Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48940 2025-06-02 HIGH 7.2 MyBB is free and open source forum software. Prior to version 1.8.39, the upgrade component does not validate user input properly, which allows attackers to perform local file…
CVE-2025-48866 2025-06-02 HIGH 7.5 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Versions prior to 2.9.10 contain a denial of service vulnerability similar…
CVE-2024-57459 2025-06-02 HIGH 7.3 A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject…
CVE-2025-37096 2025-06-02 N/A 0.0 A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37095 2025-06-02 N/A 0.0 A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
CVE-2025-20001 2025-06-02 MEDIUM 6.5 An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker…
CVE-2024-54028 2025-06-02 HIGH 8.4 An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker…
CVE-2024-52035 2025-06-02 HIGH 8.4 An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption.…
CVE-2024-48877 2025-06-02 HIGH 8.4 A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap…
CVE-2025-5447 2025-06-02 MEDIUM 6.3 A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the…
CVE-2025-37094 2025-06-02 MEDIUM 5.5 A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
CVE-2025-37093 2025-06-02 CRITICAL 9.8 An authentication bypass vulnerability exists in HPE StoreOnce Software.
CVE-2025-37092 2025-06-02 N/A 0.0 A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37091 2025-06-02 HIGH 7.2 A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2025-37090 2025-06-02 N/A 0.0 A server-side request forgery vulnerability exists in HPE StoreOnce Software.
CVE-2025-37089 2025-06-02 N/A 0.0 A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
CVE-2024-57783 2025-06-02 HIGH 8.1 The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js),…
CVE-2025-5446 2025-06-02 MEDIUM 6.3 A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. This affects the function RP_checkCredentialsByBBS of the file…
CVE-2025-5445 2025-06-02 MEDIUM 6.3 A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this issue is the function RP_checkFWByBBS of the…
CVE-2025-46806 2025-06-02 N/A 0.0 A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4.
CVE-2025-26396 2025-06-02 HIGH 7.8 The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege…
CVE-2024-12168 2025-06-02 N/A 0.0 Yandex Telemost for Desktop before 2.7.0 has a DLL Hijacking Vulnerability because an untrusted search path is used.
CVE-2025-5444 2025-06-02 MEDIUM 6.3 A vulnerability has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001 and classified as critical. Affected by this vulnerability is the function RP_UpgradeFWByBBS of…
CVE-2025-5443 2025-06-02 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function wirelessAdvancedHidden of the file /goform/wirelessAdvancedHidden.…
CVE-2025-48990 2025-06-02 N/A 0.0 NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len`…
CVE-2025-48958 2025-06-02 MEDIUM 5.5 Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads…
CVE-2025-48957 2025-06-02 HIGH 7.5 AstrBot is a large language model chatbot and development framework. A path traversal vulnerability present in versions 3.4.4 through 3.5.12 may lead to information disclosure, such as API…
CVE-2025-48955 2025-06-02 MEDIUM 6.2 Para is a multitenant backend server/framework for object persistence and retrieval. A vulnerability that exists in versions prior to 1.50.8 exposes both access and secret keys in logs…
CVE-2025-48495 2025-06-02 N/A 0.0 Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS…
CVE-2025-46807 2025-06-02 N/A 0.0 A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects…
CVE-2025-5442 2025-06-02 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function RP_pingGatewayByBBS of the…
CVE-2025-5441 2025-06-02 MEDIUM 6.3 A vulnerability classified as critical was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function setDeviceURL of the file /goform/setDeviceURL. The…
CVE-2025-48494 2025-06-02 N/A 0.0 Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a…
CVE-2025-47289 2025-06-02 MEDIUM 6.3 CE Phoenix is a free, open-source eCommerce platform. A stored cross-site scripting (XSS) vulnerability was discovered in CE Phoenix versions 1.0.9.9 through 1.1.0.2 where an attacker can inject…
CVE-2025-47272 2025-06-02 MEDIUM 5.5 The CE Phoenix eCommerce platform, starting in version 1.0.9.7 and prior to version 1.1.0.3, allowed logged-in users to delete their accounts without requiring password re-authentication. An attacker with…
CVE-2025-3454 2025-06-02 MEDIUM 5.0 This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could…
CVE-2025-29785 2025-06-02 HIGH 7.5 quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used…
CVE-2025-1246 2025-06-02 HIGH 7.8 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Arm Ltd Bifrost GPU Userspace Driver, Arm Ltd Valhall GPU Userspace Driver, Arm Ltd Arm…
CVE-2025-0819 2025-06-02 HIGH 7.8 Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a…
CVE-2025-0073 2025-06-02 HIGH 7.8 Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform…
CVE-2025-5440 2025-06-02 MEDIUM 6.3 A vulnerability classified as critical has been found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function NTP of the file /goform/NTP. The…
CVE-2025-5439 2025-06-02 MEDIUM 6.3 A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike…
CVE-2025-3260 2025-06-02 HIGH 8.3 A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers…
CVE-2025-1750 2025-06-02 CRITICAL 9.8 An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to…
CVE-2025-5455 2025-06-02 N/A 0.0 An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was…
CVE-2025-5438 2025-06-02 MEDIUM 6.3 A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS…
CVE-2025-5437 2025-06-02 MEDIUM 5.3 A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler.…
CVE-2025-5436 2025-06-02 MEDIUM 5.3 A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads…
CVE-2025-5435 2025-06-02 HIGH 7.3 A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the…
CVE-2025-5113 2025-06-02 N/A 0.0 The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.
« Anterior Página 1119 de 4308 Siguiente »