Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-45380 2025-06-17 N/A 0.0 Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2024-45069 2025-06-17 N/A 0.0 Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2024-45065 2025-06-17 N/A 0.0 Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2024-43422 2025-06-17 N/A 0.0 Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2024-21856 2025-06-17 N/A 0.0 Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
CVE-2025-3464 2025-06-16 N/A 0.0 A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury…
CVE-2025-6139 2025-06-16 LOW 3.9 A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation…
CVE-2025-49134 2025-06-16 N/A 0.0 Weblate is a web based localization tool. Prior to version 5.12, the audit log notifications included the full IP address of the acting user. This could be obtained…
CVE-2025-47951 2025-06-16 MEDIUM 4.9 Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting…
CVE-2025-32800 2025-06-16 N/A 0.0 Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI.…
CVE-2025-32799 2025-06-16 N/A 0.0 Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization…
CVE-2025-6137 2025-06-16 HIGH 8.8 A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler.…
CVE-2025-6136 2025-06-16 MEDIUM 6.3 A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The…
CVE-2025-32798 2025-06-16 N/A 0.0 Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution…
CVE-2025-49125 2025-06-16 N/A 0.0 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Tomcat.  When using PreResources or PostResources mounted other than at the root of the web application, it…
CVE-2025-49124 2025-06-16 N/A 0.0 Untrusted Search Path vulnerability in Apache Tomcat installer for Windows. During installation, the Tomcat installer for Windows used icacls.exe without specifying a full path. This issue affects Apache…
CVE-2025-48988 2025-06-16 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.…
CVE-2025-48976 2025-06-16 N/A 0.0 Allocation of resources for multipart headers with insufficient limits enabled a DoS vulnerability in Apache Commons FileUpload. This issue affects Apache Commons FileUpload: from 1.0 before 1.6; from…
CVE-2025-4748 2025-06-16 N/A 0.0 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Erlang OTP (stdlib modules) allows Absolute Path Traversal, File Manipulation. This vulnerability is associated with…
CVE-2025-6135 2025-06-16 MEDIUM 6.3 A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation…
CVE-2025-6134 2025-06-16 MEDIUM 6.3 A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation…
CVE-2025-6087 2025-06-16 N/A 0.0 A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed…
CVE-2025-32797 2025-06-16 N/A 0.0 Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, The write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file…
CVE-2025-6133 2025-06-16 MEDIUM 6.3 A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The…
CVE-2025-6177 2025-06-16 HIGH 7.4 Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell…
CVE-2025-6132 2025-06-16 HIGH 7.3 A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of…
CVE-2025-6131 2025-06-16 LOW 2.4 A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST…
CVE-2025-6130 2025-06-16 HIGH 8.8 A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP…
CVE-2025-6172 2025-06-16 CRITICAL 9.8 Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation.
CVE-2025-5309 2025-06-16 N/A 0.0 The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2025-47869 2025-06-16 CRITICAL 9.8 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability was discovered in Apache NuttX RTOS apps/exapmles/xmlrpc application. In this example application device stats structure that…
CVE-2025-47868 2025-06-16 CRITICAL 9.8 Out-of-bounds Write resulting in possible Heap-based Buffer Overflow vulnerability was discovered in tools/bdf-converter font conversion utility that is part of Apache NuttX RTOS repository. This standalone program is…
CVE-2025-2327 2025-06-16 N/A 0.0 A flaw exists in FlashArray whereby the Key Encryption Key (KEK) is logged during key rotation when RDL is configured.
CVE-2025-6170 2025-06-16 LOW 2.5 A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program…
CVE-2025-6129 2025-06-16 HIGH 8.8 A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The…
CVE-2025-6128 2025-06-16 HIGH 8.8 A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler.…
CVE-2025-49796 2025-06-16 CRITICAL 9.1 A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft…
CVE-2025-49795 2025-06-16 HIGH 7.5 A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading…
CVE-2025-49794 2025-06-16 CRITICAL 9.1 A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows…
CVE-2025-6127 2025-06-16 LOW 3.5 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the…
CVE-2025-6126 2025-06-16 MEDIUM 4.3 A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file…
CVE-2025-4565 2025-06-16 N/A 0.0 Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be…
CVE-2025-3594 2025-06-16 N/A 0.0 Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older…
CVE-2025-3526 2025-06-16 N/A 0.0 SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsupported versions does not restrict the…
CVE-2025-6125 2025-06-16 LOW 2.4 A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/aboutus.php. The manipulation…
CVE-2025-6124 2025-06-16 HIGH 7.3 A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the…
CVE-2025-3602 2025-06-16 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix…
CVE-2025-40916 2025-06-16 CRITICAL 9.1 Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as…
CVE-2025-36632 2025-06-16 HIGH 7.8 In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
CVE-2025-6123 2025-06-16 HIGH 7.3 A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the…
« Anterior Página 1068 de 4308 Siguiente »