771 2025-10-08 N/A 0.0 Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5 and 2023.Q3.1 through 2023.Q3.10 allow remote attackers…
CVE-2025-43724 2025-10-08 MEDIUM 4.4 Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability to…
CVE-2025-11480 2025-10-08 HIGH 7.3 A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument register_username results…
CVE-2025-11479 2025-10-08 HIGH 7.3 A security vulnerability has been detected in SourceCodester Wedding Reservation Management System 1.0. Impacted is the function insertReservation of the file function.php. Such manipulation of the argument number…
CVE-2025-61183 2025-10-08 MEDIUM 6.1 Cross Site Scripting in vaahcms v.2.3.1 allows a remote attacker to execute arbitrary code via upload method in the storeAvatar() method of UserBase.php
CVE-2025-60833 2025-10-08 MEDIUM 6.5 An XML External Entity (XXE) vulnerability in the /mall/wxpay/pay component of uzy-ssm-mall v1.1.0 allows attackers to execute arbitrary code via supplying crafted XML data.
CVE-2025-60830 2025-10-08 MEDIUM 6.5 redragon-erp v1.0 was discovered to contain a Shiro deserialization vulnerability caused by the default Shiro key.
« Anterior Página 101 de 3646 Siguiente »