Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-5324 2025-05-29 LOW 3.3 A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the library GPU-Z.sys of the component 0x8000645C IOCTL Handler.…
CVE-2025-48336 2025-05-29 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6.
CVE-2025-46701 2025-05-29 HIGH 7.3 Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply to the pathInfo component of a URI mapped…
CVE-2025-32752 2025-05-29 MEDIUM 4.9 Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access could potentially exploit this vulnerability, leading to Information…
CVE-2025-5323 2025-05-29 LOW 3.7 A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail…
CVE-2025-46823 2025-05-29 N/A 0.0 openmrs-module-fhir2 provides the FHIR REST API and related services for OpenMRS, an open medical records system. In versions of the FHIR2 module prior to 2.5.0, privileges were not…
CVE-2025-29632 2025-05-29 MEDIUM 5.4 Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components
CVE-2025-48475 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the System does not provide a check on which "clients" of the System an…
CVE-2025-46722 2025-05-29 MEDIUM 4.2 vLLM is an inference and serving engine for large language models (LLMs). In versions starting from 0.7.0 to before 0.9.0, in the file vllm/multimodal/hasher.py, the MultiModalHasher class has…
CVE-2025-46570 2025-05-29 LOW 2.6 vLLM is an inference and serving engine for large language models (LLMs). Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a…
CVE-2024-51392 2025-05-29 HIGH 8.8 An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
CVE-2025-48474 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with show_only_assigned_conversations enabled can…
CVE-2025-48473 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, when creating a conversation from a message in another conversation, there is no check…
CVE-2025-48472 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the…
CVE-2025-48471 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, the application does not check or performs insufficient checking of files uploaded to the…
CVE-2025-48390 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to code injection due to insufficient validation of user input in…
CVE-2025-48389 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, FreeScout is vulnerable to deserialization of untrusted data due to insufficient validation. Through the…
CVE-2025-45474 2025-05-29 HIGH 7.3 maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
CVE-2025-3913 2025-05-29 MEDIUM 5.3 Mattermost versions 10.7.x
CVE-2025-5334 2025-05-29 HIGH 7.5 Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager allows an authenticated user to gain unauthorized access to…
CVE-2025-4081 2025-05-29 N/A 0.0 Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can…
CVE-2025-48748 2025-05-29 CRITICAL 10.0 Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
CVE-2024-22654 2025-05-29 HIGH 7.5 tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.
CVE-2024-22653 2025-05-29 MEDIUM 4.8 yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
CVE-2023-45929 2024-03-27 CRITICAL 9.1 S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().
CVE-2025-46688 2025-04-27 MEDIUM 5.6 quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.
CVE-2023-27113 2025-01-21 CRITICAL 9.8 pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.
CVE-2023-27112 2025-01-21 CRITICAL 9.8 pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.
CVE-2023-43850 2024-05-28 MEDIUM 6.5 Improper input validation in the user management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to cause a partial DoS of web…
CVE-2023-43848 2024-05-28 HIGH 8.0 Incorrect access control in the firewall management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to alter local firewall settings of the…
CVE-2023-43847 2024-05-28 MEDIUM 5.3 Incorrect access control in the outlet control function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to control all the outlets as if…
CVE-2023-43846 2024-05-28 MEDIUM 5.3 Incorrect access control in logs management function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote attackers to get the device logs via HTTP GET request.…
CVE-2023-43845 2024-05-28 CRITICAL 9.8 Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed,…
CVE-2023-43844 2024-05-28 HIGH 8.0 Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not…
CVE-2023-43849 2024-05-28 MEDIUM 6.5 Incorrect access control in firmware upgrade function of web interface in Aten PE6208 2.3.228 and 2.4.232 allows remote authenticated users to submit a firmware image via HTTP POST…
CVE-2025-44084 2025-05-20 CRITICAL 9.8 D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest…
CVE-2024-28061 2024-05-28 MEDIUM 6.3 An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file.
CVE-2024-28060 2024-05-28 HIGH 7.3 An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed.
CVE-2024-25676 2024-05-01 MEDIUM 4.7 An issue was discovered in ViewerJS 0.5.8. A script from the component loads content via URL TAGs without properly sanitizing it. This leads to both open redirection and…
CVE-2024-24720 2024-02-27 MEDIUM 5.3 An issue was discovered in the Forgot password function in Innovaphone PBX before 14r1 devices. It provides information about whether a user exists on a system.
CVE-2024-24721 2024-02-27 MEDIUM 6.5 An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able…
CVE-2023-50872 2024-04-16 HIGH 7.5 The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com…
CVE-2023-48644 2024-03-05 MEDIUM 6.1 An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the…
CVE-2023-51711 2024-01-24 HIGH 7.8 An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product…
CVE-2023-41103 2023-09-11 MEDIUM 5.4 Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.
CVE-2023-29505 2023-08-04 MEDIUM 4.3 An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.
CVE-2023-35792 2023-07-31 MEDIUM 5.4 Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).
CVE-2023-35791 2023-07-31 MEDIUM 6.1 Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.
CVE-2023-31223 2023-04-25 HIGH 8.7 Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.
CVE-2023-28151 2023-03-24 MEDIUM 5.3 An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.
« Anterior Página 1127 de 4308 Siguiente »