Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48388 2025-05-29 N/A 0.0 FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to…
CVE-2025-5286 2025-05-29 MEDIUM 6.4 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient…
CVE-2025-5122 2025-05-29 MEDIUM 6.4 The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient…
CVE-2025-4687 2025-05-29 N/A 0.0 In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers…
CVE-2025-4670 2025-05-29 MEDIUM 6.4 The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions…
CVE-2025-27151 2025-05-29 MEDIUM 4.7 Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to…
CVE-2024-52588 2025-05-29 MEDIUM 4.9 Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in…
CVE-2025-5276 2025-05-29 HIGH 7.4 All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the…
CVE-2025-5273 2025-05-29 MEDIUM 6.5 All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once…
CVE-2025-4583 2025-05-29 MEDIUM 5.4 The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up…
CVE-2025-3755 2025-05-29 CRITICAL 9.1 Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information…
CVE-2025-5256 2025-05-28 MEDIUM 5.4 SummaryThis advisory addresses an Open Redirection vulnerability in Mautic's user unlocking endpoint. This vulnerability could be exploited by an attacker to redirect legitimate users to malicious websites, potentially…
CVE-2025-48749 2025-05-28 CRITICAL 9.1 Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.
CVE-2025-48747 2025-05-28 MEDIUM 5.0 Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.
CVE-2025-32803 2025-05-28 MEDIUM 4.0 In some cases, Kea log files or lease files may be world-readable. This issue affects Kea versions 2.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8.
CVE-2025-31501 2025-05-28 HIGH 7.2 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an RT permalink.
CVE-2025-31500 2025-05-28 HIGH 7.2 Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.
CVE-2025-30087 2025-05-28 HIGH 7.2 Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVE-2025-1461 2025-05-28 MEDIUM 5.6 Improper neutralization of the value of the 'eventMoreText' property of the 'VCalendar' component in Vuetify allows unsanitized HTML to be inserted into the page. This can lead to a …
CVE-2024-47057 2025-05-28 MEDIUM 5.3 SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User…
CVE-2024-47055 2025-05-28 MEDIUM 4.3 SummaryThis advisory addresses a security vulnerability in Mautic related to the segment cloning functionality. This vulnerability allows any authenticated user to clone segments without proper authorization checks. Insecure…
CVE-2025-5257 2025-05-28 MEDIUM 6.5 SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to…
CVE-2025-48931 2025-05-28 LOW 3.2 The TeleMessage service through 2025-05-05 relies on MD5 for password hashing, which opens up various attack possibilities (including rainbow tables) with low computational effort.
CVE-2025-48930 2025-05-28 LOW 2.8 The TeleMessage service through 2025-05-05 stores certain cleartext information in memory, even though memory content may be accessible to an adversary through various avenues, as exploited in the…
CVE-2025-48929 2025-05-28 MEDIUM 4.0 The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential (e.g., not a token with a short expiration time) that can be reused at a later date…
CVE-2025-48928 2025-05-28 MEDIUM 4.0 The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously…
CVE-2025-48927 2025-05-28 MEDIUM 5.3 The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
CVE-2025-48926 2025-05-28 MEDIUM 4.3 The admin panel in the TeleMessage service through 2025-05-05 allows attackers to discover usernames, e-mail addresses, passwords, and telephone numbers, as exploited in the wild in May 2025.
CVE-2025-48925 2025-05-28 MEDIUM 4.3 The TeleMessage service through 2025-05-05 relies on the client side (e.g., the TM SGNL app) to do MD5 hashing, and then accepts the hash as the authentication credential,…
CVE-2025-36572 2025-05-28 MEDIUM 6.5 Dell PowerStore, version(s) 4.0.0.0, contain(s) an Use of Hard-coded Credentials vulnerability in the PowerStore image file. A low privileged attacker with remote access, with the knowledge of the…
CVE-2025-32802 2025-05-28 MEDIUM 6.1 Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API…
CVE-2025-32801 2025-05-28 HIGH 7.8 Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave the API entry points unsecured by…
CVE-2024-47056 2025-05-28 MEDIUM 5.1 SummaryThis advisory addresses a security vulnerability in Mautic where sensitive .env configuration files may be directly accessible via a web browser. This exposure could lead to the disclosure of…
CVE-2024-51453 2025-05-28 MEDIUM 4.3 IBM Sterling Secure Proxy 6.2.0.0 through 6.2.0.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing…
CVE-2024-38341 2025-05-28 MEDIUM 5.9 IBM Sterling Secure Proxy 6.0.0.0 through 6.0.3.1, 6.1.0.0 through 6.1.0.0, and 6.2.0.0 through 6.2.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly…
CVE-2025-3357 2025-05-28 CRITICAL 9.8 IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 19 could allow a remote attacker to execute arbitrary code due to improper validation of an index value of a dynamically…
CVE-2025-3818 2025-04-19 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname…
CVE-2025-21204 2025-04-08 HIGH 7.8 Improper link resolution before file access ('link following') in Windows Update Stack allows an authorized attacker to elevate privileges locally.
CVE-2025-21224 2025-01-14 HIGH 8.1 Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
CVE-2023-5953 2023-12-04 HIGH 8.8 The Welcart e-Commerce WordPress plugin before 2.9.5 does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling…
CVE-2023-5137 2023-12-04 MEDIUM 4.8 The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to…
CVE-2023-42747 2023-12-04 HIGH 7.8 In camera service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-42736 2023-12-04 HIGH 7.8 In telecom service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed
CVE-2023-42726 2023-12-04 MEDIUM 4.4 In TeleService, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges…
CVE-2023-42716 2023-12-04 HIGH 7.5 In telephony service, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges needed
CVE-2023-40076 2023-12-04 MEDIUM 5.5 In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege…
CVE-2023-32863 2023-12-04 MEDIUM 6.7 In display drm, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution…
CVE-2023-21216 2023-12-04 CRITICAL 9.8 In PMRChangeSparseMemOSMem of physmem_osmem_linux.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel…
CVE-2023-32854 2023-12-04 MEDIUM 6.7 In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges…
CVE-2023-32843 2023-12-04 HIGH 7.5 In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with…
« Anterior Página 1137 de 4308 Siguiente »