Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-46804 2025-05-26 LOW 3.3 A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older…
CVE-2025-39498 2025-05-26 MEDIUM 5.3 Insertion of Sensitive Information Into Sent Data vulnerability in Spotlight Spotlight - Social Media Feeds (Premium) allows Retrieve Embedded Sensitive Data.This issue affects Spotlight - Social Media Feeds…
CVE-2025-5185 2025-05-26 MEDIUM 4.3 A vulnerability was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown…
CVE-2025-40667 2025-05-26 N/A 0.0 Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user…
CVE-2025-40666 2025-05-26 N/A 0.0 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx.
CVE-2025-40665 2025-05-26 N/A 0.0 Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx.
CVE-2025-40664 2025-05-26 N/A 0.0 Missing authentication vulnerability in TCMAN GIM v11. This allows an unauthenticated attacker to access the resources /frmGestionUser.aspx/GetData, /frmGestionUser.aspx/updateUser and /frmGestionUser.aspx/DeleteUser.
CVE-2025-40663 2025-05-26 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in…
CVE-2025-40653 2025-05-26 N/A 0.0 User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a…
CVE-2025-40652 2025-05-26 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in the CoverManager booking software. This allows an attacker to inject malicious scripts into the application, which are permanently stored on the server.…
CVE-2025-40650 2025-05-26 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
CVE-2025-4057 2025-05-26 MEDIUM 5.5 A flaw was found in ActiveMQ Artemis. The password generated by activemq-artemis-operator does not regenerate between separated CR dependencies.
CVE-2025-4053 2025-05-26 N/A 0.0 The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all…
CVE-2025-40672 2025-05-26 N/A 0.0 A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be…
CVE-2025-40671 2025-05-26 N/A 0.0 SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.
CVE-2025-35003 2025-05-26 CRITICAL 9.8 Improper Restriction of Operations within the Bounds of a Memory Buffer and Stack-based Buffer Overflow vulnerabilities were discovered in Apache NuttX RTOS Bluetooth Stack (HCI and UART components)…
CVE-2025-41655 2025-05-26 HIGH 7.5 An unauthenticated remote attacker can access a URL which causes the device to reboot.
CVE-2025-41654 2025-05-26 HIGH 8.2 An unauthenticated remote attacker can access information about running processes via the SNMP protocol. The amount of returned data can trigger a reboot by the watchdog.
CVE-2025-1985 2025-05-26 MEDIUM 6.1 Due to improper neutralization of input during web page generation (XSS) an unauthenticated remote attacker can inject HTML code into the Web-UI in the affected device.
CVE-2025-5148 2025-05-25 MEDIUM 5.3 A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component…
CVE-2025-5145 2025-05-25 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part…
CVE-2025-5140 2025-05-25 MEDIUM 6.3 A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class.…
CVE-2025-5139 2025-05-25 HIGH 7.3 A vulnerability was found in Qualitor 8.20. It has been rated as critical. Affected by this issue is some unknown functionality of the file /html/ad/adconexaooffice365/request/testaConexaoOffice365.php. The manipulation of…
CVE-2025-5138 2025-05-25 LOW 3.5 A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File…
CVE-2025-4223 2025-05-24 MEDIUM 4.7 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘login_url’ parameter in all versions up to,…
CVE-2025-5058 2025-05-24 CRITICAL 9.8 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions…
CVE-2025-4603 2025-05-24 CRITICAL 9.1 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions…
CVE-2025-4602 2025-05-24 MEDIUM 5.9 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This…
CVE-2025-4336 2025-05-24 HIGH 8.1 The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions…
CVE-2025-5055 2025-05-24 MEDIUM 4.4 The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions…
CVE-2025-48756 2025-05-24 LOW 2.9 In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits)…
CVE-2025-48755 2025-05-24 LOW 2.9 In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
CVE-2025-48754 2025-05-24 LOW 2.9 In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
CVE-2025-48753 2025-05-24 LOW 2.9 In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.
CVE-2025-48752 2025-05-24 LOW 2.9 In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.
CVE-2025-48751 2025-05-24 LOW 2.9 The process_lock crate 0.1.0 for Rust allows data races in unlock.
CVE-2025-3869 2025-05-24 MEDIUM 6.1 The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation…
CVE-2024-13427 2025-05-24 MEDIUM 6.4 The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up…
CVE-2025-5119 2025-05-23 HIGH 7.3 A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag…
CVE-2025-48741 2025-05-23 N/A 0.0 A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases,…
CVE-2025-48740 2025-05-23 N/A 0.0 A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger…
CVE-2025-48739 2025-05-23 N/A 0.0 A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin…
CVE-2025-48738 2025-05-23 N/A 0.0 An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password…
CVE-2025-48735 2025-05-23 MEDIUM 4.3 A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via…
CVE-2025-44998 2025-05-23 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the…
CVE-2023-34873 2025-05-23 N/A 0.0 On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code.
CVE-2025-48378 2025-05-23 N/A 0.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered…
CVE-2025-48377 2025-05-23 N/A 0.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can…
CVE-2025-48376 2025-05-23 LOW 3.5 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to…
CVE-2025-48375 2025-05-23 N/A 0.0 Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing…
« Anterior Página 1151 de 4309 Siguiente »