Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-34034 2025-06-24 N/A 0.0 A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are…
CVE-2025-34033 2025-06-24 N/A 0.0 An OS command injection vulnerability exists in the Blue Angel Software Suite running on embedded Linux devices via the ping_addr parameter in the webctrl.cgi script. The application fails…
CVE-2025-34032 2025-06-24 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly…
CVE-2025-34031 2025-06-24 N/A 0.0 A path traversal vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the query parameter in jsmol.php. The script directly passes user input to…
CVE-2025-6536 2025-06-24 LOW 3.3 A vulnerability has been found in Tarantool up to 3.3.1 and classified as problematic. Affected by this vulnerability is the function tm_to_datetime in the library src/lib/core/datetime.c. The manipulation…
CVE-2025-34041 2025-06-24 N/A 0.0 An OS command injection vulnerability exists in the Chinese versions of Sangfor Endpoint Detection and Response (EDR) management platform versions 3.2.16, 3.2.17, and 3.2.19. The vulnerability allows unauthenticated…
CVE-2025-34040 2025-06-24 N/A 0.0 An arbitrary file upload vulnerability exists in the Zhiyuan OA platform 5.0, 5.1 - 5.6sp1, 6.0 - 6.1sp2, 7.0, 7.0sp1 - 7.1, 7.1sp1, and 8.0 - 8.0sp2 via…
CVE-2025-34039 2025-06-24 N/A 0.0 A code injection vulnerability exists in Yonyou UFIDA NC v6.5 and prior due to the exposure of the BeanShell testing servlet (bsh.servlet.BshServlet) without proper access controls. The servlet…
CVE-2025-6534 2025-06-24 MEDIUM 4.2 A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File…
CVE-2025-6533 2025-06-24 MEDIUM 5.6 A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java…
CVE-2025-6532 2025-06-24 MEDIUM 4.3 A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video…
CVE-2025-6531 2025-06-24 MEDIUM 4.3 A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video…
CVE-2025-6530 2025-06-23 MEDIUM 4.8 A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component…
CVE-2025-6529 2025-06-23 HIGH 8.8 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The…
CVE-2025-6528 2025-06-23 MEDIUM 4.3 A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of…
CVE-2025-6527 2025-06-23 LOW 3.1 A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads…
CVE-2025-6526 2025-06-23 LOW 3.1 A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The…
CVE-2025-6525 2025-06-23 MEDIUM 4.3 A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The…
CVE-2025-6524 2025-06-23 LOW 3.1 A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to…
CVE-2025-52562 2025-06-23 CRITICAL 10.0 Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave…
CVE-2025-52561 2025-06-23 N/A 0.0 HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags…
CVE-2025-52558 2025-06-23 N/A 0.0 changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change…
CVE-2025-23092 2025-06-23 N/A 0.0 Mitel OpenScape Accounting Management through V5 R1.1.0 could allow an authenticated attacker with administrative privileges to conduct a path traversal attack due to insufficient sanitization of user input.…
CVE-2025-49574 2025-06-23 MEDIUM 6.4 Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.0, there is a potential data leak when duplicating a duplicated…
CVE-2025-48026 2025-06-23 N/A 0.0 A vulnerability in the WebApl component of Mitel OpenScape Xpressions through V7R1 FR5 HF43 P913 could allow an unauthenticated attacker to conduct a path traversal attack due to…
CVE-2025-44528 2025-06-23 N/A 0.0 An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the…
CVE-2023-47030 2025-06-23 N/A 0.0 An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API…
CVE-2021-47688 2025-06-23 MEDIUM 5.7 In WhiteBeam 0.2.0 through 0.2.1 before 0.2.2, a user with local access to a server can bypass the allow-list functionality because a file can be truncated in the…
CVE-2025-6547 2025-06-23 N/A 0.0 Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2:
CVE-2025-6545 2025-06-23 N/A 0.0 Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.
CVE-2025-6518 2025-06-23 MEDIUM 6.3 A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component…
CVE-2025-50349 2025-06-23 N/A 0.0 PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-teacher-pic.php.
CVE-2025-50348 2025-06-23 N/A 0.0 PHPGurukul Pre-School Enrollment System Project V1.0 is vulnerable to Directory Traversal in update-class-pic.php.
CVE-2025-49144 2025-06-23 HIGH 7.3 Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users…
CVE-2025-49126 2025-06-23 HIGH 8.8 Visionatrix is an AI Media processing tool using ComfyUI. In versions 1.5.0 to before 2.5.1, the /docs/flows endpoint is vulnerable to a Reflected XSS (Cross-Site Scripting) attack allowing…
CVE-2023-47029 2025-06-23 N/A 0.0 An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component
CVE-2025-6516 2025-06-23 MEDIUM 5.3 A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to…
CVE-2025-6511 2025-06-23 HIGH 8.8 A vulnerability classified as critical has been found in Netgear EX6150 1.0.0.46_1.0.76. This affects the function sub_410090. The manipulation leads to stack-based buffer overflow. It is possible to…
CVE-2025-52969 2025-06-23 LOW 2.8 ClickHouse 25.7.1.557 allows low-privileged users to execute shell commands by querying existing Executable() tables created by higher-privileged users. Although the CREATE TABLE privilege is restricted, there is no…
CVE-2023-47031 2025-06-23 N/A 0.0 An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component.
CVE-2025-6510 2025-06-23 HIGH 8.8 A vulnerability was found in Netgear EX6100 1.0.2.28_1.1.138. It has been rated as critical. Affected by this issue is the function sub_415EF8. The manipulation leads to stack-based buffer…
CVE-2025-6509 2025-06-23 LOW 3.5 A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java.…
CVE-2025-4563 2025-06-23 LOW 2.7 A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates…
CVE-2023-50450 2025-06-23 N/A 0.0 An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges.
CVE-2023-47295 2025-06-23 N/A 0.0 A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings.
CVE-2023-47294 2025-06-23 N/A 0.0 An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie.
CVE-2023-47032 2025-06-23 N/A 0.0 Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function.
CVE-2025-52968 2025-06-23 LOW 2.7 xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the…
CVE-2025-52967 2025-06-23 MEDIUM 5.8 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
CVE-2025-52879 2025-06-23 MEDIUM 4.8 In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible
« Anterior Página 1046 de 4307 Siguiente »