Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47757 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6MemInIF.dll!set_plc_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47756 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CGamenDataRom::set_mr400_strc function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47755 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!VS4_SaveEnvFile function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47754 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!Conv_Macro_Data function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47753 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds read in VS6EditData!CDrawSLine::GetRectArea function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47752 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6ComFile!MakeItemGlidZahyou function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47751 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6EditData!CDataRomErrorCheck::MacroCommandCheck function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47750 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with out-of-bounds write in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and arbitrary…
CVE-2025-47749 2025-05-19 HIGH 7.8 V-SFT v6.2.5.0 and earlier contains an issue with free of pointer not at start of buffer in VS6EditData.dll!CWinFontInf::WinFontMsgCheck function. Opening specially crafted V7 or V8 files may lead…
CVE-2024-2692 2024-04-04 CRITICAL 9.0 SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to Server Side XSS.
CVE-2024-2045 2024-03-01 MEDIUM 5.5 Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to…
CVE-2024-1140 2024-02-13 MEDIUM 6.1 Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver.
CVE-2024-0849 2024-02-07 MEDIUM 5.0 Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR.
CVE-2024-0788 2024-01-29 MEDIUM 6.6 SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver.
CVE-2025-43553 2025-05-13 HIGH 7.8 Substance3D - Modeler versions 1.21.0 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could result in arbitrary code execution in the context of the…
CVE-2025-43554 2025-05-13 HIGH 7.8 Substance3D - Modeler versions 1.21.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-30322 2025-05-13 HIGH 7.8 Substance3D - Painter versions 11.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-43571 2025-05-13 HIGH 7.8 Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43551 2025-05-13 MEDIUM 5.5 Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability…
CVE-2025-43549 2025-05-13 HIGH 7.8 Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43568 2025-05-13 HIGH 7.8 Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43569 2025-05-13 HIGH 7.8 Substance3D - Stager versions 3.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2025-43570 2025-05-13 HIGH 7.8 Substance3D - Stager versions 3.1.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2025-43548 2025-05-13 HIGH 7.8 Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
CVE-2025-43572 2025-05-13 HIGH 7.8 Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…
CVE-2023-27338 2024-05-03 MEDIUM 5.5 PDF-XChange Editor TIF File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required…
CVE-2024-5935 2024-06-27 MEDIUM 5.4 A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss…
CVE-2024-5186 2024-06-06 HIGH 7.2 A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in…
CVE-2023-27337 2024-05-03 HIGH 7.8 PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction…
CVE-2023-35757 2024-05-07 HIGH 8.8 D-Link DAP-2622 DDP Set Date-Time NTP Server Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link…
CVE-2025-4190 2025-05-17 HIGH 7.2 The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server…
CVE-2025-48187 2025-05-17 CRITICAL 9.1 RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset.…
CVE-2025-47889 2025-05-14 CRITICAL 9.8 In Jenkins WSO2 Oauth Plugin 1.0 and earlier, authentication claims are accepted without validation by the "WSO2 Oauth" security realm, allowing unauthenticated attackers to log in to controllers…
CVE-2025-43915 2025-05-05 MEDIUM 6.5 In Linkerd edge releases before edge-25.2.1, and Buoyant Enterprise for Linkerd releases 2.13.0–2.13.7, 2.14.0–2.14.10, 2.15.0–2.15.7, 2.16.0–2.16.4, and 2.17.0–2.17.1, resource exhaustion can occur for Linkerd proxy metrics.
CVE-2025-24661 2025-02-03 HIGH 8.8 Deserialization of Untrusted Data vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Object Injection.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 1.1.8.
CVE-2025-23167 2025-05-19 MEDIUM 6.5 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to…
CVE-2024-57273 2025-05-14 MEDIUM 5.4 Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers…
CVE-2023-35006 2024-07-10 MEDIUM 5.4 IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web…
CVE-2023-33860 2024-07-10 MEDIUM 5.3 IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending…
CVE-2024-3851 2024-05-16 MEDIUM 5.4 A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files,…
CVE-2025-4872 2025-05-18 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component CCC Command Handler. The manipulation leads…
CVE-2025-4871 2025-05-18 HIGH 7.3 A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component REST Command Handler. The…
CVE-2025-4838 2025-05-17 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login.…
CVE-2025-47948 2025-05-17 HIGH 7.2 Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users…
CVE-2025-47945 2025-05-17 CRITICAL 9.1 Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a…
CVE-2025-47788 2025-05-15 N/A 0.0 Atheos is a self-hosted browser-based cloud IDE. Prior to v602, similar to GHSA-rgjm-6p59-537v/CVE-2025-22152, the `$target` parameter in `/controller.php` was not properly validated, which could allow an attacker to…
CVE-2025-47787 2025-05-15 N/A 0.0 Emlog is an open source website building system. Emlog Pro prior to version 2.5.10 contains a file upload vulnerability. The store.php component contains a critical security flaw where…
CVE-2025-47786 2025-05-15 N/A 0.0 Emlog is an open source website building system. Version 2.5.13 has a stored cross-site scripting vulnerability that allows any registered user to construct malicious JavaScript, inducing all website…
CVE-2025-47785 2025-05-15 HIGH 8.3 Emlog is an open source website building system. In versions up to and including 2.5.9, SQL injection occurs because the $origContent parameter in admin/article_save.php is not strictly filtered.…
CVE-2025-47710 2025-05-14 HIGH 7.4 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal:…
« Anterior Página 1202 de 4310 Siguiente »