Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-34053 2025-07-01 N/A 0.0 An authentication bypass vulnerability exists in AVTECH IP camera, DVR, and NVR devices’ streamd web server. The strstr() function is used to identify ".cab" requests, allowing any URL…
CVE-2025-34052 2025-07-01 N/A 0.0 An unauthenticated information disclosure vulnerability exists in AVTECH IP cameras, DVRs, and NVRs via Machine.cgi?action=get_capability. Sensitive internal device information such as firmware version, MAC address, and codec support…
CVE-2025-34051 2025-07-01 N/A 0.0 A server-side request forgery vulnerability exists in multiple firmware versions of AVTECH DVR devices that exposes the /cgi-bin/nobody/Search.cgi?action=cgi_query endpoint without authentication. An attacker can manipulate the ip, port,…
CVE-2025-34050 2025-07-01 N/A 0.0 A cross-site request forgery (CSRF) vulnerability exists in the web interface of AVTECH IP camera, DVR, and NVR devices. An attacker can craft malicious requests that, when executed in…
CVE-2025-6956 2025-07-01 HIGH 7.3 A vulnerability was found in Campcodes Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /changepassemp.php. The manipulation of…
CVE-2025-6955 2025-07-01 HIGH 7.3 A vulnerability was found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /process/aprocess.php. The manipulation…
CVE-2025-6954 2025-07-01 HIGH 7.3 A vulnerability has been found in Campcodes Employee Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /applyleave.php. The…
CVE-2025-6953 2025-07-01 HIGH 8.8 A vulnerability, which was classified as critical, was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formParentControl of the component HTTP POST Request…
CVE-2025-6940 2025-07-01 HIGH 8.8 A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST…
CVE-2025-6939 2025-07-01 HIGH 8.8 A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler.…
CVE-2025-6938 2025-07-01 HIGH 7.3 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The…
CVE-2025-6931 2025-06-30 LOW 3.7 A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of…
CVE-2025-6930 2025-06-30 MEDIUM 6.3 A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/manage-foreigners-ticket.php. The manipulation of the argument…
CVE-2025-6920 2025-07-01 MEDIUM 5.3 A flaw was found in the authentication enforcement mechanism of a model inference API in ai-inference-server. All /v1/* endpoints are expected to enforce API key validation. However, the…
CVE-2025-6554 2025-06-30 HIGH 8.1 Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
CVE-2025-6929 2025-06-30 MEDIUM 6.3 A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/view-normal-ticket.php. The manipulation…
CVE-2025-53003 2025-07-01 N/A 0.0 The Janssen Project is an open-source identity and access management (IAM) platform. Prior to version 1.8.0, the Config API returns results without scope verification. This has a large…
CVE-2025-53005 2025-07-01 N/A 0.0 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters.…
CVE-2025-49029 2025-07-01 CRITICAL 9.1 Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a…
CVE-2025-45872 2025-07-01 N/A 0.0 zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.
CVE-2025-36582 2025-07-01 MEDIUM 4.8 Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability,…
CVE-2024-49365 2025-07-01 N/A 0.0 tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package.…
CVE-2024-49364 2025-07-01 N/A 0.0 tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the…
CVE-2025-6952 2025-07-01 LOW 3.3 A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component…
CVE-2025-6951 2025-07-01 MEDIUM 4.3 A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use…
CVE-2025-5314 2025-07-01 MEDIUM 6.1 The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all…
CVE-2025-49483 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux:…
CVE-2025-49482 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr098.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux:…
CVE-2025-49481 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux:…
CVE-2025-49480 2025-07-01 HIGH 7.4 Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2025-6224 2025-07-01 MEDIUM 6.5 Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that…
CVE-2025-49492 2025-07-01 HIGH 7.4 Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2025-49491 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C. This issue affects…
CVE-2025-49488 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router components allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux:…
CVE-2025-6756 2025-07-01 MEDIUM 6.4 The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including,…
CVE-2025-49490 2025-07-01 MEDIUM 5.4 Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure. This vulnerability is associated with program files router/sms/sms.c. This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2025-49489 2025-07-01 MEDIUM 5.4 Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C. This issue affects…
CVE-2025-5072 2025-07-01 MEDIUM 5.4 Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
CVE-2025-41656 2025-07-01 CRITICAL 10.0 An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
CVE-2025-41648 2025-07-01 CRITICAL 9.8 An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the…
CVE-2025-6934 2025-07-01 CRITICAL 9.8 The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via…
CVE-2025-6081 2025-07-01 MEDIUM 6.8 Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled…
CVE-2025-5967 2025-07-01 N/A 0.0 A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure…
CVE-2024-46993 2025-07-01 N/A 0.0 Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer()…
CVE-2025-53096 2025-07-01 MEDIUM 5.4 Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker…
CVE-2025-53095 2025-07-01 CRITICAL 9.6 Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability…
CVE-2025-49521 2025-06-30 HIGH 8.8 A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows…
CVE-2025-49520 2025-06-30 HIGH 8.8 A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker…
CVE-2024-46992 2025-07-01 HIGH 7.8 Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron…
CVE-2025-6937 2025-07-01 HIGH 7.3 A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /large.php. The manipulation…
« Anterior Página 1029 de 4307 Siguiente »