Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36056 2025-07-01 MEDIUM 5.4 IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This…
CVE-2025-53004 2025-06-30 N/A 0.0 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters.…
CVE-2025-2141 2025-07-01 MEDIUM 6.1 IBM System Storage Virtualization Engine TS7700 3957 VED R5.4 8.54.2.17, R6.0 8.60.0.115, 3948 VED R5.4 8.54.2.17, R6.0 8.60.0.115, and 3948 VEF R6.0 8.60.0.115 is vulnerable to cross-site scripting. This…
CVE-2025-6932 2025-06-30 LOW 3.7 A vulnerability, which was classified as problematic, was found in D-Link DCS-7517 up to 2.02.0. This affects the function g_F_n_GenPassForQlync of the file /bin/httpd of the component Qlync…
CVE-2025-6916 2025-06-30 HIGH 8.8 A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. This affects the function Form_Login of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL…
CVE-2025-32463 2025-06-30 CRITICAL 9.3 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
CVE-2025-32462 2025-06-30 LOW 2.8 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on…
CVE-2025-52997 2025-06-30 MEDIUM 5.9 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.34.1,…
CVE-2025-52996 2025-06-30 LOW 3.1 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In versions 2.32.0 and…
CVE-2025-52995 2025-06-30 HIGH 8.0 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.10,…
CVE-2025-52901 2025-06-30 MEDIUM 4.5 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.33.9,…
CVE-2025-52491 2025-06-30 MEDIUM 5.8 Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.
CVE-2025-49493 2025-06-30 MEDIUM 5.8 Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.
CVE-2024-53621 2025-06-30 HIGH 7.5 A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2023-47310 2025-06-30 MEDIUM 6.5 A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.
CVE-2025-6925 2025-06-30 MEDIUM 5.3 A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component…
CVE-2025-5730 2025-06-30 MEDIUM 4.3 The Contact Form Plugin WordPress plugin before 1.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform…
CVE-2025-45931 2025-06-30 CRITICAL 9.8 An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
CVE-2025-36593 2025-06-30 HIGH 8.8 Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit…
CVE-2025-45143 2025-06-30 HIGH 7.0 string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.
CVE-2025-3745 2025-06-30 MEDIUM 6.3 The WP Lightbox 2 WordPress plugin before 3.0.6.8 does not correctly sanitize the value of the title attribute of links before using them, which may allow malicious users…
CVE-2025-26074 2025-06-30 CRITICAL 9.8 Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.
CVE-2025-6917 2025-06-30 HIGH 7.3 A vulnerability has been found in code-projects Online Hotel Booking 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/registration.php. The manipulation of the…
CVE-2025-52898 2025-06-30 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, a carefully crafted request could lead to a malicious actor getting access to a user's…
CVE-2025-6915 2025-06-30 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Student Record System 3.2. Affected by this issue is some unknown functionality of the file /register.php.…
CVE-2025-52896 2025-06-30 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 14.94.2 and 15.57.0, authenticated users could upload carefully crafted malicious files via Data Import, leading to cross-site scripting…
CVE-2025-52895 2025-06-30 N/A 0.0 Frappe is a full-stack web application framework. Prior to versions 14.94.3 and 15.58.0, SQL injection could be achieved via a specially crafted request, which could allow malicious person…
CVE-2025-47871 2025-06-30 MEDIUM 4.3 Mattermost versions 10.5.x
CVE-2025-46702 2025-06-30 MEDIUM 5.4 Mattermost versions 10.5.x
CVE-2025-6914 2025-06-30 MEDIUM 6.3 A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of…
CVE-2025-6913 2025-06-30 MEDIUM 6.3 A vulnerability classified as critical has been found in PHPGurukul Student Record System 3.2. Affected is an unknown function of the file /admin-profile.php. The manipulation of the argument…
CVE-2024-12915 2025-06-30 MEDIUM 4.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Devinim Software Library Software allows Reflected XSS.This issue affects Library Software: before 24.11.02.
CVE-2025-6912 2025-06-30 MEDIUM 6.3 A vulnerability was found in PHPGurukul Student Record System 3.2. It has been rated as critical. This issue affects some unknown processing of the file /manage-students.php. The manipulation…
CVE-2025-6911 2025-06-30 MEDIUM 6.3 A vulnerability was found in PHPGurukul Student Record System 3.2. It has been declared as critical. This vulnerability affects unknown code of the file /manage-subjects.php. The manipulation of…
CVE-2025-2895 2025-06-30 MEDIUM 5.4 IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,…
CVE-2025-6910 2025-06-30 MEDIUM 6.3 A vulnerability was found in PHPGurukul Student Record System 3.2. It has been classified as critical. This affects an unknown part of the file /session.php. The manipulation of…
CVE-2025-6909 2025-06-30 MEDIUM 6.3 A vulnerability has been found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-6908 2025-06-30 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/edit-services.php. The manipulation…
CVE-2025-6907 2025-06-30 HIGH 7.3 A vulnerability classified as critical was found in code-projects Car Rental System 1.0. This vulnerability affects unknown code of the file /book_car.php. The manipulation of the argument fname…
CVE-2025-6906 2025-06-30 HIGH 7.3 A vulnerability classified as critical has been found in code-projects Car Rental System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument…
CVE-2025-6905 2025-06-30 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Car Rental System 1.0. This issue affects some unknown processing of the file /signup.php. The manipulation…
CVE-2025-4407 2025-06-30 MEDIUM 6.7 Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1.
CVE-2025-6904 2025-06-30 HIGH 7.3 A vulnerability was found in code-projects Car Rental System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php.…
CVE-2025-6903 2025-06-30 HIGH 7.3 A vulnerability was found in code-projects Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php.…
CVE-2025-40710 2025-06-30 N/A 0.0 Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do…
CVE-2025-6902 2025-06-30 HIGH 7.3 A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /php_action/editUser.php. The manipulation of…
CVE-2025-6901 2025-06-30 HIGH 7.3 A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /php_action/removeUser.php. The manipulation of the…
CVE-2025-41439 2025-06-30 MEDIUM 6.1 A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be…
CVE-2024-8419 2025-06-30 HIGH 7.5 The endpoint hosts a script that allows an unauthorized remote attacker to put the system in a fail-safe state over the network due to missing authentication.
CVE-2025-6900 2025-06-30 MEDIUM 6.3 A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument…
« Anterior Página 1030 de 4307 Siguiente »