Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4638 2025-05-14 N/A 0.0 A vulnerability exists in the inftrees.c component of the zlib library, which is bundled within the PointCloudLibrary (PCL). This issue may allow context-dependent attackers to cause undefined behavior…
CVE-2025-4637 2025-05-14 N/A 0.0 Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before
CVE-2025-46786 2025-05-14 MEDIUM 4.3 Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
CVE-2025-46785 2025-05-14 MEDIUM 6.5 Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30668 2025-05-14 MEDIUM 6.5 Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30667 2025-05-14 MEDIUM 6.5 NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30666 2025-05-14 MEDIUM 6.5 NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30665 2025-05-14 MEDIUM 6.5 NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
CVE-2025-30664 2025-05-14 MEDIUM 6.6 Improper neutralization of special elements in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-30663 2025-05-14 HIGH 8.8 Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2025-0130 2025-05-14 N/A 0.0 A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled allows an unauthenticated attacker to send a burst of maliciously crafted packets…
CVE-2025-47707 2025-05-14 HIGH 7.5 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal:…
CVE-2025-47705 2025-05-14 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal IFrame Remove Filter allows Cross-Site Scripting (XSS).This issue affects IFrame Remove Filter: from 0.0.0 before…
CVE-2025-47702 2025-05-14 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal oEmbed Providers allows Cross-Site Scripting (XSS).This issue affects oEmbed Providers: from 0.0.0 before 2.2.2.
CVE-2025-40595 2025-05-14 HIGH 7.2 A Server-side request forgery (SSRF) vulnerability has been identified in the SMA1000 Appliance Work Place interface. By using an encoded URL, a remote unauthenticated attacker could potentially cause…
CVE-2025-3932 2025-05-14 MEDIUM 6.5 It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link.…
CVE-2025-3909 2025-05-14 MEDIUM 6.5 Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment (message/rfc822) and setting its content type…
CVE-2025-3877 2025-05-14 MEDIUM 5.4 A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is…
CVE-2025-3875 2025-05-14 HIGH 7.5 Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From…
CVE-2025-47782 2025-05-14 N/A 0.0 motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed (camera) device path with…
CVE-2025-47781 2025-05-14 CRITICAL 9.8 Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to…
CVE-2025-47778 2025-05-14 N/A 0.0 Sulu is an open-source PHP content management system based on the Symfony framework. Starting in versions 2.5.21, 2.6.5, and 3.0.0-alpha1, an admin user can upload SVG which may…
CVE-2025-47777 2025-05-14 CRITICAL 9.6 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to…
CVE-2025-47775 2025-05-14 MEDIUM 6.2 Bullfrog is a GithHb Action to block unauthorized outbound traffic in GitHub workflows. Prior to version 0.8.4, using tcp breaks blocking and allows DNS exfiltration. This can result…
CVE-2025-24969 2025-05-14 MEDIUM 5.0 iTop is an web based IT Service Management tool. Prior to version 3.2.1, a portal user can see any other contacts picture by changing the picture ID in…
CVE-2025-24785 2025-05-14 MEDIUM 4.3 iTop is an web based IT Service Management tool. In version 3.2.0, an attacker may send a URL to the server to trigger a PHP error. The next…
CVE-2025-24026 2025-05-14 MEDIUM 5.3 iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service (ReDoS) that may, under some circumstances, affect…
CVE-2025-24022 2025-05-14 HIGH 8.5 iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, server code execution is possible through the frontend of iTop's portal. This…
CVE-2025-24021 2025-05-14 MEDIUM 5.0 iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object…
CVE-2024-56157 2025-05-14 MEDIUM 6.3 iTop is an web based IT Service Management tool. Prior to versions 3.1.3 and 3.2.1, by filling malicious code in a CSV content, a cross-site scripting attack can…
CVE-2024-52601 2025-05-14 MEDIUM 6.5 iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can have read access to…
CVE-2024-10865 2025-05-14 N/A 0.0 Improper Input validation leads to XSS or Cross-site Scripting vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5.
CVE-2024-10864 2025-05-14 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText Advanced Authentication. This issue affects Advanced Authentication versions before 6.5
CVE-2025-47436 2025-05-14 N/A 0.0 Heap-based Buffer Overflow vulnerability in Apache ORC. A vulnerability has been identified in the ORC C++ LZO decompression logic, where specially crafted malformed ORC files can cause the…
CVE-2025-3600 2025-05-14 HIGH 7.5 In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the…
CVE-2023-53146 2025-05-14 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: dw2102: Fix null-ptr-deref in dw2102_i2c_transfer() In dw2102_i2c_transfer, msg is controlled by user. When msg[i].buf is null and…
CVE-2025-47445 2025-05-14 HIGH 7.5 Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.
CVE-2025-3931 2025-05-14 HIGH 7.8 A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates…
CVE-2025-3769 2025-05-14 MEDIUM 5.3 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92…
CVE-2025-4430 2025-05-14 N/A 0.0 Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).
CVE-2025-47292 2025-05-14 N/A 0.0 Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled…
CVE-2025-3834 2025-05-14 HIGH 8.1 Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the OU History report.
CVE-2025-3833 2025-05-14 HIGH 8.1 Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior are vulnerable to authenticated SQL injection in the MFA reports.
CVE-2024-24780 2025-05-14 CRITICAL 9.8 Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI. This issue affects…
CVE-2025-2875 2025-05-14 HIGH 7.5 CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to…
CVE-2024-8988 2025-05-14 MEDIUM 5.3 The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API…
CVE-2024-13940 2025-05-14 MEDIUM 5.5 The Ninja Forms Webhooks plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.0.7 via the form webhook functionality. This makes…
CVE-2024-52290 2025-05-14 MEDIUM 6.3 LF Edge eKuiper is a lightweight internet of things (IoT) data analytics and stream processing engine. Prior to version 2.1.0 user with rights to modificate the service (e.g.…
CVE-2025-4520 2025-05-14 MEDIUM 5.4 The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and…
CVE-2025-3623 2025-05-14 HIGH 8.1 The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automator_api_decode_message()…
« Anterior Página 1214 de 4310 Siguiente »