Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40658 2025-06-10 N/A 0.0 An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal…
CVE-2025-40657 2025-06-10 N/A 0.0 A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in…
CVE-2025-40656 2025-06-10 N/A 0.0 A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in…
CVE-2025-40655 2025-06-10 N/A 0.0 A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in…
CVE-2025-40654 2025-06-10 N/A 0.0 A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod…
CVE-2025-5743 2025-06-10 MEDIUM 5.5 CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an…
CVE-2025-5742 2025-06-10 MEDIUM 5.4 CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
CVE-2025-5741 2025-06-10 MEDIUM 4.9 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this…
CVE-2025-5740 2025-06-10 HIGH 7.2 CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server…
CVE-2025-5945 2025-06-10 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-4681 2025-06-10 N/A 0.0 Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-4680 2025-06-10 N/A 0.0 Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-3905 2025-06-10 MEDIUM 5.4 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user…
CVE-2025-3899 2025-06-10 MEDIUM 5.4 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious…
CVE-2025-3898 2025-06-10 MEDIUM 6.5 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
CVE-2025-3117 2025-06-10 MEDIUM 5.4 CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user…
CVE-2025-3116 2025-06-10 MEDIUM 6.5 CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to…
CVE-2025-3112 2025-06-10 MEDIUM 6.5 CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
CVE-2025-4954 2025-06-10 N/A 0.0 The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such…
CVE-2025-1041 2025-06-10 CRITICAL 9.9 An improper input validation discovered in Avaya Call Management System could allow an unauthorized remote command via a specially crafted web request. Affected versions include 18.x, 19.x prior…
CVE-2025-5935 2025-06-10 MEDIUM 5.3 A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of…
CVE-2025-3076 2025-06-10 MEDIUM 6.4 The Elementor Website Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_text’ parameter in all versions up to, and including, 3.29.0 due to…
CVE-2025-5925 2025-06-10 MEDIUM 4.3 The Bunny’s Print CSS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.95. This is due to missing or incorrect…
CVE-2025-4601 2025-06-10 HIGH 8.8 The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the…
CVE-2025-4387 2025-06-10 HIGH 8.8 The Abandoned Cart Pro for WooCommerce plugin contains an authenticated arbitrary file upload vulnerability due to missing file type validation in the wcap_add_to_cart_popup_upload_files function in all versions up…
CVE-2024-55595 2025-06-10 N/A 0.0 Rejected reason: Not used
CVE-2025-42998 2025-06-10 MEDIUM 5.3 The security settings in the SAP Business One Integration Framework are not adequately checked, allowing attackers to bypass the 403 Forbidden error and access restricted pages. This leads…
CVE-2025-42996 2025-06-10 MEDIUM 5.6 SAP MDM Server allows an attacker to gain control of existing client sessions and execute certain functions without having to re-authenticate giving the ability to access or modify…
CVE-2025-42995 2025-06-10 HIGH 7.5 SAP MDM Server Read function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then…
CVE-2025-42994 2025-06-10 HIGH 7.5 SAP MDM Server ReadString function allows an attacker to send specially crafted packets which could trigger a memory read access violation in the server process that would then…
CVE-2025-42993 2025-06-10 MEDIUM 6.7 Due to a missing authorization check vulnerability in SAP S/4HANA (Enterprise Event Enablement), an attacker with access to the Inbound Binding Configuration could create an RFC destination and…
CVE-2025-42991 2025-06-10 MEDIUM 4.3 SAP S/4HANA (Bank Account Application) does not perform necessary authorization checks. This allows an authenticated 'approver' user to delete attachment from bank account application of other user, leading…
CVE-2025-42990 2025-06-10 LOW 3.0 Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL.…
CVE-2025-42989 2025-06-10 CRITICAL 9.6 RFC inbound processing�does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation the attacker could critically impact both integrity and…
CVE-2025-42988 2025-06-10 LOW 3.7 Under certain conditions, SAP Business Objects Business Intelligence Platform allows an unauthenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. This disclosure…
CVE-2025-42987 2025-06-10 MEDIUM 4.3 SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing…
CVE-2025-42984 2025-06-10 MEDIUM 5.4 SAP S/4HANA Manage Central Purchase Contract does not perform necessary authorization checks for an authenticated user. Due to this, an attacker could execute the function import on the…
CVE-2025-42983 2025-06-10 HIGH 8.5 SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system…
CVE-2025-42982 2025-06-10 HIGH 8.8 SAP GRC allows a non-administrative user to access and initiate transaction which could allow them to modify or control the transmitted system credentials. This causes high impact on…
CVE-2025-42977 2025-06-10 HIGH 7.6 SAP NetWeaver Visual Composer contains a Directory Traversal vulnerability caused by insufficient validation of input paths provided by a high-privileged user. This allows an attacker to read or…
CVE-2025-31325 2025-06-10 MEDIUM 5.8 Due to a Cross-Site Scripting vulnerability in SAP NetWeaver (ABAP Keyword Documentation), an unauthenticated attacker could inject malicious JavaScript into a web page through an unprotected parameter. When…
CVE-2025-23192 2025-06-10 HIGH 8.2 SAP BusinessObjects Business Intelligence (BI Workspace) allows an unauthenticated attacker to craft and store malicious script within a workspace. When the victim accesses the workspace, the script will…
CVE-2025-0037 2025-06-10 MEDIUM 6.6 In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory…
CVE-2025-0036 2025-06-10 LOW 3.2 In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from…
CVE-2025-30515 2025-06-09 CRITICAL 9.8 CyberData 011209 Intercom could allow an authenticated attacker to upload arbitrary files to multiple locations within the system.
CVE-2025-30507 2025-06-09 MEDIUM 5.3 CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
CVE-2025-30183 2025-06-09 HIGH 7.5 CyberData 011209 Intercom does not properly store or protect web server admin credentials.
CVE-2025-49140 2025-06-09 HIGH 7.5 Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger…
CVE-2025-30184 2025-06-09 CRITICAL 9.8 CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
CVE-2025-49004 2025-06-09 HIGH 7.5 Caido is a web security auditing toolkit. Prior to version 0.48.0, due to the lack of protection for DNS rebinding, Caido can be loaded on an attacker-controlled domain.…
« Anterior Página 1085 de 4308 Siguiente »