Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59752 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59751 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59750 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59764 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59763 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59762 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59761 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59760 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59759 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59758 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59757 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59756 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59774 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59773 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59772 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59771 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59770 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59769 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59768 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59767 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59766 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59765 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59745 2025-10-02 HIGH 7.5 Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure…
CVE-2025-59746 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59747 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59748 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59749 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59835 2025-10-02 N/A 0.0 LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform…
CVE-2025-54315 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
CVE-2025-49090 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
CVE-2025-56161 2025-10-02 HIGH 7.5 YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php…
CVE-2025-56154 2025-10-02 MEDIUM 6.1 htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in…
CVE-2025-32942 2025-10-02 HIGH 7.2 SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
CVE-2025-34210 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password,…
CVE-2025-34208 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed…
CVE-2025-61096 2025-10-02 MEDIUM 6.5 PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.
CVE-2025-61087 2025-10-02 N/A 0.0 SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
CVE-2025-60782 2025-10-02 N/A 0.0 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads…
CVE-2025-56381 2025-10-02 MEDIUM 6.5 ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.
CVE-2025-56380 2025-10-02 MEDIUM 6.5 Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter
CVE-2025-56379 2025-10-02 N/A 0.0 A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
CVE-2025-53881 2025-10-02 N/A 0.0 A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before…
CVE-2023-28760 2025-10-02 HIGH 7.5 TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker…
CVE-2025-41010 2025-10-02 N/A 0.0 Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin”…
CVE-2025-22862 2025-10-02 MEDIUM 6.7 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through…
CVE-2025-11240 2025-10-02 N/A 0.0 An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation…
CVE-2025-11239 2025-10-02 N/A 0.0 Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only…
CVE-2025-0642 2025-10-02 MEDIUM 6.3 Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.
CVE-2025-41064 2025-10-02 N/A 0.0 Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
CVE-2024-58267 2025-10-02 HIGH 8.0 A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based…
« Anterior Página 119 de 3646 Siguiente »