Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5389 2025-05-31 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of…
CVE-2025-5388 2025-05-31 MEDIUM 6.3 A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to…
CVE-2025-5387 2025-05-31 MEDIUM 6.3 A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The…
CVE-2025-5386 2025-05-31 MEDIUM 6.3 A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads…
CVE-2025-5385 2025-05-31 MEDIUM 6.3 A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads…
CVE-2025-5384 2025-05-31 MEDIUM 6.3 A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to…
CVE-2025-5383 2025-05-31 LOW 2.4 A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module.…
CVE-2025-5381 2025-05-31 LOW 2.7 A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin…
CVE-2025-5380 2025-05-31 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in ashinigit 天青一白 XueShengZhuSu 学生住宿管理系统 up to 4d3f0ada0e71482c1e51fd5f5615e5a3d8bcbfbb. This issue affects some unknown processing of the file /upload/…
CVE-2025-5379 2025-05-31 MEDIUM 4.3 A vulnerability classified as critical was found in NuCom NC-WR744G 8.5.5 Build 20200530.307. This vulnerability affects unknown code of the component Console Application. The manipulation of the argument…
CVE-2025-5378 2025-05-31 MEDIUM 4.3 A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument…
CVE-2025-5377 2025-05-31 MEDIUM 4.3 A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp.…
CVE-2025-5376 2025-05-31 HIGH 7.3 A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of…
CVE-2025-4857 2025-05-31 HIGH 7.2 The Newsletters plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.9.9.9 via the 'file' parameter. This makes it possible for…
CVE-2025-4691 2025-05-31 MEDIUM 5.3 The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to,…
CVE-2025-5290 2025-05-31 MEDIUM 6.4 The Borderless – Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.7.1…
CVE-2025-3813 2025-05-31 MEDIUM 6.4 The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_elementor_data’ parameter in all versions up to, and including, 1.7.1020 due…
CVE-2025-5292 2025-05-31 MEDIUM 6.4 The Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via…
CVE-2025-5285 2025-05-31 MEDIUM 6.4 The Product Subtitle for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmlTag’ parameter in all versions up to, and including, 1.3.9 due to…
CVE-2025-4672 2025-05-31 HIGH 8.8 The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. This makes…
CVE-2025-4631 2025-05-31 CRITICAL 9.8 The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. This makes it…
CVE-2025-4607 2025-05-31 CRITICAL 9.8 The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. This is…
CVE-2025-4595 2025-05-31 MEDIUM 6.4 The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fastspring/block-fastspringblocks-complete-product-catalog' block in all versions up to, and including, 3.0.1 due to insufficient input…
CVE-2025-4590 2025-05-31 MEDIUM 6.4 The Daisycon prijsvergelijkers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'daisycon_uitvaart' shortcode in all versions up to, and including, 4.8.4 due to insufficient…
CVE-2025-4103 2025-05-31 HIGH 8.8 The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. This makes it…
CVE-2025-5370 2025-05-31 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the…
CVE-2025-5369 2025-05-31 HIGH 7.3 A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of…
CVE-2025-5016 2025-05-31 MEDIUM 4.7 The Relevanssi – A Better Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Excerpt Highlights in all versions up to, and including, 4.24.5 (Free)…
CVE-2018-25111 2025-05-31 MEDIUM 5.1 django-helpdesk before 1.0.0 allows Sensitive Data Exposure because of os.umask(0) in models.py.
CVE-2025-48949 2025-05-30 N/A 0.0 Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within…
CVE-2025-48948 2025-05-30 N/A 0.0 Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization…
CVE-2025-48946 2025-05-30 LOW 3.7 liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. liboqs prior to version 0.13.0 supports the HQC algorithm, an algorithm with a theoretical design…
CVE-2025-48882 2025-05-30 N/A 0.0 PHPOffice Math is a library that provides a set of classes to manipulate different formula file formats. Prior to version 0.3.0, loading XML data using the standard `libxml`…
CVE-2025-2503 2025-05-30 HIGH 7.1 An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user.
CVE-2025-2502 2025-05-30 HIGH 7.8 An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-2501 2025-05-30 HIGH 7.8 An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
CVE-2025-1479 2025-05-30 MEDIUM 5.3 An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
CVE-2025-5359 2025-05-30 HIGH 7.3 A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. This affects an unknown part of the file /appointment-history.php. The manipulation of the…
CVE-2025-48944 2025-05-30 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). In version 0.8.0 up to but excluding 0.9.0, the vLLM backend used with the /v1/chat/completions OpenAPI…
CVE-2025-48943 2025-05-30 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). Version 0.8.0 up to but excluding 0.9.0 have a Denial of Service (ReDoS) that causes the…
CVE-2025-48942 2025-05-30 MEDIUM 6.5 vLLM is an inference and serving engine for large language models (LLMs). In versions 0.8.0 up to but excluding 0.9.0, hitting the /v1/completions API with a invalid json_schema…
CVE-2025-48938 2025-05-30 N/A 0.0 go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled…
CVE-2025-48885 2025-05-30 N/A 0.0 application-urlshortener create shortened URLs for XWiki pages. Versions prior to 1.2.4 are vulnerable to users with view access being able to create arbitrary pages. Any user (even guests)…
CVE-2025-48883 2025-05-30 N/A 0.0 Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead…
CVE-2025-5358 2025-05-30 HIGH 7.3 A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-5357 2025-05-30 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component PWD Command…
CVE-2025-5054 2025-05-30 MEDIUM 4.7 Race condition in Canonical apport up to and including 2.32.0 allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces. When handling a crash, the…
CVE-2025-48887 2025-05-30 MEDIUM 6.5 vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up…
CVE-2023-26226 2025-05-30 N/A 0.0 A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682
CVE-2025-5356 2025-05-30 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command Handler. The manipulation…
« Anterior Página 1121 de 4308 Siguiente »