Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-46035 2025-06-12 HIGH 7.5 Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP…
CVE-2025-36573 2025-06-12 HIGH 7.1 Dell Smart Dock Firmware, versions prior to 01.00.08.01, contain an Insertion of Sensitive Information into Log File vulnerability. A user with local access could potentially exploit this vulnerability,…
CVE-2025-29744 2025-06-12 N/A 0.0 pg-promise before 11.5.5 is vulnerable to SQL Injection due to improper handling of negative numbers.
CVE-2024-7562 2025-06-12 N/A 0.0 A potential elevated privilege issue has been reported with InstallShield built Standalone MSI setups having multiple InstallScript custom actions configured. All supported versions (InstallShield 2023 R2, InstallShield 2022…
CVE-2024-44906 2025-06-12 N/A 0.0 uptrace pgdriver v1.2.1 was discovered to contain a SQL injection vulnerability via the appendArg function in /pgdriver/format.go.
CVE-2024-44905 2025-06-12 N/A 0.0 go-pg pg v10.13.0 was discovered to contain a SQL injection vulnerability via the component /types/append_value.go.
CVE-2025-49200 2025-06-12 MEDIUM 6.5 The created backup files are unencrypted, making the application vulnerable for gathering sensitive information by downloading and decompressing the backup files.
CVE-2025-49199 2025-06-12 HIGH 8.8 The backup ZIPs are not signed by the application, leading to the possibility that an attacker can download a backup ZIP, modify and re-upload it. This allows the…
CVE-2025-49198 2025-06-12 LOW 3.1 The Media Server’s authorization tokens have a poor quality of randomness. An attacker may be able to guess the token of an active user by computing plausible tokens.
CVE-2025-49197 2025-06-12 MEDIUM 6.5 The application uses a weak password hash function, allowing an attacker to crack the weak password hash to gain access to an FTP user account.
CVE-2025-49196 2025-06-12 MEDIUM 6.5 A service supports the use of a deprecated and unsafe TLS version. This could be exploited to expose sensitive information, modify data in unexpected ways or spoof identities…
CVE-2025-49195 2025-06-12 MEDIUM 5.3 The FTP server’s login mechanism does not restrict authentication attempts, allowing an attacker to brute-force user passwords and potentially compromising the FTP server.
CVE-2025-49194 2025-06-12 HIGH 7.5 The server supports authentication methods in which credentials are sent in plaintext over unencrypted channels. If an attacker were to intercept traffic between a client and this server,…
CVE-2025-49193 2025-06-12 MEDIUM 4.2 The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed…
CVE-2025-49192 2025-06-12 MEDIUM 4.3 The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different…
CVE-2024-56158 2025-06-12 N/A 0.0 XWiki is a generic wiki platform. It's possible to execute any SQL query in Oracle by using the function like DBMS_XMLGEN or DBMS_XMLQUERY. The XWiki query validator does…
CVE-2025-49191 2025-06-12 MEDIUM 4.8 Linked URLs during the creation of iFrame widgets and dashboards are vulnerable to code execution. The URLs get embedded as iFrame widgets, making it possible to attack other…
CVE-2025-49190 2025-06-12 MEDIUM 4.3 The application is vulnerable to Server-Side Request Forgery (SSRF). An endpoint can be used to send server internal requests to other ports.
CVE-2025-49189 2025-06-12 MEDIUM 5.3 The HttpOnlyflag of the session cookie \"@@\" is set to false. Since this flag helps preventing access to cookies via client-side scripts, setting the flag to false can…
CVE-2025-49188 2025-06-12 MEDIUM 5.3 The application sends user credentials as URL parameters instead of POST bodies, making it vulnerable to information gathering.
