Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-42971 2025-07-08 MEDIUM 4.0 A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim extracts this malicious archive, it gets processed by…
CVE-2025-42970 2025-07-08 MEDIUM 5.8 SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR archive containing directory traversal sequences. When a high…
CVE-2025-42969 2025-07-08 MEDIUM 6.1 SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically crafted URL. The victim, when tricked into clicking…
CVE-2025-42968 2025-07-08 MEDIUM 5.0 SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requiring…
CVE-2025-42967 2025-07-08 CRITICAL 9.9 SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges to create a new report with his own…
CVE-2025-42966 2025-07-08 CRITICAL 9.1 SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability by sending a specially crafted serialized Java object.…
CVE-2025-42965 2025-07-08 MEDIUM 4.1 SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP…
CVE-2025-42964 2025-07-08 CRITICAL 9.1 SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality,…
CVE-2025-42963 2025-07-08 CRITICAL 9.1 A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full…
CVE-2025-42962 2025-07-08 MEDIUM 6.1 SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on this link, the injected script gets executed within…
CVE-2025-42961 2025-07-08 MEDIUM 4.9 Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to…
CVE-2025-42960 2025-07-08 MEDIUM 4.3 SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by exploiting improper authorization checks. This could potentially impact…
CVE-2025-42959 2025-07-08 HIGH 8.1 An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing specific security patches, is reused in a replay…
CVE-2025-42954 2025-07-08 LOW 2.7 SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC enabled function modules without any input parameters, which…
CVE-2025-42953 2025-07-08 HIGH 8.1 SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could completely compromise the integrity and availability with…
CVE-2025-42952 2025-07-08 HIGH 7.7 SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or structures, potentially rendering the system unusable. On successful…
CVE-2025-31326 2025-07-08 MEDIUM 4.1 SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious code into specific input fields. This could lead…
CVE-2025-7135 2025-07-07 HIGH 7.3 A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=save_vacancy. The…
CVE-2025-53527 2025-07-07 N/A 0.0 WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter of the /controle/relatorio_geracao.php endpoint. This issue allows attacker…
CVE-2025-53377 2025-07-07 N/A 0.0 WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers…
CVE-2025-53617 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53616 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53615 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53614 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53613 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53612 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53611 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53610 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53497 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension allows Stored XSS.This issue affects Mediawiki - RelatedArticles…
CVE-2025-7057 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension allows Stored XSS.This issue affects Mediawiki - Quiz…
CVE-2025-53491 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki -…
CVE-2025-53487 2025-07-07 MEDIUM 5.4 The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw HTML without proper escaping. Attackers can exploit this…
CVE-2025-53486 2025-07-07 MEDIUM 5.4 The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without escaping. An attacker can inject JavaScript event handlers…
CVE-2025-7139 2025-07-07 LOW 2.4 A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of…
CVE-2025-7138 2025-07-07 MEDIUM 6.3 A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /panel/admin-profile.php. The manipulation…
CVE-2025-53536 2025-07-07 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent…
CVE-2025-53535 2025-07-07 N/A 0.0 Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token,…
CVE-2025-20325 2025-07-07 LOW 3.1 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster…
CVE-2025-20324 2025-07-07 MEDIUM 5.4 In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the…
CVE-2025-20323 2025-07-07 MEDIUM 4.3 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled…
CVE-2025-20322 2025-07-07 MEDIUM 4.3 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL…
CVE-2025-20321 2025-07-07 MEDIUM 6.5 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL…
CVE-2025-24508 2025-07-07 MEDIUM 6.4 Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
CVE-2025-20320 2025-07-07 MEDIUM 6.3 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the…
CVE-2025-20319 2025-07-07 MEDIUM 6.8 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform…
CVE-2025-20300 2025-07-07 MEDIUM 4.3 In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the…
CVE-2024-43190 2025-07-07 MEDIUM 5.9 IBM Engineering Requirements Management DOORS 9.7.2.9, under certain configurations, could allow a remote attacker to obtain password reset instructions of a legitimate user using man in the middle…
CVE-2024-37658 2025-07-07 N/A 0.0 An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the bbs/member_confirm.php.
CVE-2024-37657 2025-07-07 N/A 0.0 An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component.
CVE-2024-37656 2025-07-07 N/A 0.0 An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via the insufficient URL parameter verification in bbs/logout.php.
« Anterior Página 1014 de 4307 Siguiente »