Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5579 2025-06-04 HIGH 7.3 A vulnerability was found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this issue is some unknown functionality of the file /search-product.php.…
CVE-2025-5578 2025-06-04 HIGH 7.3 A vulnerability has been found in PHPGurukul Dairy Farm Shop Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file…
CVE-2024-5407 2024-05-27 CRITICAL 10.0 A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell…
CVE-2025-5603 2025-06-04 HIGH 7.3 A vulnerability has been found in Campcodes Hospital Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /registration.php. The…
CVE-2025-5602 2025-06-04 HIGH 7.3 A vulnerability, which was classified as critical, was found in Campcodes Hospital Management System 1.0. Affected is an unknown function of the file /admin/registration.php. The manipulation of the…
CVE-2024-11000 2024-11-08 MEDIUM 4.7 A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the…
CVE-2024-10999 2024-11-08 MEDIUM 4.7 A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About…
CVE-2024-1103 2024-01-31 LOW 3.5 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file…
CVE-2025-21479 2025-06-03 HIGH 8.6 Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2025-5581 2025-06-04 HIGH 7.3 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation…
CVE-2025-5582 2025-06-04 MEDIUM 6.3 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The…
CVE-2025-5583 2025-06-04 HIGH 7.3 A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to…
CVE-2025-5580 2025-06-04 HIGH 7.3 A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation…
CVE-2024-33526 2024-05-21 HIGH 7.1 A Stored Cross-site Scripting (XSS) vulnerability in the "Import of user role and title of user role" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11…
CVE-2024-33527 2024-05-21 MEDIUM 5.4 A Stored Cross-site Scripting (XSS) vulnerability in the "Import of Users and login name of user" feature in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows…
CVE-2024-33528 2024-05-21 MEDIUM 4.7 A Stored Cross-site Scripting (XSS) vulnerability in ILIAS 7 before 7.30 and ILIAS 8 before 8.11 allows remote authenticated attackers with tutor privileges to inject arbitrary web script…
CVE-2024-33529 2024-05-21 HIGH 7.2 ILIAS 7 before 7.30 and ILIAS 8 before 8.11 as well as ILIAS 9.0 allow remote authenticated attackers with administrative privileges to execute operating system commands via file…
CVE-2024-48905 2025-05-01 CRITICAL 9.1 Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint.
CVE-2024-48906 2025-05-01 MEDIUM 6.1 Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name.
CVE-2024-48907 2025-05-01 HIGH 7.5 Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
CVE-2023-35712 2024-05-03 HIGH 7.8 Ashlar-Vellum Cobalt XE File Parsing Uninitialized Memory Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction…
CVE-2023-35710 2024-05-03 HIGH 7.8 Ashlar-Vellum Cobalt Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required…
CVE-2025-45800 2025-05-02 CRITICAL 9.8 TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a command execution vulnerability in the setDeviceName interface of the /lib/cste_modules/global.so library, specifically in the processing of the deviceMac parameter.
CVE-2025-44900 2025-05-06 MEDIUM 6.5 In Tenda RX3 V1.0br_V16.03.13.11 in the GetParentControlInfo function of the web url /goform/GetParentControlInfo, the manipulation of the parameter mac leads to stack overflow.
CVE-2025-44899 2025-05-06 CRITICAL 9.8 There is a stack overflow vulnerability in Tenda RX3 V1.0br_V16.03.13.11 In the fromSetWifiGusetBasic function of the web url /goform/ WifiGuestSet, the manipulation of the parameter shareSpeed leads to…
CVE-2024-36650 2024-06-11 HIGH 7.5 TOTOLINK AC1200 Wireless Dual Band Gigabit Router firmware A3100R V4.1.2cu.5247_B20211129, in the cgi function `setNoticeCfg` of the file `/lib/cste_modules/system.so`, the length of the user input string `NoticeUrl` is…
CVE-2025-21480 2025-06-03 HIGH 8.6 Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
CVE-2023-34302 2024-05-03 HIGH 7.8 Ashlar-Vellum Cobalt CO File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User…
CVE-2025-27038 2025-06-03 HIGH 7.5 Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
CVE-2024-32674 2024-05-08 MEDIUM 5.4 Heateor Social Login WordPress prior to 1.1.32 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of…
CVE-2024-27731 2024-08-15 MEDIUM 6.1 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the lack of file type filtering in the file attachment parameter.
CVE-2024-27730 2024-08-15 CRITICAL 9.8 Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information and execute arbitrary code via the cid parameter of the calendar event feature.
CVE-2024-27728 2024-08-15 MEDIUM 6.1 Cross Site Scripting vulnerability in Friendica v.2023.12 allows a remote attacker to obtain sensitive information via the text parameter of the babel debug feature.
CVE-2025-5688 2025-06-04 N/A 0.0 We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer…
CVE-2025-5596 2025-06-04 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component REGET Command Handler. The manipulation…
CVE-2025-5595 2025-06-04 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads…
CVE-2025-20279 2025-06-04 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to conduct a stored XSS attack on an affected system. To…
CVE-2025-20278 2025-06-04 MEDIUM 6.0 A vulnerability in the CLI of multiple Cisco Unified Communications products could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an…
CVE-2025-20277 2025-06-04 LOW 3.4 A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this…
CVE-2025-20276 2025-06-04 LOW 3.8 A vulnerability in the web-based management interface of Cisco Unified CCX could allow an authenticated, remote attacker to execute arbitrary code on an affected device. To exploit this…
CVE-2025-20275 2025-06-04 MEDIUM 5.3 A vulnerability in the file opening process of Cisco Unified Contact Center Express (Unified CCX) Editor could allow an unauthenticated attacker to execute arbitrary code on an affected…
CVE-2025-20273 2025-06-04 MEDIUM 6.1 A vulnerability in the web-based management interface of Cisco Unified Intelligent Contact Management Enterprise could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against…
CVE-2025-20261 2025-06-04 HIGH 8.8 A vulnerability in the SSH connection handling of Cisco Integrated Management Controller (IMC) for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers could allow an…
CVE-2025-20259 2025-06-04 MEDIUM 5.3 Multiple vulnerabilities in the update process of Cisco ThousandEyes Endpoint Agent for Windows could allow an authenticated, local attacker to delete arbitrary files on an affected device. These…
CVE-2025-20163 2025-06-04 HIGH 8.7 A vulnerability in the SSH implementation of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an unauthenticated, remote attacker to impersonate Cisco NDFC-managed devices. This vulnerability is due…
CVE-2025-20130 2025-06-04 MEDIUM 4.9 A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to…
CVE-2025-20129 2025-06-04 MEDIUM 4.3 A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive…
CVE-2024-46278 2024-10-07 HIGH 8.4 Teedy 1.11 is vulnerable to Cross Site Scripting (XSS) via the management console.
CVE-2023-32167 2024-05-03 MEDIUM 6.5 D-Link D-View uploadMib Directory Traversal Arbitrary File Creation or Deletion Vulnerability. This vulnerability allows remote attackers to create and delete arbitrary files on affected installations of D-Link D-View.…
CVE-2024-52711 2024-11-19 MEDIUM 5.7 DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter.
« Anterior Página 1102 de 4308 Siguiente »