CVE-2025-49187 2025-06-12 MEDIUM 5.3 For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an…
CVE-2025-49185 2025-06-12 MEDIUM 5.5 The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be…
CVE-2025-49184 2025-06-12 HIGH 7.5 A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
CVE-2025-49183 2025-06-12 HIGH 7.5 All communication with the REST API is unencrypted (HTTP), allowing an attacker to intercept traffic between an actor and the webserver. This leads to the possibility of information…
CVE-2025-49181 2025-06-12 HIGH 8.6 Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to…
CVE-2024-9512 2025-06-12 MEDIUM 5.3 An issue has been discovered in GitLab EE affecting all versions prior to 17.10.8, 17.11 prior to 17.11.4, and 18.0 prior to 18.0.2. It may have been possible…
CVE-2025-6021 2025-06-12 HIGH 7.5 A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory…
CVE-2025-5195 2025-06-12 MEDIUM 4.3 An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. It was possible for authenticated users…
CVE-2025-0673 2025-06-12 HIGH 7.5 An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an…
CVE-2025-5996 2025-06-12 MEDIUM 6.5 An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in…
CVE-2025-4278 2025-06-12 HIGH 8.7 An issue has been discovered in GitLab CE/EE affecting all versions starting with 18.0 before 18.0.2. Under certain conditions html injection in new search page could lead to…
CVE-2025-2254 2025-06-12 HIGH 8.7 An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper…
CVE-2025-1516 2025-06-12 MEDIUM 6.5 An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names…
CVE-2025-1478 2025-06-12 MEDIUM 6.5 An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in…
CVE-2025-6003 2025-06-12 MEDIUM 5.3 The WordPress Single Sign-On (SSO) plugin for WordPress is vulnerable to unauthorized access due to a misconfigured capability check on a function in all versions up to, and…
CVE-2025-4613 2025-06-12 N/A 0.0 Path traversal in Google Web Designer's template handling versions prior to 16.3.0.0407 on Windows allows attacker to achieve remote code execution by tricking users into downloading a malicious…
CVE-2025-5301 2025-06-12 MEDIUM 6.1 ONLYOFFICE Docs (DocumentServer) in versions equal and below 8.3.1 are affected by a reflected cross-site scripting (XSS) issue when opening files via the WOPI protocol. Attackers could inject…
CVE-2025-40592 2025-06-12 MEDIUM 6.1 A vulnerability has been identified in Mendix Studio Pro 10 (All versions < V10.23.0), Mendix Studio Pro 10.12 (All versions < V10.12.17), Mendix Studio Pro 10.18 (All versions…
CVE-2025-5012 2025-06-12 HIGH 8.8 The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to arbitrary file uploads due to missing file type validation in the…
CVE-2025-4973 2025-06-12 CRITICAL 9.8 The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This…
CVE-2025-35978 2025-06-12 HIGH 7.1 Improper restriction of communication channel to intended endpoints issue exists in UpdateNavi V1.4 L10 to L33 and UpdateNaviInstallService Service 1.2.0091 to 1.2.0125. If a local authenticated attacker send…
CVE-2025-6009 2025-06-12 MEDIUM 4.7 A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the…
CVE-2025-6008 2025-06-12 MEDIUM 4.7 A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of…
CVE-2025-6007 2025-06-12 MEDIUM 4.7 A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright…
CVE-2025-6006 2025-06-12 MEDIUM 4.7 A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the…
CVE-2025-6005 2025-06-12 MEDIUM 4.7 A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to…
CVE-2022-4976 2025-06-12 N/A 0.0 Archive::Unzip::Burst from 0.01 through 0.09 for Perl contains a bundled InfoZip library that is affected by several vulnerabilities. The bundled library is affected by CVE-2014-8139, CVE-2014-8140 and CVE-2014-8141.
CVE-2025-32466 2025-06-11 N/A 0.0 A SQL injection vulnerability in RSMediaGallery! component 1.7.4 - 2.1.7 for Joomla was discovered. The issue occurs within the dashboard component, where user-supplied input is not properly sanitized…
CVE-2025-32465 2025-06-11 N/A 0.0 A stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla was discovered. It allows attackers to perform cross-site scripting (XSS) attacks via sending crafted payload.
CVE-2025-30085 2025-06-11 N/A 0.0 Remote code execution vulnerability in RSForm!pro component 3.0.0 - 3.3.14 for Joomla was discovered. The issue occurs within the submission export feature and requires administrative access to the…
« Anterior Página 1073 de 4308 Siguiente »