Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-0358 2025-06-02 HIGH 8.8 During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged…
CVE-2025-0325 2025-06-02 MEDIUM 4.3 A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page…
CVE-2025-0324 2025-06-02 CRITICAL 9.4 The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
CVE-2025-5434 2025-06-02 HIGH 7.3 A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation…
CVE-2025-5433 2025-06-02 MEDIUM 6.3 A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of…
CVE-2025-4010 2025-06-02 N/A 0.0 The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to…
CVE-2025-1235 2025-06-02 MEDIUM 4.3 A low privileged attacker can set the date of the devices to the 19th of January 2038 an therefore exceed the 32-Bit time limit. This causes the date…
CVE-2025-5432 2025-06-02 MEDIUM 6.3 A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /view_tender.php. The manipulation of…
CVE-2025-5431 2025-06-02 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID…
CVE-2025-3951 2025-06-02 MEDIUM 4.1 The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL…
CVE-2025-1485 2025-06-02 MEDIUM 4.8 The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which…
CVE-2025-5430 2025-06-02 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in AssamLook CMS 1.0. This issue affects some unknown processing of the file /product.php. The manipulation of the…
CVE-2025-5429 2025-06-02 MEDIUM 6.3 A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of the file /admin-cp/plugin/install of the component Plugins Page. The…
CVE-2025-49112 2025-06-02 LOW 3.1 setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used.
CVE-2025-25179 2025-06-02 HIGH 7.8 Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
CVE-2025-5428 2025-06-02 MEDIUM 6.3 A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/log-viewer of the component Error Logs…
CVE-2025-5427 2025-06-02 MEDIUM 6.3 A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin-cp/permalinks…
CVE-2024-11857 2025-06-02 HIGH 7.8 Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file,…
CVE-2025-5426 2025-06-02 MEDIUM 6.3 A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus…
CVE-2025-5425 2025-06-02 MEDIUM 6.3 A vulnerability was found in juzaweb CMS up to 3.4.2. It has been classified as critical. Affected is an unknown function of the file /admin-cp/theme/editor/default of the component…
CVE-2025-5424 2025-06-02 MEDIUM 6.3 A vulnerability was found in juzaweb CMS up to 3.4.2 and classified as critical. This issue affects some unknown processing of the file /admin-cp/media of the component Media…
CVE-2025-20678 2025-06-02 HIGH 7.5 In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to…
CVE-2025-20675 2025-06-02 MEDIUM 5.5 In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed.…
CVE-2025-20674 2025-06-02 CRITICAL 9.8 In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with…
CVE-2025-20673 2025-06-02 MEDIUM 5.5 In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed.…
CVE-2025-20672 2025-06-02 CRITICAL 9.8 In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution…
CVE-2025-5423 2025-06-02 MEDIUM 6.3 A vulnerability has been found in juzaweb CMS up to 3.4.2 and classified as critical. This vulnerability affects unknown code of the file /admin-cp/setting/system/general of the component General…
CVE-2025-5422 2025-06-02 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in juzaweb CMS up to 3.4.2. This affects an unknown part of the file /admin-cp/logs/email of the component Email…
CVE-2025-5421 2025-06-02 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in juzaweb CMS up to 3.4.2. Affected by this issue is some unknown functionality of the file /admin-cp/plugin/editor…
CVE-2025-5420 2025-06-02 LOW 3.5 A vulnerability classified as problematic was found in juzaweb CMS up to 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/file-manager/upload of the component…
CVE-2025-5412 2025-06-02 LOW 3.5 A vulnerability classified as problematic has been found in Mist Community Edition up to 4.7.1. Affected is the function Login of the file src/mist/api/views.py of the component Authentication…
CVE-2025-5411 2025-06-01 LOW 3.5 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been rated as problematic. This issue affects the function tag_resources of the file src/mist/api/tag/views.py. The…
CVE-2025-5410 2025-06-01 MEDIUM 4.3 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been declared as problematic. This vulnerability affects the function session_start_response of the file src/mist/api/auth/middleware.py. The…
CVE-2025-5409 2025-06-01 HIGH 7.3 A vulnerability was found in Mist Community Edition up to 4.7.1. It has been classified as critical. This affects the function create_token of the file src/mist/api/auth/views.py of the…
CVE-2025-5408 2025-06-01 CRITICAL 9.8 A vulnerability was found in WAVLINK QUANTUM D2G, QUANTUM D3G, WL-WN530G3A, WL-WN530HG3, WL-WN532A3 and WL-WN576K1 up to V1410_240222 and classified as critical. Affected by this issue is the…
CVE-2025-5407 2025-06-01 LOW 2.4 A vulnerability has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register_script.php. The…
CVE-2025-5406 2025-06-01 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. Affected is an unknown function of the file /admin/posts.php?source=add_post. The manipulation of the…
CVE-2025-5405 2025-06-01 LOW 3.5 A vulnerability, which was classified as problematic, has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This issue affects some unknown processing of the file /post.php. The manipulation…
CVE-2025-5404 2025-06-01 MEDIUM 4.3 A vulnerability classified as problematic was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This vulnerability affects unknown code of the file /search.php of the component GET Parameter Handler.…
CVE-2025-5403 2025-06-01 MEDIUM 6.3 A vulnerability classified as critical has been found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. This affects an unknown part of the file /admin/view_all_posts.php of the component GET Parameter…
CVE-2025-5402 2025-06-01 HIGH 7.3 A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/includes/edit_post.php…
CVE-2025-40908 2025-06-01 CRITICAL 9.1 YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
CVE-2025-5401 2025-06-01 HIGH 7.3 A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php…
CVE-2025-33005 2025-06-01 MEDIUM 6.3 IBM Planning Analytics Local 2.0 and 2.1 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
CVE-2025-33004 2025-06-01 MEDIUM 6.5 IBM Planning Analytics Local 2.0 and 2.1 could allow a privileged user to delete files from directories due to improper pathname restriction.
CVE-2025-2896 2025-06-01 MEDIUM 4.8 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus…
CVE-2025-25044 2025-06-01 MEDIUM 5.4 IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus…
CVE-2025-1499 2025-06-01 MEDIUM 6.5 IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
CVE-2025-5400 2025-06-01 HIGH 7.3 A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component…
CVE-2025-5390 2025-05-31 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler.…
« Anterior Página 1120 de 4308 Siguiente »