Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6616 2025-06-25 HIGH 8.8 A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWAN_Wizard51 of the file /goform/formSetWAN_Wizard51. The manipulation of the argument…
CVE-2025-6442 2025-06-25 MEDIUM 6.5 Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when…
CVE-2025-5015 2025-06-25 HIGH 8.8 A cross-site scripting vulnerability exists in the AccuWeather and Custom RSS widget that allows an unauthenticated user to replace the RSS feed URL with a malicious one.
CVE-2025-52999 2025-06-25 N/A 0.0 jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and…
CVE-2025-52894 2025-06-25 N/A 0.0 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 allowed an attacker to perform unauthenticated,…
CVE-2025-52893 2025-06-25 MEDIUM 4.5 OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. OpenBao before v2.3.0 may leak sensitive information in logs…
CVE-2025-52569 2025-06-25 N/A 0.0 GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the…
CVE-2025-52483 2025-06-25 N/A 0.0 Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned…
CVE-2025-52480 2025-06-25 N/A 0.0 Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned…
CVE-2025-4656 2025-06-25 LOW 3.1 Vault Community and Vault Enterprise rekey and recovery key operations can lead to a denial of service due to uncontrolled cancellation by a Vault operator. This vulnerability (CVE-2025-4656)…
CVE-2025-49153 2025-06-25 CRITICAL 9.8 MICROSENS NMP Web+ could allow an unauthenticated attacker to overwrite files and execute arbitrary code.
CVE-2025-49152 2025-06-25 HIGH 7.5 MICROSENS NMP Web+ contain JSON Web Tokens (JWT) that do not expire, which could allow an attacker to gain access to the system.
CVE-2025-49151 2025-06-25 CRITICAL 9.1 MICROSENS NMP Web+ could allow an unauthenticated attacker to generate forged JSON Web Tokens (JWT) to bypass authentication.
CVE-2025-20282 2025-06-25 CRITICAL 10.0 A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then…
CVE-2025-44206 2025-06-25 MEDIUM 4.6 Hexagon HxGN OnCall Dispatch Advantage (Web) v10.2309.03.00264 and Hexagon HxGN OnCall Dispatch Advantage (Mobile) v10.2402 are vulnerable to Cross Site Scripting (XSS) which allows a remote authenticated attacker…
CVE-2025-6615 2025-06-25 HIGH 8.8 A vulnerability, which was classified as critical, was found in D-Link DIR-619L 2.06B01. This affects the function formAutoDetecWAN_wizard4 of the file /goform/formAutoDetecWAN_wizard4. The manipulation of the argument curTime…
CVE-2025-6614 2025-06-25 HIGH 8.8 A vulnerability, which was classified as critical, has been found in D-Link DIR-619L 2.06B01. Affected by this issue is the function formSetWANType_Wizard5 of the file /goform/formSetWANType_Wizard5. The manipulation…
CVE-2025-6612 2025-06-25 HIGH 7.3 A vulnerability was found in code-projects Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /php_action/removeCategories.php. The manipulation…
CVE-2025-6611 2025-06-25 HIGH 7.3 A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/createBrand.php. The manipulation of…
CVE-2025-52479 2025-06-25 N/A 0.0 HTTP.jl provides HTTP client and server functionality for Julia, and URIs.jl parses and works with Uniform Resource Identifiers (URIs). URIs.jl prior to version 1.6.0 and HTTP.jl prior to…
CVE-2025-50179 2025-06-25 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a cross-site request forgery vulnerability in Tuleap Community Edition prior…
CVE-2025-50178 2025-06-25 N/A 0.0 GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function…
CVE-2025-49845 2025-06-25 N/A 0.0 Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the…
CVE-2025-25905 2025-06-25 HIGH 7.1 Cross-Site Scripting (XSS) vulnerability in CADClick v1.13.0 and before allows remote attackers to inject arbitrary web script or HTML via the "tree" parameter.
CVE-2025-20281 2025-06-25 CRITICAL 9.8 A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as…
CVE-2025-20264 2025-06-25 MEDIUM 6.4 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.…
CVE-2024-27685 2025-06-25 HIGH 7.1 SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname,…
CVE-2025-6610 2025-06-25 MEDIUM 4.7 A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The…
CVE-2025-6609 2025-06-25 MEDIUM 6.3 A vulnerability was found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /panel/bwdates-reports-details.php. The…
CVE-2025-6608 2025-06-25 MEDIUM 6.3 A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /panel/edit-services.php.…
CVE-2025-6607 2025-06-25 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/stock.php. The manipulation of…
CVE-2025-6606 2025-06-25 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. This issue affects some unknown processing of the file /panel/add-services.php. The…
CVE-2025-6605 2025-06-25 MEDIUM 6.3 A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. This vulnerability affects unknown code of the file /panel/edit-staff.php. The manipulation of the argument…
CVE-2025-6604 2025-06-25 MEDIUM 6.3 A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add-staff.php. The manipulation of the…
CVE-2025-6583 2025-06-25 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /view-appointment.php. The manipulation of…
CVE-2025-6582 2025-06-25 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-6581 2025-06-24 MEDIUM 6.3 A vulnerability classified as critical was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-customer.php. The manipulation…
CVE-2025-6580 2025-06-24 HIGH 7.3 A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the component Login. The manipulation of the…
CVE-2025-49135 2025-06-25 N/A 0.0 CVAT is an open source interactive video and image annotation tool for computer vision. Versions 2.2.0 through 2.39.0 have no validation during the import process of a project…
CVE-2024-51984 2025-06-25 MEDIUM 6.8 An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present…
CVE-2024-51983 2025-06-25 HIGH 7.5 An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will…
CVE-2024-51982 2025-06-25 HIGH 7.5 An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot,…
CVE-2024-51981 2025-06-25 MEDIUM 5.3 An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This…
CVE-2024-51980 2025-06-25 MEDIUM 5.3 An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an…
CVE-2021-4457 2025-06-25 N/A 0.0 The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server.
CVE-2021-41691 2025-06-24 CRITICAL 9.8 A SQL injection vulnerability exists in OS4Ed Open Source Information System Community v8.0 via the "student_id" and "TRANSFER{SCHOOL]" parameters in POST request sent to /TransferredOutModal.php.
CVE-2025-6570 2025-06-24 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 4.0. Affected by this issue is some unknown functionality of the file /doctor/search.php.…
CVE-2025-48991 2025-06-25 MEDIUM 4.6 Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version…
CVE-2025-48954 2025-06-25 HIGH 8.1 Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6…
CVE-2025-41256 2025-06-25 HIGH 7.4 Cyberduck and Mountain Duck improper handle TLS certificate pinning for untrusted certificates (e.g., self-signed), since the certificate fingerprint is stored as SHA-1, although SHA-1 is considered weak. This…
« Anterior Página 1042 de 4307 Siguiente »