Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4415 2025-05-21 MEDIUM 4.8 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Piwik PRO allows Cross-Site Scripting (XSS).This issue affects Piwik PRO: from 0.0.0 before 1.3.2.
CVE-2025-48012 2025-05-21 MEDIUM 4.8 Authentication Bypass by Capture-replay vulnerability in Drupal One Time Password allows Remote Services with Stolen Credentials.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVE-2025-48011 2025-05-21 MEDIUM 4.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVE-2025-48010 2025-05-21 MEDIUM 4.8 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal One Time Password allows Functionality Bypass.This issue affects One Time Password: from 0.0.0 before 1.3.0.
CVE-2025-48009 2025-05-21 LOW 3.1 Missing Authorization vulnerability in Drupal Single Content Sync allows Functionality Misuse.This issue affects Single Content Sync: from 0.0.0 before 1.4.12.
CVE-2025-45754 2025-05-21 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in SeedDMS 6.0.32. This vulnerability allows an attacker to inject malicious JavaScript payloads by creating a document with an XSS payload…
CVE-2025-25539 2025-05-21 MEDIUM 6.5 Local File Inclusion vulnerability in Vasco v3.14and before allows a remote attacker to obtain sensitive information via help menu.
CVE-2025-20267 2025-05-21 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user…
CVE-2025-20258 2025-05-21 MEDIUM 5.4 A vulnerability in the self-service portal of Cisco Duo could allow an unauthenticated, remote attacker to inject arbitrary commands into emails that are sent by the service. This…
CVE-2025-20257 2025-05-21 MEDIUM 6.5 A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges…
CVE-2025-20256 2025-05-21 MEDIUM 6.5 A vulnerability in the web-based management interface of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with valid…
CVE-2025-20255 2025-05-21 MEDIUM 4.3 A vulnerability in client join services of Cisco Webex Meetings could allow an unauthenticated, remote attacker to manipulate cached HTTP responses within the meeting join service. This vulnerability…
CVE-2025-20250 2025-05-21 MEDIUM 6.1 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
CVE-2025-20247 2025-05-21 MEDIUM 6.1 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
CVE-2025-20246 2025-05-21 MEDIUM 6.1 A vulnerability in Cisco Webex could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. A vulnerability is due to improper filtering of user-supplied input.…
CVE-2025-20242 2025-05-21 MEDIUM 6.5 A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected…
CVE-2025-20152 2025-05-21 HIGH 8.6 A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition…
CVE-2025-20114 2025-05-21 MEDIUM 4.3 A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This…
CVE-2025-20113 2025-05-21 HIGH 7.1 A vulnerability in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to elevate privileges to Administrator for a limited set of functions on an affected system.…
CVE-2025-20112 2025-05-21 MEDIUM 5.1 A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. This…
CVE-2025-0372 2025-05-21 N/A 0.0 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1.
CVE-2024-56428 2025-05-21 MEDIUM 5.5 The local iLabClient database in itech iLabClient 3.7.1 allows local attackers to read cleartext credentials (from the CONFIGS table) for their servers configured in the client.
CVE-2025-48207 2025-05-21 HIGH 8.6 The reint_downloadmanager extension through 5.0.0 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48206 2025-05-21 MEDIUM 6.1 The ns_backup extension through 13.0.0 for TYPO3 allows XSS.
CVE-2025-48205 2025-05-21 HIGH 8.6 The sr_feuser_register extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48204 2025-05-21 MEDIUM 6.8 The ns_backup extension through 13.0.0 for TYPO3 allows command injection.
CVE-2025-48203 2025-05-21 MEDIUM 6.4 The cs_seo extension through 9.2.0 for TYPO3 allows XSS.
CVE-2025-48202 2025-05-21 MEDIUM 5.3 The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
CVE-2025-48201 2025-05-21 HIGH 8.6 The ns_backup extension through 13.0.0 for TYPO3 has a Predictable Resource Location.
CVE-2025-48200 2025-05-21 CRITICAL 10.0 The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.
CVE-2025-27998 2025-05-21 HIGH 8.4 An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.
CVE-2025-5029 2025-05-21 MEDIUM 5.4 A vulnerability has been found in Kingdee Cloud Galaxy Private Cloud BBC System up to 9.0 Patch April 2025 and classified as critical. Affected by this vulnerability is…
CVE-2024-23337 2025-05-21 MEDIUM 4.3 jq is a command-line JSON processor. In versions up to and including 1.7.1, an integer overflow arises when assigning value using an index of 2147483647, the signed integer…
CVE-2024-56429 2025-05-21 HIGH 7.7 itech iLabClient 3.7.1 relies on the hard-coded YngAYdgAE/kKZYu2F2wm6w== key (found in iLabClient.jar) for local users to read or write to the database.
CVE-2024-42922 2025-05-21 MEDIUM 6.5 AAPanel v7.0.7 was discovered to contain an OS command injection vulnerability.
CVE-2025-48417 2025-05-21 MEDIUM 6.5 The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped…
CVE-2025-48415 2025-05-21 MEDIUM 6.2 A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be…
CVE-2025-1421 2025-05-21 N/A 0.0 Data provided in a request performed to the server while activating a new device are put in a database. Other high privileged users might download this data as a…
CVE-2025-1420 2025-05-21 N/A 0.0 Input provided in a field containing "activationMessage" in Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been…
CVE-2025-1419 2025-05-21 N/A 0.0 Input provided in comment section of Konsola Proget is not sanitized correctly, allowing a high-privileged user to perform a Stored Cross-Site Scripting attack. This issue has been fixed…
CVE-2025-1418 2025-05-21 N/A 0.0 A low-privileged user can access information about profiles created in Proget MDM (Mobile Device Management), which contain details about allowed/prohibited functions. The profiles do not reveal any sensitive information…
CVE-2025-1417 2025-05-21 N/A 0.0 In Proget MDM, a low-privileged user can access information about changes contained in backups of all devices managed by the MDM (Mobile Device Management). This information include user…
CVE-2025-1416 2025-05-21 N/A 0.0 In Proget MDM, a low-privileged user can retrieve passwords for managed devices and subsequently use functionalities restricted by the MDM (Mobile Device Management). For it to happen, they must…
CVE-2025-4803 2025-05-21 HIGH 7.2 The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via…
CVE-2025-4611 2025-05-21 MEDIUM 6.4 The Slim SEO – Fast & Automated WordPress SEO Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slim_seo_breadcrumbs shortcode in all versions up…
CVE-2025-4221 2025-05-21 MEDIUM 6.4 The Animated Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-downloader' shortcode in all versions up to, and including, 1.0.0 due to insufficient…
CVE-2025-4219 2025-05-21 MEDIUM 6.4 The DPEPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dpe' shortcode in all versions up to, and including, 0.3 due to insufficient input…
CVE-2025-4217 2025-05-21 MEDIUM 6.4 The WP YouTube Video Optimizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ib_youtube' shortcode in all versions up to, and including, 1.2 due…
CVE-2025-4105 2025-05-21 MEDIUM 5.4 The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the 'splitIt-flexfields-payment-gateway.php' file in all versions up…
CVE-2025-48414 2025-05-21 MEDIUM 6.5 There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for…
« Anterior Página 1184 de 4309 Siguiente »