Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6433 2025-06-24 N/A 0.0 If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would…
CVE-2025-6432 2025-06-24 N/A 0.0 When Multi-Account Containers was enabled, DNS requests could have bypassed a SOCKS proxy when the domain name was invalid or the SOCKS proxy was not responding. This vulnerability…
CVE-2025-6431 2025-06-24 N/A 0.0 When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this…
CVE-2025-6430 2025-06-24 N/A 0.0 When a file download is specified via the `Content-Disposition` header, that directive would be ignored if the file was included via a `<embed>` or `<object>` tag, potentially making…
CVE-2025-6429 2025-06-24 N/A 0.0 Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an `embed` tag. This could have bypassed website…
CVE-2025-6428 2025-06-24 N/A 0.0 When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks. *This…
CVE-2025-6427 2025-06-24 N/A 0.0 An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab…
CVE-2025-6426 2025-06-24 N/A 0.0 The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.*…
CVE-2025-6425 2025-06-24 N/A 0.0 An attacker who enumerated resources from the WebCompat extension could have obtained a persistent UUID that identified the browser, and persisted between containers and normal/private browsing mode, but…
CVE-2025-6424 2025-06-24 N/A 0.0 A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox < 140, Firefox ESR < 115.25, and Firefox ESR < 128.12.
CVE-2025-6206 2025-06-24 HIGH 7.5 The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to…
CVE-2025-3092 2025-06-24 HIGH 7.5 An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint.
CVE-2025-3091 2025-06-24 HIGH 7.5 An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
CVE-2025-5258 2025-06-24 MEDIUM 6.4 The Conference Scheduler plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 2.5.1 due to insufficient input…
CVE-2025-3090 2025-06-24 HIGH 8.2 An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function.
CVE-2025-2962 2025-06-24 HIGH 7.5 A denial-of-service issue in the dns implemenation could cause an infinite loop.
CVE-2025-48890 2025-06-24 CRITICAL 9.8 WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in miniigd SOAP service. If a remote unauthenticated attacker…
CVE-2025-43879 2025-06-24 CRITICAL 9.8 WRH-733GBK and WRH-733GWH contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in the telnet function. If a remote unauthenticated attacker…
CVE-2025-43877 2025-06-24 MEDIUM 5.4 WRC-1167GHBK2-S contains a stored cross-site scripting vulnerability in WebGUI. If exploited, an arbitrary script may be executed on the web browser of the user who accessed WebGUI of…
CVE-2025-41427 2025-06-24 HIGH 8.8 WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated…
CVE-2025-36519 2025-06-24 MEDIUM 4.3 Unrestricted upload of file with dangerous type issue exists in WRC-2533GST2 and WRC-1167GST2. If a specially crafted file is uploaded by a remote authenticated attacker, arbitrary code may…
CVE-2025-52570 2025-06-24 N/A 0.0 Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and…
CVE-2025-52568 2025-06-24 N/A 0.0 NeKernal is a free and open-source operating system stack. Prior to version 0.0.3, there are several memory safety issues that can lead to memory corruption, disk image corruption,…
CVE-2025-52566 2025-06-24 HIGH 8.6 llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036)…
CVE-2025-47943 2025-06-24 MEDIUM 6.3 Gogs is an open source self-hosted Git service. In application version 0.14.0+dev and prior, there is a stored cross-site scripting (XSS) vulnerability present in Gogs, which allows client-side…
CVE-2024-56731 2025-06-24 CRITICAL 10.0 Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it's still possible to delete files under the .git directory and achieve remote command execution due…
CVE-2025-6560 2025-06-24 CRITICAL 9.8 Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator…
CVE-2025-6559 2025-06-24 CRITICAL 9.8 Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected…
CVE-2025-6552 2025-06-24 MEDIUM 4.3 A vulnerability was found in java-aodeng Hope-Boot 1.0.0. It has been classified as problematic. Affected is the function doLogin of the file /src/main/java/com/hope/controller/WebController.java of the component Login. The…
CVE-2025-52979 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52978 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52977 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52976 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52975 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52974 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52973 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52972 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52971 2025-06-24 N/A 0.0 Rejected reason: Not used
CVE-2025-52574 2025-06-24 HIGH 7.5 SysmonElixir is a system monitor HTTP service in Elixir. Prior to version 1.0.1, the /read endpoint reads any file from the server's /etc/passwd by default. In v1.0.1, a…
CVE-2025-52560 2025-06-24 HIGH 8.1 Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard allows password reset emails to be sent with URLs derived from the…
CVE-2025-48470 2025-06-24 MEDIUM 4.1 Successful exploitation of the stored cross-site scripting vulnerability could allow an attacker to inject malicious scripts into device fields and executed in other users’ browser, potentially leading to…
CVE-2025-48469 2025-06-24 CRITICAL 9.6 Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload firmware through a public update page, potentially leading to backdoor installation or privilege escalation.
CVE-2025-48468 2025-06-24 MEDIUM 6.4 Successful exploitation of the vulnerability could allow an attacker that has physical access to interface with JTAG to inject or modify firmware.
CVE-2025-48467 2025-06-24 MEDIUM 6.5 Successful exploitation of the vulnerability could allow an attacker to cause repeated reboots, potentially leading to remote denial-of-service and system unavailability.
CVE-2025-48466 2025-06-24 HIGH 8.1 Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to send Modbus TCP packets to manipulate Digital Outputs, potentially allowing remote control of relay channel which…
CVE-2025-48463 2025-06-24 LOW 3.1 Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication,…
CVE-2025-48462 2025-06-24 MEDIUM 4.2 Successful exploitation of the vulnerability could allow an attacker to consume all available session slots and block other users from logging in, thereby preventing legitimate users from gaining…
CVE-2025-48461 2025-06-24 MEDIUM 5.0 Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers…
CVE-2025-34038 2025-06-24 N/A 0.0 A SQL injection vulnerability exists in Fanwei e-cology 8.0 via the getdata.jsp endpoint. The application directly passes unsanitized user input from the sql parameter into a database query…
CVE-2025-34037 2025-06-24 N/A 0.0 An OS command injection vulnerability exists in various models of E-Series Linksys routers via the /tmUnblock.cgi and /hndUnblock.cgi endpoints over HTTP on port 8080. The CGI scripts improperly process…
« Anterior Página 1045 de 4307 Siguiente »