Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-49582 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. When editing content that contains "dangerous" macros like malicious script macros that were authored by a user with fewer rights, XWiki warns…
CVE-2025-48918 2025-06-13 HIGH 8.8 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
CVE-2025-48916 2025-06-13 MEDIUM 6.5 Missing Authorization vulnerability in Drupal Bookable Calendar allows Forceful Browsing.This issue affects Bookable Calendar: from 0.0.0 before 2.2.13.
CVE-2025-28384 2025-06-13 CRITICAL 9.1 An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVE-2025-28382 2025-06-13 HIGH 7.5 An issue in the openc3-api/tables endpoint of OpenC3 COSMOS 6.0.0 allows attackers to execute a directory traversal.
CVE-2025-48919 2025-06-13 MEDIUM 5.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Simple Klaro allows Cross-Site Scripting (XSS).This issue affects Simple Klaro: from 0.0.0 before 1.10.0.
CVE-2025-48917 2025-06-13 MEDIUM 5.0 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal EU Cookie Compliance (GDPR Compliance) allows Cross-Site Scripting (XSS).This issue affects EU Cookie Compliance (GDPR…
CVE-2025-6052 2025-06-13 LOW 3.7 A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can…
CVE-2025-6035 2025-06-13 MEDIUM 6.6 A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as…
CVE-2025-49581 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right…
CVE-2025-49580 2025-06-13 N/A 0.0 XWiki is a generic wiki platform. From 8.2 and 7.4.5 until 17.1.0-rc-1, 16.10.4, and 16.4.7, pages can gain script or programming rights when they contain a link and…
CVE-2025-46096 2025-06-13 MEDIUM 6.1 Directory Traversal vulnerability in solon v.3.1.2 allows a remote attacker to conduct XSS attacks via the solon-faas-luffy component
CVE-2025-46060 2025-06-13 CRITICAL 9.8 Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
CVE-2025-28389 2025-06-13 CRITICAL 9.8 Weak password requirements in OpenC3 COSMOS v6.0.0 allow attackers to bypass authentication via a brute force attack.
CVE-2025-28388 2025-06-13 CRITICAL 9.8 OpenC3 COSMOS v6.0.0 was discovered to contain hardcoded credentials for the Service Account.
CVE-2025-28381 2025-06-13 HIGH 7.5 A credential leak in OpenC3 COSMOS v6.0.0 allows attackers to access service credentials as environment variables stored in all containers.
CVE-2025-44091 2025-06-12 MEDIUM 5.4 yangyouwang crud v1.0.0 is vulnerable to Cross Site Scripting (XSS) via the role management function.
CVE-2025-6030 2025-06-13 N/A 0.0 Use of fixed learning codes, one code to lock the car and the other code to unlock it, in the Key Fob Transmitter in Cyclone Matrix TRF Smart Keyless Entry…
CVE-2025-6029 2025-06-13 N/A 0.0 Use of fixed learning codes, one code to lock the car and the other code to unlock it, the Key Fob Transmitter in KIA-branded Aftermarket Generic Smart Keyless Entry…
CVE-2025-45988 2025-06-13 CRITICAL 9.8 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection…
CVE-2025-36633 2025-06-13 HIGH 8.8 In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially…
CVE-2025-45987 2025-06-13 CRITICAL 9.8 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain multiple command injection…
CVE-2025-45986 2025-06-13 CRITICAL 9.8 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability…
CVE-2025-45985 2025-06-13 CRITICAL 9.8 Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 were discovered to contain a command injection…
CVE-2025-45984 2025-06-13 CRITICAL 9.8 Blink routers BL-WR9000 V2.4.9, BL-AC1900 V1.0.2, BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 V1.0.5, BL-LTE300 V1.2.3, BL-F1200_AT1 V1.0.0, BL-X26_AC8 V1.2.8, BLAC450M_AE4 V4.0.0 and BL-X26_DA3 V1.2.7 were discovered to contain a command injection…
CVE-2025-36631 2025-06-13 HIGH 8.4 In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at…
CVE-2025-28386 2025-06-13 N/A 0.0 A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
CVE-2025-28380 2025-06-13 N/A 0.0 A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
CVE-2025-22240 2025-06-13 MEDIUM 6.3 Arbitrary directory creation or file deletion. In the find_file method of the GitFS class, a path is created using os.path.join using unvalidated input from the “tgt_env” variable. This…
CVE-2025-22239 2025-06-13 HIGH 8.1 Arbitrary event injection on Salt Master. The master's "_minion_event" method can be used by and authorized minion to send arbitrary events onto the master's event bus.
