Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5961 2025-07-03 HIGH 7.2 The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpvivid_upload_import_files' function…
CVE-2025-50263 2025-07-03 HIGH 8.1 Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the fromSetRouteStatic function via the list parameter.
CVE-2025-50258 2025-07-03 HIGH 8.1 Tenda AC6 v15.03.05.16_multi is vulnerable to Buffer Overflow in the SetSysTimeCfg function via the time parameter.
CVE-2025-43713 2025-07-03 MEDIUM 6.5 ASNA Assist and ASNA Registrar before 2025-03-31 allow deserialization attacks against .NET remoting. These are Windows system services that support license key management and deprecated Windows network authentication.…
CVE-2025-49618 2025-07-03 MEDIUM 5.8 In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.
CVE-2025-49595 2025-07-03 MEDIUM 4.9 n8n is a workflow automation platform. Prior to version 1.99.0, there is a denial of Service vulnerability in /rest/binary-data endpoint when processing empty filesystem URIs (filesystem:// or filesystem-v2://).…
CVE-2025-49032 2025-07-03 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS.This issue affects Gutenberg Blocks: from n/a through 3.3.1.
CVE-2025-3702 2025-07-03 MEDIUM 5.4 Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-2932 2025-07-03 HIGH 8.8 The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'font_upload_handler' function in all versions up to, and including,…
CVE-2025-2537 2025-07-03 MEDIUM 6.4 Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled ThickBox JavaScript library (version 3.1) in various versions due to insufficient input sanitization and…
CVE-2025-6563 2025-07-03 N/A 0.0 A cross-site scripting vulnerability is present in the hotspot of MikroTik's RouterOS on versions below 7.19.2. An attacker can inject the `javascript` protocol in the `dst` parameter. When…
CVE-2025-40723 2025-07-03 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input,…
CVE-2025-40722 2025-07-03 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input,…
CVE-2025-2540 2025-07-03 MEDIUM 6.4 Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output…
CVE-2025-27461 2025-07-03 HIGH 7.6 During startup, the device automatically logs in the EPC2 Windows user without requesting a password.
CVE-2025-27460 2025-07-03 HIGH 7.6 The hard drives of the device are not encrypted using a full volume encryption feature such as BitLocker. This allows an attacker with physical access to the device…
CVE-2025-27459 2025-07-03 MEDIUM 4.4 The VNC application stores its passwords encrypted within the registry but uses DES for encryption. As DES is broken, the original passwords can be recovered.
CVE-2025-27458 2025-07-03 MEDIUM 6.5 The VNC authentication mechanism bases on a challenge-response system where both server and client use the same password for encryption. The challenge is sent from the server to…
CVE-2025-27457 2025-07-03 MEDIUM 6.5 All communication between the VNC server and client(s) is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data.
CVE-2025-27456 2025-07-03 HIGH 7.5 The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-27455 2025-07-03 MEDIUM 4.3 The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different…
CVE-2025-27454 2025-07-03 MEDIUM 4.3 The application is vulnerable to cross-site request forgery. An attacker can trick a valid, logged in user into submitting a web request that they did not intend. The…
CVE-2025-27453 2025-07-03 MEDIUM 5.3 The HttpOnly flag is set to false on the PHPSESSION cookie. Therefore, the cookie can be accessed by other sources such as JavaScript.
CVE-2025-27452 2025-07-03 MEDIUM 5.3 The configuration of the Apache httpd webserver which serves the MEAC300-FNADE4 web application, is partly insecure. There are modules activated that are not required for the operation of…
CVE-2025-27451 2025-07-03 MEDIUM 5.3 For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an…
CVE-2025-27450 2025-07-03 MEDIUM 6.5 The Secure attribute is missing on multiple cookies provided by the MEAC300-FNADE4. An attacker can trick a user to establish an unencrypted HTTP connection to the server and…
CVE-2025-27449 2025-07-03 HIGH 7.5 The MEAC300-FNADE4 does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-27448 2025-07-03 MEDIUM 6.8 The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboards can inject JavaScript code into the dashboard name which will be executed when…
CVE-2025-27447 2025-07-03 HIGH 7.4 The web application is susceptible to cross-site-scripting attacks. An attacker can create a prepared URL, which injects JavaScript code into the website. The code is executed in the…
CVE-2025-1711 2025-07-03 MEDIUM 4.3 Multiple services of the DUT as well as different scopes of the same service reuse the same credentials.
CVE-2025-1710 2025-07-03 HIGH 7.5 The maxView Storage Manager does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-1709 2025-07-03 MEDIUM 6.5 Several credentials for the local PostgreSQL database are stored in plain text (partially base64 encoded).
CVE-2025-1708 2025-07-03 HIGH 8.6 The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content.
CVE-2025-6587 2025-07-03 N/A 0.0 System environment variables are recorded in Docker Desktop diagnostic logs, when using shell auto-completion. This leads to unintentional disclosure of sensitive information such as api keys, passwords, etc. …
CVE-2025-0885 2025-07-03 N/A 0.0 Incorrect Authorization vulnerability in OpenText™ GroupWise allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow unauthorized access to calendar items marked private. This issue affects…
CVE-2024-5647 2025-07-03 MEDIUM 6.4 Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled Magnific Popups library (version 1.1.0) in various versions due to insufficient input sanitization and…
CVE-2025-38173 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return…
CVE-2025-38172 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: erofs: avoid using multiple devices with different type For multiple devices, both primary and extra devices should be…
CVE-2025-38171 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Fix workqueue error handling in probe The create_singlethread_workqueue() doesn't return error pointers, it returns NULL.…
CVE-2025-38170 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Discard stale CPU state when handling SME traps The logic for handling SME traps manipulates saved FPSIMD/SVE/SME…
CVE-2025-38169 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: Avoid clobbering kernel FPSIMD state with SMSTOP On system with SME, a thread's kernel FPSIMD state may…
CVE-2025-38168 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Unregister PMUs on probe failure When a resource allocation fails in one clock domain of an…
CVE-2025-38167 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle hdr_first_de() return value The hdr_first_de() function returns a pointer to a struct NTFS_DE. This pointer may…
CVE-2025-38166 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629!…
CVE-2025-38165 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap…
CVE-2025-38164 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: f2fs: zone: fix to avoid inconsistence in between SIT and SSA w/ below testcase, it will cause inconsistence…
CVE-2025-38163 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi->total_valid_block_count syzbot reported a f2fs bug as below: ------------[ cut here…
CVE-2025-38162 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication…
CVE-2025-38161 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails…
CVE-2025-38160 2025-07-03 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does…
« Anterior Página 1024 de 4307 Siguiente »