Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4479 2025-06-19 MEDIUM 6.4 The ElementsKit Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin image comparison widget's before/after labels in all versions up to,…
CVE-2025-4367 2025-06-19 MEDIUM 6.4 The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient…
CVE-2025-6201 2025-06-19 MEDIUM 6.4 The Pixel Manager for WooCommerce – Track Conversions and Analytics, Google Ads, TikTok and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's conversion-pixel…
CVE-2025-52467 2025-06-19 CRITICAL 9.1 pgai is a Python library that transforms PostgreSQL into a retrieval engine for RAG and Agentic applications. Prior to commit 8eb3567, the pgai repository was vulnerable to an…
CVE-2025-50183 2025-06-19 MEDIUM 6.5 OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py…
CVE-2025-4661 2025-06-19 N/A 0.0 A path transversal vulnerability in Brocade Fabric OS 9.1.0 through 9.2.2 could allow a local admin user to gain access to files outside the intended directory potentially leading…
CVE-2025-50182 2025-06-19 MEDIUM 5.3 urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide…
CVE-2025-50181 2025-06-19 MEDIUM 5.3 urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries…
CVE-2025-24291 2025-06-19 MEDIUM 6.1 The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending…
CVE-2025-24288 2025-06-19 CRITICAL 9.8 The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access)…
CVE-2025-24287 2025-06-19 MEDIUM 6.1 A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions.
CVE-2025-24286 2025-06-19 HIGH 7.2 A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code.
CVE-2025-23173 2025-06-19 HIGH 7.5 The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080…
CVE-2025-23172 2025-06-19 HIGH 7.2 The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused…
CVE-2025-23171 2025-06-19 HIGH 7.2 The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears…
CVE-2025-23170 2025-06-19 MEDIUM 6.7 The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable…
CVE-2025-23169 2025-06-19 MEDIUM 6.1 The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly…
CVE-2025-23168 2025-06-19 MEDIUM 6.3 The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA…
CVE-2025-23121 2025-06-19 CRITICAL 9.9 A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user
CVE-2024-45208 2025-06-19 CRITICAL 9.8 The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High…
CVE-2025-49591 2025-06-18 N/A 0.0 CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An…
CVE-2025-49590 2025-06-18 N/A 0.0 CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed.…
CVE-2025-26199 2025-06-18 CRITICAL 9.8 An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords.
CVE-2025-6192 2025-06-18 HIGH 8.8 Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-6191 2025-06-18 HIGH 8.8 Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium…
CVE-2025-4955 2025-06-18 MEDIUM 4.7 The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above…
CVE-2025-26198 2025-06-18 CRITICAL 9.8 CloudClassroom-PHP-Project v.1.0 is vulnerable to SQL Injection in loginlinkadmin.php, allowing unauthenticated attackers to bypass authentication and gain administrative access. The application fails to properly sanitize user inputs before…
CVE-2025-44952 2025-06-18 HIGH 7.8 A missing length check in `ogs_pfcp_subnet_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a…
CVE-2025-44951 2025-06-18 HIGH 7.1 A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a…
CVE-2025-29646 2025-06-18 HIGH 7.1 An issue in upf in open5gs 2.7.2 and earlier allows a remote attacker to cause a Denial of Service via a crafted PFCP SessionEstablishmentRequest packet with restoration indication…
CVE-2025-20260 2025-06-18 CRITICAL 9.8 A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition,…
CVE-2025-20271 2025-06-18 HIGH 8.6 A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause…
CVE-2025-20234 2025-06-18 MEDIUM 5.3 A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.…
CVE-2025-1349 2025-06-18 MEDIUM 5.5 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user…
CVE-2025-1348 2025-06-18 MEDIUM 4.0 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 could allow a local user to obtain sensitive information from a user’s…
CVE-2024-54172 2025-06-18 MEDIUM 4.3 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site request forgery which could allow an attacker to…
CVE-2025-4821 2025-06-18 HIGH 7.5 Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might…
CVE-2025-4820 2025-06-18 MEDIUM 5.3 Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might…
CVE-2025-36049 2025-06-18 HIGH 8.8 IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could…
CVE-2025-36048 2025-06-18 HIGH 7.2 IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges.
CVE-2025-46109 2025-06-18 HIGH 8.8 SQL Injection vulnerability in pbootCMS v.3.2.5 and v.3.2.10 allows a remote attacker to obtain sensitive information via a crafted GET request
CVE-2024-54183 2025-06-18 MEDIUM 5.4 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.6 and 6.2.0.0 through 6.2.0.4 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to…
CVE-2025-6240 2025-06-18 N/A 0.0 Improper Input Validation vulnerability in Profisee on Windows (filesystem modules) allows Path Traversal after authentication to the Profisee system.This issue affects Profisee: from 2020R1 before 2024R2.
CVE-2025-45786 2025-06-18 HIGH 8.1 Real Estate Management 1.0 is vulnerable to Cross Site Scripting (XSS) in /store/index.php.
CVE-2025-49015 2025-06-18 MEDIUM 4.9 The Couchbase .NET SDK (client library) before 3.7.1 does not properly enable hostname verification for TLS certificates. In fact, the SDK was also using IP addresses instead of…
CVE-2025-45784 2025-06-18 CRITICAL 9.8 D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these…
CVE-2025-45661 2025-06-18 MEDIUM 5.9 A cross-site scripting (XSS) vulnerability in miniTCG v1.3.1 beta allows attackers to execute abritrary web scripts or HTML via injecting a crafted payload into the id parameter at…
CVE-2022-49988 2025-06-18 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49941 2025-06-18 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-46157 2025-06-18 CRITICAL 9.9 An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
« Anterior Página 1055 de 4307 Siguiente »