Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-3582 2025-06-09 N/A 0.0 The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-3581 2025-06-09 N/A 0.0 The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed,…
CVE-2025-25209 2025-06-09 MEDIUM 5.7 The AuthPolicy metadata on Red Hat Connectivity Link contains an object which stores secretes, however it assumes those secretes are already in the kuadrant-system instead of copying it…
CVE-2025-25208 2025-06-09 MEDIUM 5.7 A Developer persona can bring down the Authorino service, preventing the evaluation of all AuthPolicies on the cluster
CVE-2025-25207 2025-06-09 MEDIUM 5.7 The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks…
CVE-2025-5858 2025-06-09 MEDIUM 6.3 A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient-report.php. The…
CVE-2025-5857 2025-06-09 MEDIUM 6.3 A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /urinalysis_record.php. The manipulation of…
CVE-2025-5856 2025-06-09 HIGH 7.3 A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /registration.php. The manipulation of…
CVE-2025-3461 2025-06-08 CRITICAL 9.1 The Quantenna Wi-Fi chips ship with an unauthenticated telnet interface by default. This is an instance of CWE-306, "Missing Authentication for Critical Function," and is estimated as a…
CVE-2025-3460 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, set_tx_pow, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters…
CVE-2025-3459 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, transmit_file, that is vulnerable to command injection. This is an instance of CWE-88, "Improper Neutralization of Argument Delimiters…
CVE-2025-35010 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is…
CVE-2025-35009 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is…
CVE-2025-35008 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is…
CVE-2025-35007 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFRULE command that can lead to privilege escalation. This is…
CVE-2025-35006 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFPORTFWD command that can lead to privilege escalation. This is…
CVE-2025-35005 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFMAC command that can lead to privilege escalation. This is…
CVE-2025-35004 2025-06-08 HIGH 7.1 Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MFIP command that can lead to privilege escalation. This is…
CVE-2025-32459 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the sync_time argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper…
CVE-2025-32458 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_syslog_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper…
CVE-2025-32457 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the get_file_from_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper…
CVE-2025-32456 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the put_file_to_qtn argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper…
CVE-2025-32455 2025-06-08 HIGH 7.7 The Quantenna Wi-Fi chipset ships with a local control script, router_command.sh (in the run_cmd argument), that is vulnerable to command injection. This is an instance of CWE-88, "Improper…
CVE-2025-5847 2025-06-08 HIGH 8.8 A vulnerability has been found in Tenda AC9 15.03.02.13 and classified as critical. Affected by this vulnerability is the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component…
CVE-2025-27563 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27247 2025-06-08 MEDIUM 5.5 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27242 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2025-27131 2025-06-08 MEDIUM 6.1 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through improper input.
CVE-2025-26693 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-26691 2025-06-08 MEDIUM 5.5 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-25217 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
CVE-2025-24493 2025-06-08 MEDIUM 5.5 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through race condition.
CVE-2025-23235 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through out-of-bounds read.
CVE-2025-21082 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2025-20063 2025-06-08 LOW 3.3 in OpenHarmony v5.0.3 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2025-38004 2025-06-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence…
CVE-2025-38003 2025-06-08 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a…
CVE-2025-5242 2025-06-07 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-5223 2025-06-07 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-5097 2025-06-07 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-5026 2025-06-07 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-49619 2025-06-07 HIGH 8.5 Skyvern through 0.1.85 has a Jinja runtime leak in sdk/workflow/models/block.py.
CVE-2024-55585 2025-06-07 N/A 0.0 In the moPS App through 1.8.618, all users can access administrative API endpoints without additional authentication, resulting in unrestricted read and write access, as demonstrated by /api/v1/users/resetpassword.
CVE-2025-5840 2025-06-07 HIGH 7.3 A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of…
CVE-2025-5839 2025-06-07 HIGH 8.8 A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the…
CVE-2025-5838 2025-06-07 MEDIUM 6.3 A vulnerability classified as critical was found in PHPGurukul Employee Record Management System 1.3. Affected by this vulnerability is an unknown functionality of the file /admin/adminprofile.php. The manipulation…
CVE-2025-5837 2025-06-07 MEDIUM 6.3 A vulnerability classified as critical has been found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file /admin/allemployees.php. The manipulation of the…
CVE-2025-5836 2025-06-07 MEDIUM 6.3 A vulnerability was found in Tenda AC9 15.03.02.13. It has been rated as critical. This issue affects the function formSetIptv of the file /goform/SetIPTVCfg of the component POST…
CVE-2025-5568 2025-06-07 MEDIUM 6.4 The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and…
CVE-2025-5528 2025-06-07 MEDIUM 6.1 The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including,…
« Anterior Página 1089 de 4308 Siguiente »