Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-41665 2025-07-08 MEDIUM 6.5 An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file.
CVE-2025-25271 2025-07-08 HIGH 8.8 An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.
CVE-2025-25270 2025-07-08 CRITICAL 9.8 An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.
CVE-2025-25269 2025-07-08 HIGH 8.4 An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVE-2025-25268 2025-07-08 HIGH 8.8 An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVE-2025-24006 2025-07-08 HIGH 7.8 A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVE-2025-24005 2025-07-08 HIGH 7.8 A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVE-2025-24004 2025-07-08 MEDIUM 5.2 A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in…
CVE-2025-24003 2025-07-08 HIGH 8.2 An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only…
CVE-2025-24002 2025-07-08 MEDIUM 5.3 An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations…
CVE-2025-7327 2025-07-08 HIGH 8.8 The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it…
CVE-2025-7163 2025-07-08 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/add-animals.php. The manipulation of the…
CVE-2025-7162 2025-07-08 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Zoo Management System 2.1. This issue affects some unknown processing of the file /admin/add-foreigners-ticket.php. The manipulation…
CVE-2025-5957 2025-07-08 MEDIUM 5.3 The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on…
CVE-2025-5537 2025-07-08 MEDIUM 6.4 The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and…
CVE-2025-7161 2025-07-08 MEDIUM 6.3 A vulnerability classified as critical was found in PHPGurukul Zoo Management System 2.1. This vulnerability affects unknown code of the file /admin/add-normal-ticket.php. The manipulation of the argument cprice…
CVE-2025-7160 2025-07-08 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. This affects an unknown part of the file /admin/index.php. The manipulation of the argument…
CVE-2025-7159 2025-07-08 MEDIUM 6.3 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/manage-animals.php.…
CVE-2025-7158 2025-07-08 MEDIUM 6.3 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/manage-normal-ticket.php.…
CVE-2025-7157 2025-07-08 HIGH 7.3 A vulnerability was found in code-projects Online Note Sharing 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of…
CVE-2025-6244 2025-07-08 MEDIUM 6.4 The Essential Addons for Elementor – Popular Elementor Templates and Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via `Calendar` And `Business Reviews` Widgets…
CVE-2025-5570 2025-07-08 MEDIUM 5.4 The AI Engine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the mwai_chatbot shortcode 'id' parameter in all versions up to, and including, 2.8.4 due to…
CVE-2025-20695 2025-07-08 HIGH 7.5 In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed.…
CVE-2025-20694 2025-07-08 HIGH 7.5 In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed.…
CVE-2025-20693 2025-07-08 MEDIUM 6.5 In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no…
CVE-2025-20692 2025-07-08 MEDIUM 5.5 In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution…
CVE-2025-20691 2025-07-08 MEDIUM 5.5 In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution…
CVE-2025-20690 2025-07-08 MEDIUM 5.5 In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution…
CVE-2025-20689 2025-07-08 MEDIUM 5.5 In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution…
CVE-2025-20688 2025-07-08 MEDIUM 5.5 In wlan AP driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with User execution…
CVE-2025-20687 2025-07-08 MEDIUM 5.5 In Bluetooth driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local denial of service with User execution…
CVE-2025-20686 2025-07-08 HIGH 8.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no…
CVE-2025-20685 2025-07-08 HIGH 8.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no…
CVE-2025-20684 2025-07-08 CRITICAL 9.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20683 2025-07-08 CRITICAL 9.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20682 2025-07-08 CRITICAL 9.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20681 2025-07-08 CRITICAL 9.8 In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User…
CVE-2025-20680 2025-07-08 CRITICAL 9.8 In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution…
CVE-2025-7156 2025-07-08 MEDIUM 6.3 A vulnerability has been found in hitsz-ids airda 0.0.3 and classified as critical. This vulnerability affects the function execute of the file /v1/chat/completions. The manipulation of the argument…
CVE-2025-7146 2025-07-08 HIGH 7.5 The iPublish System developed by Jhenggao has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to read arbitrary system file.
CVE-2025-43001 2025-07-08 MEDIUM 6.9 SAPCAR allows an attacker logged in with high privileges to override the permissions of the current and parent directories of the user or process extracting the archive, leading…
CVE-2025-42992 2025-07-08 MEDIUM 6.9 SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory…
CVE-2025-42986 2025-07-08 MEDIUM 4.3 Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially…
CVE-2025-42985 2025-07-08 MEDIUM 6.1 Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in a victim�s browser. This could potentially lead to…
CVE-2025-42981 2025-07-08 MEDIUM 6.1 Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link embedding a malicious script at a location not…
CVE-2025-42980 2025-07-08 CRITICAL 9.1 SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise…
CVE-2025-42979 2025-07-08 MEDIUM 5.6 The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for storing the credentials of an RFC user on…
CVE-2025-42978 2025-07-08 LOW 3.5 The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against…
CVE-2025-42974 2025-07-08 MEDIUM 4.3 Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could enable access to information normally restricted, resulting in…
CVE-2025-42973 2025-07-08 MEDIUM 5.4 Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality associated with DQ job status reports. By intercepting…
« Anterior Página 1013 de 4307 Siguiente »