Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4984 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser…
CVE-2025-4983 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser…
CVE-2025-3611 2025-05-30 LOW 3.1 Mattermost versions 10.7.x
CVE-2025-3230 2025-05-30 MEDIUM 5.4 Mattermost versions 10.7.x
CVE-2025-2571 2025-05-30 MEDIUM 4.2 Mattermost versions 10.7.x
CVE-2025-1792 2025-05-30 LOW 3.1 Mattermost versions 10.7.x
CVE-2025-0602 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code…
CVE-2024-7096 2025-05-30 MEDIUM 4.2 A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services. A malicious actor can create a new user…
CVE-2025-4598 2025-05-30 MEDIUM 4.7 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the…
CVE-2025-48331 2025-05-30 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This issue affects WooCommerce Orders & Customers Exporter: from…
CVE-2025-4433 2025-05-30 HIGH 8.8 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to perform…
CVE-2025-2500 2025-05-30 HIGH 7.4 A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker could gain unauthorized access to the product and…
CVE-2025-1484 2025-05-30 MEDIUM 6.5 A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker could impact the confidentiality or integrity of the…
CVE-2025-5190 2025-05-30 HIGH 8.8 The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is due to incorrect authentication checking in the 'IS_BA_Browse_As::notice'…
CVE-2025-4944 2025-05-30 MEDIUM 6.4 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare and Google Maps widgets in all versions up…
CVE-2025-4597 2025-05-30 MEDIUM 6.5 The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on…
CVE-2025-1763 2025-05-30 HIGH 8.7 An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a user's browser under specific conditions, affecting all versions…
CVE-2025-4636 2025-05-30 HIGH 7.8 Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to…
CVE-2025-4635 2025-05-30 MEDIUM 6.6 A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain remote code execution on the local device as…
CVE-2025-4634 2025-05-30 MEDIUM 4.1 The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web portal would be able to manipulate requests to…
CVE-2025-4633 2025-05-30 MEDIUM 6.5 Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via the web portal
CVE-2025-5259 2025-05-30 MEDIUM 6.4 The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient…
CVE-2025-4659 2025-05-30 MEDIUM 5.3 The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and…
CVE-2025-4429 2025-05-30 MEDIUM 6.1 The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting…
CVE-2025-48889 2025-05-30 MEDIUM 5.3 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Prior to version…
CVE-2025-48490 2025-05-30 N/A 0.0 Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently…
CVE-2025-41235 2025-05-30 HIGH 8.6 Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
CVE-2025-48491 2025-05-30 N/A 0.0 Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was present in the source code. This issue has…
CVE-2025-48381 2025-05-30 N/A 0.0 Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from 2.4.0 to before 2.38.0, an authenticated CVAT user…
CVE-2025-48068 2025-05-30 N/A 0.0 Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 15.2.2, Next.js may have allowed limited source code exposure when the…
CVE-2025-47952 2025-05-30 N/A 0.0 Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a potential vulnerability in Traefik managing the requests using…
CVE-2025-48757 2025-05-30 CRITICAL 9.3 An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.
CVE-2024-12224 2025-05-30 N/A 0.0 Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system…
CVE-2025-46352 2025-05-30 CRITICAL 9.8 The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for…
CVE-2025-41438 2025-05-30 CRITICAL 9.8 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the…
CVE-2025-1907 2025-05-30 CRITICAL 9.8 Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
CVE-2025-5331 2025-05-29 HIGH 7.3 A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads…
CVE-2025-5330 2025-05-29 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads…
CVE-2025-5307 2025-05-29 HIGH 7.8 Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected…
CVE-2025-5328 2025-05-29 MEDIUM 5.4 A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the…
CVE-2025-5327 2025-05-29 MEDIUM 6.3 A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument…
CVE-2025-5326 2025-05-29 MEDIUM 6.3 A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-5325 2025-05-29 MEDIUM 6.3 A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-4967 2025-05-29 CRITICAL 9.1 Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.
CVE-2025-47933 2025-05-29 CRITICAL 9.0 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the…
CVE-2025-47288 2025-05-29 LOW 3.5 Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic…
CVE-2025-3050 2025-05-29 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of…
CVE-2025-2518 2025-05-29 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server…
CVE-2024-54952 2025-05-29 HIGH 7.5 MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending specially crafted packets, triggering a null pointer dereference.…
CVE-2024-49350 2025-05-29 MEDIUM 6.5 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service…
« Anterior Página 1126 de 4308 Siguiente »