Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50367 2025-06-27 MEDIUM 6.1 A stored blind XSS vulnerability exists in the Contact Page of the Phpgurukul Medical Card Generation System 1.0 mcgs/contact.php. The name field fails to properly sanitize user input,…
CVE-2025-45851 2025-06-27 HIGH 7.5 An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge.
CVE-2025-45737 2025-06-27 MEDIUM 6.5 An issue in NetEase (Hangzhou) Network Co., Ltd NeacSafe64 Driver before v1.0.0.8 allows attackers to escalate privileges via sending crafted IOCTL commands to the NeacSafe64.sys component.
CVE-2025-45729 2025-06-27 MEDIUM 6.3 D-Link DIR-823-Pro 1.02 has improper permission control, allowing unauthorized users to turn on and access Telnet services.
CVE-2025-44163 2025-06-27 MEDIUM 6.3 RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/get_wgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the `entity` parameter…
CVE-2025-40910 2025-06-27 MEDIUM 6.5 Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based…
CVE-2025-6773 2025-06-27 MEDIUM 5.3 A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py…
CVE-2025-6772 2025-06-27 HIGH 7.3 A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of…
CVE-2015-0843 2025-06-26 CRITICAL 9.8 yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.
CVE-2015-0842 2025-06-26 CRITICAL 9.8 yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
CVE-2025-6522 2025-06-27 MEDIUM 5.4 Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This…
CVE-2025-5310 2025-06-27 CRITICAL 9.8 Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially…
CVE-2025-53093 2025-06-27 HIGH 8.6 TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the…
CVE-2025-6521 2025-06-27 HIGH 7.6 During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed…
CVE-2025-6705 2025-06-27 N/A 0.0 On open-vsx.org https://open-vsx.org/  it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access…
CVE-2025-52207 2025-06-27 CRITICAL 9.9 PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory.
CVE-2025-46708 2025-06-27 N/A 0.0 Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
CVE-2025-46707 2025-06-27 N/A 0.0 Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
CVE-2025-44559 2025-06-27 N/A 0.0 An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via…
CVE-2025-44557 2025-06-27 N/A 0.0 A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted…
CVE-2024-12364 2025-06-27 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection.This issue affects .  NOTE: The vendor…
CVE-2024-12150 2025-06-27 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did…
CVE-2024-12143 2025-06-27 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects . NOTE:…
CVE-2024-11739 2025-06-27 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1.
CVE-2025-5093 2025-06-27 MEDIUM 5.4 The Responsive Lightbox & Gallery WordPress plugin before 2.5.2 use the Swipebox library which does not validate and escape title attributes before outputting them back in a page/post…
CVE-2025-5035 2025-06-27 MEDIUM 5.4 The Firelight Lightbox WordPress plugin before 2.3.16 does not sanitise and escape title attributes before outputting them in the page, which could allow users with a role as…
CVE-2025-53091 2025-06-27 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in version 3.3.3…
CVE-2025-52553 2025-06-27 N/A 0.0 authentik is an open-source identity provider. After authorizing access to a RAC endpoint, authentik creates a token which is used for a single connection and is sent to…
CVE-2023-38007 2025-06-27 MEDIUM 5.4 IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A…
CVE-2014-0468 2025-06-26 CRITICAL 9.8 Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git,…
CVE-2025-6768 2025-06-27 MEDIUM 6.3 A vulnerability classified as critical has been found in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected is the function findAllHosByCondition of the file HospitalServiceImpl.java. The manipulation of the argument…
CVE-2025-6763 2025-06-27 HIGH 7.5 A vulnerability classified as critical was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. This vulnerability affects unknown code of…
CVE-2025-6762 2025-06-27 MEDIUM 6.3 A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header…
CVE-2025-6750 2025-06-27 LOW 3.3 A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads…
CVE-2025-6731 2025-06-26 MEDIUM 6.3 A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the…
CVE-2025-6702 2025-06-26 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment…
CVE-2025-6701 2025-06-26 LOW 3.5 A vulnerability, which was classified as problematic, has been found in Xuxueli xxl-sso 1.1.0. This issue affects some unknown processing of the file /xxl-sso-server/doLogin. The manipulation of the…
CVE-2025-53339 2025-06-27 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in devnex Devnex Addons For Elementor allows PHP Local File Inclusion. This issue…
CVE-2025-53338 2025-06-27 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in dor re.place allows Stored XSS. This issue affects re.place: from n/a through 0.2.1.
CVE-2025-53336 2025-06-27 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in abditsori My Resume Builder allows Stored XSS. This issue affects My Resume Builder: from n/a through…
CVE-2025-53332 2025-06-27 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in ethoseo Track Everything allows Stored XSS. This issue affects Track Everything: from n/a through 2.0.1.
CVE-2025-53331 2025-06-27 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest allows Stored XSS. This issue affects RSS Digest: from n/a through 1.5.
CVE-2025-53329 2025-06-27 HIGH 7.1 Cross-Site Request Forgery (CSRF) vulnerability in szajenw Społecznościowa 6 PL 2013 allows Stored XSS. This issue affects Społecznościowa 6 PL 2013: from n/a through 2.0.6.
CVE-2025-53327 2025-06-27 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in rui_mashita Aioseo Multibyte Descriptions allows Cross Site Request Forgery. This issue affects Aioseo Multibyte Descriptions: from n/a through 0.0.6.
CVE-2025-53325 2025-06-27 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dilip kumar Beauty Contact Popup Form allows Stored XSS. This issue affects Beauty Contact Popup Form:…
CVE-2025-53323 2025-06-27 MEDIUM 4.3 Missing Authorization vulnerability in danbriapps Pre-Publish Post Checklist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pre-Publish Post Checklist: from n/a through 3.1.
CVE-2025-53322 2025-06-27 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in ZealousWeb Accept Authorize.NET Payments Using Contact Form 7 allows Retrieve Embedded Sensitive Data. This issue affects Accept Authorize.NET Payments…
CVE-2025-53321 2025-06-27 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raise The Money Raise The Money allows DOM-Based XSS. This issue affects Raise The Money: from…
CVE-2025-53320 2025-06-27 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wp Enhanced Free Downloads EDD allows DOM-Based XSS. This issue affects Free Downloads EDD: from n/a…
CVE-2025-53318 2025-06-27 MEDIUM 5.4 Missing Authorization vulnerability in WPManiax WP DB Booster allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP DB Booster: from n/a through 1.0.1.
« Anterior Página 1034 de 4307 Siguiente »