CVE-2025-22238 2025-06-13 MEDIUM 4.2 Directory traversal attack in minion file cache creation. The master's default cache is vulnerable to a directory traversal attack. Which could be leveraged to write or overwrite 'cache'…
CVE-2025-22237 2025-06-13 MEDIUM 6.7 An attacker with access to a minion key can exploit the 'on demand' pillar functionality with a specially crafted git url which could cause and arbitrary command to…
CVE-2025-22236 2025-06-13 HIGH 8.1 Minion event bus authorization bypass. An attacker with access to a minion key can craft a message which may be able to execute a job on other minions…
CVE-2024-38825 2025-06-13 MEDIUM 6.4 The salt.auth.pki module does not properly authenticate callers. The "password" field contains a public certificate which is validated against a CA certificate by the module. This is not…
CVE-2024-38823 2025-06-13 LOW 2.7 Salt's request server is vulnerable to replay attacks when not using a TLS encrypted transport.
CVE-2025-49468 2025-06-13 N/A 0.0 A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the…
CVE-2025-29902 2025-06-13 CRITICAL 10.0 Remote code execution that allows unauthorized users to execute arbitrary code on the server machine.
CVE-2025-49186 2025-06-12 MEDIUM 5.3 The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks.
CVE-2025-49182 2025-06-12 HIGH 7.5 Files in the source code contain login credentials for the admin user and the property configuration password, allowing an attacker to get full access to the application.
CVE-2025-48825 2025-06-13 LOW 2.5 RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a…
CVE-2025-46783 2025-06-13 CRITICAL 9.8 Path traversal vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If this vulnerability is exploited, arbitrary code may be executed on the PC…
CVE-2025-36506 2025-06-13 MEDIUM 6.5 External control of file name or path issue exists in RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.242.0. If an attacker sends a specially crafted request,…
CVE-2025-6012 2025-06-13 MEDIUM 5.5 The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization…
CVE-2025-39240 2025-06-13 HIGH 7.2 Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted…
CVE-2024-38824 2025-06-13 CRITICAL 9.6 Directory traversal vulnerability in recv_file method allows arbitrary files to be written to the master cache directory.
CVE-2025-5923 2025-06-13 MEDIUM 6.4 The Game Review Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 4.8.1 due to insufficient…
CVE-2025-22242 2025-06-13 MEDIUM 5.6 Worker process denial of service through file read operation. .A vulnerability exists in the Master's “pub_ret” method which is exposed to all minions. The un-sanitized input value “jid”…
CVE-2025-22241 2025-06-13 MEDIUM 5.6 File contents overwrite the VirtKey class is called when “on-demand pillar” data is requested and uses un-validated input to create paths to the “pki directory”. The functionality is…
CVE-2024-38822 2025-06-13 LOW 2.7 Multiple methods in the salt master skip minion token validation. Therefore a misbehaving minion can impersonate another minion.
CVE-2025-4229 2025-06-13 N/A 0.0 An information disclosure vulnerability in the SD-WAN feature of Palo Alto Networks PAN-OS® software enables an unauthorized user to view unencrypted data sent from the firewall through the…
« Anterior Página 1071 de 4308 Siguiente »