Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-47161	2025-05-15	HIGH	7.8	Microsoft Defender for Endpoint Elevation of Privilege Vulnerability
CVE-2025-1138	2025-05-15	MEDIUM	4.3	IBM InfoSphere Information Server 11.7 could disclose sensitive information to an authenticated user that could aid in further attacks against the system through a directory listing.
CVE-2024-51475	2025-05-16	MEDIUM	5.4	IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the…
CVE-2025-48174	2025-05-16	MEDIUM	4.5	In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream->offset+size.
CVE-2025-27703	2025-05-28	MEDIUM	6.0	CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged…
CVE-2025-27706	2025-05-28	LOW	3.4	CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system…
CVE-2025-46078	2025-05-29	MEDIUM	5.3	HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server
CVE-2025-46080	2025-05-29	MEDIUM	5.3	HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of…
CVE-2025-41385	2025-05-30	HIGH	7.2	An OS Command Injection issue exists in wivia 5 all versions. If this vulnerability is exploited, an arbitrary OS command may be executed by a logged-in administrative user.
CVE-2025-41406	2025-05-30	MEDIUM	6.1	Cross-site scripting vulnerability exists in wivia 5 all versions. If exploited, when a user connects to the affected device with a specific operation, an arbitrary script may be…
CVE-2025-47697	2025-05-30	HIGH	7.5	Client-side enforcement of server-side security issue exists in wivia 5 all versions. If exploited, an unauthenticated attacker may bypass authentication and operate the affected device as the moderator…
CVE-2025-48486	2025-05-30	MEDIUM	5.4	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the cross-site scripiting (XSS) vulnerability is caused by the lack of input validation and…
CVE-2025-48487	2025-05-30	MEDIUM	4.8	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when creating a translation of a phrase that appears in a flash-message after a…
CVE-2025-48488	2025-05-30	MEDIUM	5.4	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, deleting the file .htaccess allows an attacker to upload an HTML file containing malicious…
CVE-2025-48489	2025-05-30	MEDIUM	4.8	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to insufficient data validation…
CVE-2025-48492	2025-05-30	HIGH	8.8	GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit component can inject arbitrary PHP into…
CVE-2025-48865	2025-05-30	CRITICAL	9.1	Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to…
CVE-2025-48875	2025-05-30	MEDIUM	5.4	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of last_name and first_name during profile data updates allows for…
CVE-2025-3936	2025-05-22	MEDIUM	6.5	Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This…
CVE-2025-3937	2025-05-22	HIGH	7.7	Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This…
CVE-2025-3938	2025-05-22	MEDIUM	6.8	Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before…
CVE-2025-3939	2025-05-22	MEDIUM	5.3	Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before…
CVE-2025-3940	2025-05-22	MEDIUM	5.3	Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue…
CVE-2025-3941	2025-05-22	MEDIUM	5.4	Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects…
CVE-2025-3942	2025-05-22	MEDIUM	4.3	Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue…
CVE-2025-3943	2025-05-22	MEDIUM	4.1	Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter…
CVE-2025-3944	2025-05-22	HIGH	7.2	Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before…
CVE-2025-5604	2025-06-04	HIGH	7.3	A vulnerability was found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user-login.php. The manipulation…
CVE-2025-5600	2025-06-04	CRITICAL	9.8	A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the…
CVE-2025-5599	2025-06-04	HIGH	7.3	A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument…
CVE-2025-2336	2025-06-04	MEDIUM	4.8	Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead…
CVE-2025-29094	2025-06-04	MEDIUM	6.1	Cross Site Scripting vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Marketing/Forms, Marketing/Offers and Content/Pages components.
CVE-2025-27811	2025-06-04	HIGH	7.8	A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the…
CVE-2025-23100	2025-06-03	HIGH	7.5	An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. The absence of a NULL check leads to a Denial of Service.
CVE-2025-23098	2025-06-03	HIGH	7.8	An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
CVE-2025-23097	2025-06-03	CRITICAL	9.1	An issue was discovered in Samsung Mobile Processor Exynos 1380. The lack of a length check leads to out-of-bounds writes.
CVE-2024-4419	2024-05-29	MEDIUM	4.4	The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization…
CVE-2025-1557	2025-02-22	MEDIUM	4.3	A vulnerability, which was classified as problematic, was found in OFCMS 1.1.3. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to…
CVE-2024-12348	2024-12-09	LOW	3.5	A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component…
CVE-2025-48880	2025-05-30	MEDIUM	6.6	FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, when an administrative account is a deleting a user, there is the the possibility…
CVE-2025-48936	2025-05-30	HIGH	8.1	Zitadel is open-source identity infrastructure software. Prior to versions 2.70.12, 2.71.10, and 3.2.2, a potential vulnerability exists in the password reset mechanism. ZITADEL utilizes the Forwarded or X-Forwarded-Host…
CVE-2025-4943	2025-05-30	MEDIUM	6.4	The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-lakit-element-link’ parameter in all versions up to, and including, 1.5.2 due…
CVE-2025-4431	2025-05-30	MEDIUM	4.3	The Featured Image Plus – Quick & Bulk Edit with Unsplash plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-5236	2025-05-30	MEDIUM	6.4	The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to…
CVE-2025-48334	2025-05-30	MEDIUM	6.5	Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider".
CVE-2025-48912	2025-05-30	MEDIUM	6.5	An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade…
CVE-2025-5142	2025-05-30	MEDIUM	6.5	The Simple Page Access Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.31. This is due to missing nonce…
CVE-2025-5235	2025-05-30	MEDIUM	6.4	The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization…
CVE-2025-5576	2025-06-04	HIGH	7.3	A vulnerability, which was classified as critical, has been found in PHPGurukul Dairy Farm Shop Management System 1.3. This issue affects some unknown processing of the file /bwdate-report-details.php.…
CVE-2025-5577	2025-06-04	HIGH	7.3	A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System 1.3. Affected is an unknown function of the file /profile.php. The manipulation…

« Anterior Página 1101 de 4308 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte