Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11306 2025-10-05 MEDIUM 4.3 A vulnerability was found in qianfox FoxCMS up to 1.2. This affects an unknown part of the file /index.php/Search of the component Search Page. The manipulation of the…
CVE-2025-11305 2025-10-05 HIGH 8.8 A vulnerability has been found in UTT HiPER 840G up to 3.1.1-190328. Affected by this issue is the function strcpy of the file /goform/formTaskEdit. The manipulation of the…
CVE-2025-11304 2025-10-05 MEDIUM 6.3 A flaw has been found in CodeCanyon/ui-lib Mentor LMS up to 1.1.1. Affected by this vulnerability is an unknown functionality of the component API. Executing manipulation can lead…
CVE-2025-10363 2025-10-06 N/A 0.0 Deserialization of Untrusted Data vulnerability in Topal Solutions AG Topal Finanzbuchhaltung on Windows allows Remote Code Execution.This issue affects at least Topal Finanzbuchhaltung: 10.1.5.20 and is fixed in…
CVE-2025-0038 2025-10-06 MEDIUM 6.6 In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces…
CVE-2025-11303 2025-10-05 MEDIUM 6.3 A vulnerability was detected in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/mp. Performing manipulation of the argument command results in command injection. The…
CVE-2025-11302 2025-10-05 HIGH 8.8 A security vulnerability has been detected in Belkin F9K1015 1.00.10. This impacts an unknown function of the file /goform/formWpsStart. Such manipulation of the argument pinCode leads to buffer…
CVE-2025-11301 2025-10-05 HIGH 8.8 A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The…
CVE-2025-61765 2025-10-06 MEDIUM 6.4 python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary…
CVE-2025-61687 2025-10-06 HIGH 8.3 Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users…
CVE-2025-61224 2025-10-06 MEDIUM 6.5 Cross Site Scripting vulnerability in DokuWiki 2025-05-14a 'Librarian'[56.1] allows a remote attacker to execute arbitrary code via the q parameter
CVE-2025-59159 2025-10-06 CRITICAL 9.6 SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior…
CVE-2025-59152 2025-10-06 HIGH 7.5 Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting…
CVE-2025-11338 2025-10-06 HIGH 8.8 A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation…
CVE-2025-52472 2025-10-06 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and…
CVE-2025-49594 2025-10-06 N/A 0.0 XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user…
CVE-2025-61198 2025-10-06 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in Optimod 5950 - Optimod 5950HD - Optimod 5750 - Optimod 5750HD - Optimod Trio - Optimod version 1.0.0.33 - System version…
CVE-2025-61197 2025-10-06 HIGH 8.9 An issue in Orban Optimod 5950, Optimod 5950HD, Optimod 5750, Optimod 5750HD, Optimod Trio Optimod version 1.0.0.33 - System version 2.5.26 allows a remote attacker to escalate privileges…
CVE-2025-11309 2025-10-05 HIGH 7.3 A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the…
CVE-2025-0607 2025-10-06 MEDIUM 4.3 Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.
CVE-2023-49886 2025-10-06 CRITICAL 9.8 IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input,…
CVE-2025-11337 2025-10-06 MEDIUM 5.3 A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName…
CVE-2025-11336 2025-10-06 MEDIUM 5.3 A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such…
CVE-2025-11335 2025-10-06 MEDIUM 4.7 A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd.…
CVE-2025-11334 2025-10-06 HIGH 7.3 A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument…
CVE-2025-11333 2025-10-06 LOW 2.4 A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The…
CVE-2025-11332 2025-10-06 LOW 3.5 A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing manipulation of the argument…
CVE-2025-11331 2025-10-06 MEDIUM 4.7 A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation…
CVE-2025-11330 2025-10-06 MEDIUM 6.3 A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument…
CVE-2025-0609 2025-10-06 MEDIUM 4.7 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before…
CVE-2025-0608 2025-10-06 MEDIUM 5.5 URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6.
CVE-2025-11329 2025-10-06 HIGH 7.3 A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql…
CVE-2025-11328 2025-10-06 HIGH 8.8 A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer…
CVE-2025-0606 2025-10-06 MEDIUM 6.0 Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.This issue affects Logo Cloud: before 0.67.
CVE-2025-59734 2025-10-06 N/A 0.0 It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame. Stored frames can later be referenced by FTCH chunks. For…
CVE-2025-59733 2025-10-06 N/A 0.0 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that…
CVE-2025-59732 2025-10-06 N/A 0.0 When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or…
CVE-2025-59731 2025-10-06 N/A 0.0 When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output…
CVE-2025-59730 2025-10-06 N/A 0.0 When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48…
CVE-2025-59729 2025-10-06 N/A 0.0 When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated…
CVE-2025-59728 2025-10-06 N/A 0.0 When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it…
CVE-2025-11327 2025-10-06 HIGH 8.8 A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based…
CVE-2025-11326 2025-10-06 HIGH 8.8 A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing manipulation of the argument wifi_chkHz can lead to stack-based…
CVE-2025-9914 2025-10-06 MEDIUM 4.3 The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access.…
CVE-2025-9913 2025-10-06 MEDIUM 4.5 JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
CVE-2025-58591 2025-10-06 MEDIUM 6.5 A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.
CVE-2025-58590 2025-10-06 MEDIUM 6.5 It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
CVE-2025-58589 2025-10-06 LOW 2.7 When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58587 2025-10-06 MEDIUM 6.5 The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.
CVE-2025-58586 2025-10-06 MEDIUM 5.3 For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an…
« Anterior Página 109 de 3646 Siguiente »