Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58585 2025-10-06 MEDIUM 5.3 Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
CVE-2025-58584 2025-10-06 MEDIUM 5.3 In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs,…
CVE-2025-58583 2025-10-06 MEDIUM 5.3 The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-58582 2025-10-06 MEDIUM 5.3 If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible…
CVE-2025-58581 2025-10-06 MEDIUM 4.3 When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58580 2025-10-06 MEDIUM 6.5 An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and…
CVE-2025-58579 2025-10-06 MEDIUM 5.3 Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
CVE-2025-58578 2025-10-06 LOW 3.8 A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or…
CVE-2025-11325 2025-10-06 HIGH 8.8 A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing manipulation of the argument Username…
CVE-2025-11324 2025-10-06 HIGH 8.8 A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to…
CVE-2025-57781 2025-10-06 HIGH 7.8 The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-11323 2025-10-06 HIGH 8.8 A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow.…
CVE-2025-11322 2025-10-06 LOW 3.7 A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page.…
CVE-2025-11321 2025-10-06 MEDIUM 4.3 A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results…
CVE-2025-11320 2025-10-06 MEDIUM 6.3 A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads…
CVE-2025-11319 2025-10-06 MEDIUM 6.3 A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes…
CVE-2025-11318 2025-10-06 HIGH 7.3 A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the…
CVE-2025-11317 2025-10-06 HIGH 7.3 A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort…
CVE-2025-11316 2025-10-06 HIGH 7.3 A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of…
CVE-2025-50538 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
CVE-2025-29192 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
CVE-2025-11315 2025-10-06 HIGH 7.3 A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of…
CVE-2025-11314 2025-10-06 HIGH 7.3 A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument…
CVE-2025-11313 2025-10-06 HIGH 7.3 A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument…
CVE-2025-11312 2025-10-06 HIGH 7.3 A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort…
CVE-2025-11311 2025-10-06 HIGH 7.3 A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation…
CVE-2025-11310 2025-10-06 HIGH 7.3 A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of…
CVE-2025-11300 2025-10-05 HIGH 8.8 A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results…
CVE-2025-11299 2025-10-05 HIGH 8.8 A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer…
CVE-2025-11298 2025-10-05 MEDIUM 6.3 A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection.…
CVE-2025-11297 2025-10-05 HIGH 8.8 A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing manipulation of the argument webpage results in buffer overflow.…
CVE-2025-11296 2025-10-05 HIGH 8.8 A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow.…
CVE-2025-11295 2025-10-05 HIGH 8.8 A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote…
CVE-2025-11294 2025-10-05 HIGH 8.8 A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in…
CVE-2025-11293 2025-10-05 HIGH 8.8 A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn…
CVE-2025-11292 2025-10-05 MEDIUM 6.3 A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing manipulation of the argument wan_ipaddr can lead to command…
CVE-2025-11291 2025-10-05 MEDIUM 4.3 A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handler.…
CVE-2025-11290 2025-10-05 MEDIUM 5.6 A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with…
CVE-2025-8917 2025-10-05 MEDIUM 5.8 A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to…
CVE-2025-11289 2025-10-05 LOW 2.4 A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This…
CVE-2022-50495 2025-10-04 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-8406 2025-10-05 MEDIUM 6.3 ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to…
CVE-2025-11288 2025-10-05 MEDIUM 6.3 A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing…
CVE-2025-11287 2025-10-05 HIGH 7.3 A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack…
CVE-2025-11286 2025-10-05 MEDIUM 4.7 A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the…
CVE-2025-11285 2025-10-05 MEDIUM 6.3 A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args…
CVE-2025-11284 2025-10-05 HIGH 7.3 A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the…
CVE-2025-11283 2025-10-05 LOW 2.4 A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross…
CVE-2025-11282 2025-10-05 LOW 2.4 A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting.…
CVE-2025-61882 2025-10-05 CRITICAL 9.8 Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker…
« Anterior Página 110 de 3646 Siguiente »