Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4689 2025-07-02 CRITICAL 9.8 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion which leads to Remote Code Execution in all versions up…
CVE-2025-4654 2025-07-02 LOW 3.7 The Soumettre.fr plugin for WordPress is vulnerable to unauthorized access and modification of data due to a improper authorization checks on the make_signature function in all versions up…
CVE-2025-4381 2025-07-02 HIGH 7.5 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the ‘$id’ variable of the getSpace() function in all versions…
CVE-2025-4380 2025-07-02 HIGH 8.1 The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the…
CVE-2025-3848 2025-07-02 HIGH 8.8 The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 1.1.0 to 2.7.13. This…
CVE-2024-11405 2025-07-02 MEDIUM 6.1 The WP Front-end login and register plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the email and wpmp_reset_password_token parameters in all versions up to, and including,…
CVE-2025-5692 2025-07-02 HIGH 8.8 The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability…
CVE-2025-36630 2025-07-02 HIGH 8.4 In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at…
CVE-2025-6936 2025-07-01 HIGH 7.3 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /addpro.php. The manipulation…
CVE-2025-6935 2025-07-01 HIGH 7.3 A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/payment_add.php. The…
CVE-2025-52294 2025-07-01 MEDIUM 5.7 Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance.
CVE-2025-45083 2025-07-01 MEDIUM 6.1 Incorrect access control in Ullu (Android version v2.9.929 and IOS version v2.8.0) allows attackers to bypass parental pin feature via unspecified vectors.
CVE-2025-6600 2025-07-01 N/A 0.0 An exposure of sensitive information vulnerability was identified in GitHub Enterprise Server that could allow an attacker to disclose the names of private repositories within an organization. This…
CVE-2025-53104 2025-07-01 CRITICAL 9.1 gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub…
CVE-2025-48379 2025-07-01 HIGH 7.1 Pillow is a Python imaging library. In versions 11.2.0 to before 11.3.0, there is a heap buffer overflow when writing a sufficiently large (>64k encoded with default settings)…
CVE-2025-46259 2025-07-01 MEDIUM 5.4 Missing Authorization vulnerability in POSIMYTH Innovation The Plus Addons for Elementor Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Plus Addons for Elementor Pro:…
CVE-2025-45081 2025-07-01 HIGH 8.8 Misconfigured settings in IITB SSO v1.1.0 allow attackers to access sensitive application data.
CVE-2025-50405 2025-07-01 MEDIUM 6.5 Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.
CVE-2025-45080 2025-07-01 HIGH 8.8 YONO SBI: Banking & Lifestyle v1.23.36 was discovered to use unencrypted communicatons, possibly allowing attackers to execute a man-in-the-middle attack.
CVE-2025-27153 2025-07-01 MEDIUM 6.5 Escalade GLPI plugin is a ticket escalation process helper for GLPI. Prior to version 2.9.11, there is an improper access control vulnerability. This can lead to data exposure…
CVE-2025-6297 2025-07-01 HIGH 8.2 It was discovered that dpkg-deb does not properly sanitize directory permissions when extracting a control member into a temporary directory, which is documented as being a safe operation…
CVE-2025-53107 2025-07-01 HIGH 7.5 @cyanheads/git-mcp-server is an MCP server designed to interact with Git repositories. Prior to version 2.1.5, there is a command injection vulnerability caused by the unsanitized use of input…
CVE-2025-53103 2025-07-01 MEDIUM 5.8 JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials.…
CVE-2025-53100 2025-07-01 N/A 0.0 RestDB's Codehooks.io MCP Server is an MCP server on the Codehooks.io platform. Prior to version 0.2.2, the MCP server is written in a way that is vulnerable to…
CVE-2025-37099 2025-07-01 CRITICAL 9.8 A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVE-2025-34081 2025-07-01 N/A 0.0 The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive data useful for an attacker.This issue affects CONPROSYS…
CVE-2025-34080 2025-07-01 N/A 0.0 The Contec Co.,Ltd. CONPROSYS HMI System (CHS) is vulnerable to Cross-Site Scripting (XSS) in the getqsetting.php functionality that could allow reflected execution of scripts in the browser on…
CVE-2025-6963 2025-07-01 HIGH 7.3 A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /myprofile.php. The manipulation of the…
CVE-2025-6962 2025-07-01 HIGH 7.3 A vulnerability, which was classified as critical, was found in Campcodes Employee Management System 1.0. This affects an unknown part of the file /myprofileup.php. The manipulation of the…
CVE-2025-6961 2025-07-01 HIGH 7.3 A vulnerability, which was classified as critical, has been found in Campcodes Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /mark.php.…
CVE-2025-50641 2025-07-01 MEDIUM 6.5 Tenda AC6 15.03.05.16_multi is vulnerable to Buffer Overflow in the addWifiMacFilter function via the parameter deviceId.
CVE-2025-6960 2025-07-01 HIGH 7.3 A vulnerability classified as critical was found in Campcodes Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /empproject.php. The manipulation of…
CVE-2025-6959 2025-07-01 HIGH 7.3 A vulnerability classified as critical has been found in Campcodes Employee Management System 1.0. Affected is an unknown function of the file /eloginwel.php. The manipulation of the argument…
CVE-2025-6958 2025-07-01 HIGH 7.3 A vulnerability was found in Campcodes Employee Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit.php. The manipulation…
CVE-2025-6957 2025-07-01 HIGH 7.3 A vulnerability was found in Campcodes Employee Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /process/eprocess.php. The manipulation of…
CVE-2025-53099 2025-07-01 N/A 0.0 Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of…
CVE-2025-50404 2025-07-01 N/A 0.0 Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header,…
CVE-2025-37098 2025-07-01 HIGH 7.5 A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.
CVE-2025-34066 2025-07-01 N/A 0.0 An improper certificate validation vulnerability exists in AVTECH IP cameras, DVRs, and NVRs due to the use of wget with --no-check-certificate in scripts like SyncCloudAccount.sh and SyncPermit.sh. This…
CVE-2025-34065 2025-07-01 N/A 0.0 An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function allows unauthenticated access to any request containing "/nobody" in…
CVE-2025-34064 2025-07-01 N/A 0.0 A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers…
CVE-2025-37097 2025-07-01 HIGH 7.5 A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service
CVE-2025-34063 2025-07-01 N/A 0.0 A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint.…
CVE-2025-34062 2025-07-01 N/A 0.0 An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from…
CVE-2025-34060 2025-07-01 N/A 0.0 A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a…
CVE-2025-34059 2025-07-01 N/A 0.0 An SQL injection vulnerability exists in the Dahua Smart Cloud Gateway Registration Management Platform via the username parameter in the /index.php/User/doLogin endpoint. The application fails to properly sanitize…
CVE-2025-34058 2025-07-01 N/A 0.0 Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit…
CVE-2025-34056 2025-07-01 N/A 0.0 An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can…
CVE-2025-34055 2025-07-01 N/A 0.0 An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke…
CVE-2025-34054 2025-07-01 N/A 0.0 An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username…
« Anterior Página 1028 de 4307 Siguiente »