Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-35036 2025-06-03 HIGH 7.3 Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could…
CVE-2025-5522 2025-06-03 HIGH 7.3 A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the…
CVE-2025-5521 2025-06-03 MEDIUM 4.3 A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /system/user/updataPassword. The manipulation…
CVE-2025-48998 2025-06-03 N/A 0.0 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and…
CVE-2025-48997 2025-06-03 N/A 0.0 Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a…
CVE-2025-48953 2025-06-03 MEDIUM 5.5 Umbraco is an ASP.NET content management system (CMS). Starting in version 14.0.0 and prior to versions 15.4.2 and 16.0.0, it's possible to upload a file that doesn't adhere…
CVE-2025-48950 2025-06-03 N/A 0.0 MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc.…
CVE-2025-23102 2025-06-03 HIGH 8.8 An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, and 1380. A Double Free in the mobile processor leads to…
CVE-2025-5520 2025-06-03 MEDIUM 5.3 A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to…
CVE-2025-5516 2025-06-03 LOW 2.4 A vulnerability, which was classified as problematic, was found in TOTOLINK X2000R 1.0.0-B20230726.1108. This affects an unknown part of the file /boafrm/formFilter of the component URL Filtering Page.…
CVE-2025-5515 2025-06-03 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in TOTOLINK X2000R 1.0.0-B20230726.1108. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel. The manipulation…
CVE-2025-5513 2025-06-03 LOW 3.5 A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The…
CVE-2025-30360 2025-06-03 MEDIUM 6.5 webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when you access…
CVE-2025-30359 2025-06-03 MEDIUM 5.3 webpack-dev-server allows users to use webpack with a development server that provides live reloading. Prior to version 5.2.1, webpack-dev-server users' source code may be stolen when they access…
CVE-2025-5512 2025-06-03 HIGH 7.3 A vulnerability, which was classified as critical, was found in quequnlong shiyi-blog up to 1.2.1. Affected is an unknown function of the file /api/sys/user/verifyPassword/ of the component Administrator…
CVE-2025-5511 2025-06-03 MEDIUM 5.3 A vulnerability, which was classified as critical, has been found in quequnlong shiyi-blog up to 1.2.1. This issue affects some unknown processing of the file /dev api/app/album/photos/. The…
CVE-2025-5510 2025-06-03 MEDIUM 6.3 A vulnerability classified as critical was found in quequnlong shiyi-blog up to 1.2.1. This vulnerability affects unknown code of the file /app/sys/article/optimize. The manipulation of the argument url…
CVE-2025-32106 2025-06-03 CRITICAL 9.8 In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.
CVE-2025-32105 2025-06-03 CRITICAL 9.8 A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.
CVE-2025-30167 2025-06-03 HIGH 7.3 Jupyter Core is a package for the core common functionality of Jupyter projects. When using Jupyter Core prior to version 5.8.0 on Windows, the shared `%PROGRAMDATA%` directory is…
CVE-2025-23107 2025-06-03 HIGH 8.6 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
CVE-2025-5509 2025-06-03 MEDIUM 6.3 A vulnerability classified as critical has been found in quequnlong shiyi-blog up to 1.2.1. This affects an unknown part of the file /api/file/upload. The manipulation of the argument…
CVE-2025-5508 2025-06-03 LOW 2.4 A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been rated as problematic. Affected by this issue is some unknown functionality of the component IP Port Filtering…
CVE-2025-5507 2025-06-03 LOW 2.4 A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component MAC Filtering Page.…
CVE-2025-45854 2025-06-03 CRITICAL 10.0 /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVE-2025-44148 2025-06-03 CRITICAL 9.8 Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
CVE-2025-25022 2025-06-03 CRITICAL 9.6 IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive…
CVE-2025-25021 2025-06-03 HIGH 7.2 IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due…
CVE-2025-25020 2025-06-03 MEDIUM 6.5 IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due…
CVE-2025-25019 2025-06-03 MEDIUM 4.8 IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user…
CVE-2025-23103 2025-06-03 HIGH 8.6 An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
CVE-2025-1334 2025-06-03 MEDIUM 4.0 IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by…
CVE-2025-5506 2025-06-03 LOW 2.4 A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011. It has been classified as problematic. Affected is an unknown function of the component NAT Mapping Page. The manipulation of…
CVE-2025-5505 2025-06-03 LOW 2.4 A vulnerability was found in TOTOLINK A3002RU 2.1.1-B20230720.1011 and classified as problematic. This issue affects some unknown processing of the file /boafrm/formPortFw of the component Virtual Server Page.…
CVE-2025-5504 2025-06-03 MEDIUM 6.3 A vulnerability has been found in TOTOLINK X2000R 1.0.0-B20230726.1108 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWsc. The manipulation of the argument peerRptPin…
CVE-2025-5503 2025-06-03 HIGH 8.8 A vulnerability, which was classified as critical, was found in TOTOLINK X15 1.0.0-B20230714.1105. This affects the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr…
CVE-2025-43925 2025-06-03 MEDIUM 4.6 An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
CVE-2025-36564 2025-06-03 HIGH 7.8 Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability. A local malicious user could potentially exploit this vulnerability, leading to privilege escalation.
CVE-2024-45655 2025-06-03 MEDIUM 5.5 IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment.
CVE-2025-5502 2025-06-03 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation…
CVE-2025-5501 2025-06-03 MEDIUM 5.3 A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP…
CVE-2025-5499 2025-06-03 HIGH 7.3 A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument…
CVE-2025-5498 2025-06-03 MEDIUM 5.5 A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the…
CVE-2025-46154 2025-06-03 HIGH 8.4 Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.
CVE-2025-45855 2025-06-03 MEDIUM 5.4 An arbitrary file upload vulnerability in the component /upload/GoodsCategory/image of erupt v1.12.19 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-5497 2025-06-03 MEDIUM 6.3 A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component…
CVE-2025-5495 2025-06-03 HIGH 7.3 A vulnerability was found in Netgear WNR614 1.1.0.28_1.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the…
CVE-2025-4517 2025-06-03 CRITICAL 9.4 Allows arbitrary filesystem writes outside the extraction directory during extraction with filter="data". You are affected by this vulnerability if using the tarfile module to extract untrusted tar archives using…
CVE-2025-4435 2025-06-03 HIGH 7.5 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior…
CVE-2025-4330 2025-06-03 HIGH 7.5 Allows the extraction filter to be ignored, allowing symlink targets to point outside the destination directory, and the modification of some file metadata. You are affected by this…
« Anterior Página 1107 de 4308 Siguiente »