Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48054 2025-05-27 N/A 0.0 Radashi is a TypeScript utility toolkit. Prior to version 12.5.1, the set function within the Radashi library is vulnerable to prototype pollution. If an attacker can control parts…
CVE-2025-5230 2025-05-27 HIGH 7.3 A vulnerability classified as critical has been found in PHPGurukul Online Nurse Hiring System 1.0. This affects an unknown part of the file /admin/bwdates-report-details.php. The manipulation of the…
CVE-2025-5228 2025-05-27 HIGH 8.8 A vulnerability was found in D-Link DI-8100 up to 20250523. It has been classified as critical. Affected is the function httpd_get_parm of the file /login.cgi of the component…
CVE-2025-5227 2025-05-27 HIGH 7.3 A vulnerability was found in PHPGurukul Small CRM 3.0 and classified as critical. This issue affects some unknown processing of the file /admin/manage-tickets.php. The manipulation of the argument…
CVE-2025-48828 2025-05-27 CRITICAL 9.0 Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. By crafting template code in an alternative PHP function…
CVE-2025-48827 2025-05-27 CRITICAL 10.0 vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the…
CVE-2025-26211 2025-05-27 LOW 3.7 Gibbon before 29.0.00 allows CSRF.
CVE-2025-5226 2025-05-27 HIGH 7.3 A vulnerability has been found in PHPGurukul Small CRM 3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/change-password.php. The manipulation of the argument…
CVE-2025-5221 2025-05-27 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0.0. It has been classified as critical. This affects an unknown part of the component QUOTE Command Handler. The manipulation…
CVE-2025-4683 2025-05-27 MEDIUM 4.3 The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability…
CVE-2025-4682 2025-05-27 MEDIUM 6.4 The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML attributes in Slider and Post Carousel…
CVE-2025-48744 2025-05-27 MEDIUM 6.4 In SIGB PMB before 8.0.1.2, attackers can achieve Local File Inclusion and remote code execution.
CVE-2025-48743 2025-05-27 MEDIUM 5.3 SIGB PMB before 8.0.1.2 allows SQL injection.
CVE-2025-5220 2025-05-27 HIGH 7.3 A vulnerability was found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the component GET Command Handler. The…
CVE-2025-33079 2025-05-27 MEDIUM 6.5 IBM Controller 11.0.0, 11.0.1, and 11.1.0 application could allow an authenticated user to obtain sensitive credentials that may be inadvertently included within the source code.
CVE-2025-5219 2025-05-27 HIGH 7.3 A vulnerability has been found in FreeFloat FTP Server 1.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component ASCII Command Handler.…
CVE-2025-5218 2025-05-27 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0.0. Affected is an unknown function of the component LITERAL Command Handler. The manipulation leads…
CVE-2025-5217 2025-05-27 HIGH 7.3 A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0.0. This issue affects some unknown processing of the component RMDIR Command Handler. The…
CVE-2025-5216 2025-05-27 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Student Record System 3.20. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument ID…
CVE-2025-5214 2025-05-27 HIGH 7.3 A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-5213 2025-05-27 HIGH 7.3 A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php.…
CVE-2025-4783 2025-05-27 MEDIUM 6.4 The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of the Countdown Timer Widget in all versions up to,…
CVE-2025-5212 2025-05-26 HIGH 7.3 A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been classified as critical. Affected is an unknown function of the file /admin/editempexp.php. The manipulation…
CVE-2025-5211 2025-05-26 HIGH 7.3 A vulnerability was found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This issue affects some unknown processing of the file /myprofile.php. The manipulation of…
CVE-2025-5210 2025-05-26 HIGH 7.3 A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /loginerms.php. The manipulation of…
CVE-2025-5208 2025-05-26 HIGH 7.3 A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of…
CVE-2025-5207 2025-05-26 MEDIUM 4.7 A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file…
CVE-2025-5206 2025-05-26 MEDIUM 4.7 A vulnerability classified as critical was found in Pixelimity 1.0. Affected by this vulnerability is an unknown functionality of the file /install/index.php of the component Installation. The manipulation…
CVE-2025-46802 2025-05-26 MEDIUM 6.0 For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.
CVE-2025-23395 2025-05-26 HIGH 7.8 Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. This allows unprivileged users to create files in arbitrary…
CVE-2025-23394 2025-05-26 CRITICAL 9.8 A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.
CVE-2025-23392 2025-05-26 MEDIUM 5.2 A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in spacewalk-java allows execution of arbitrary Javascript code on target systems.This issue affects Container…
CVE-2025-46803 2025-05-26 MEDIUM 5.0 The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system.
CVE-2025-46805 2025-05-26 MEDIUM 5.5 Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root.
CVE-2025-46804 2025-05-26 LOW 3.3 A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older…
CVE-2025-39498 2025-05-26 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds…
CVE-2025-5185 2025-05-26 MEDIUM 4.3 A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2025-40667 2025-05-26 N/A 0.0 Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user…
CVE-2025-40666 2025-05-26 N/A 0.0 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx.
CVE-2025-40665 2025-05-26 N/A 0.0 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx.
CVE-2025-40664 2025-05-26 N/A 0.0 Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.
CVE-2025-40663 2025-05-26 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in…
CVE-2025-40653 2025-05-26 N/A 0.0 User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a…
CVE-2025-40652 2025-05-26 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server.…
CVE-2025-40650 2025-05-26 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
CVE-2025-4057 2025-05-26 MEDIUM 5.5 A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
CVE-2025-4053 2025-05-26 N/A 0.0 The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all…
CVE-2025-40672 2025-05-26 N/A 0.0 A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be…
CVE-2025-40671 2025-05-26 N/A 0.0 SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.
CVE-2025-35003 2025-05-26 CRITICAL 9.8 Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components)…
« Anterior Página 1150 de 4308 Siguiente »