Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4762 2025-05-15 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files…
CVE-2025-4564 2025-05-15 CRITICAL 9.8 The TicketBAI Facturas para WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation via the 'delpdf' action in all versions up…
CVE-2025-3446 2025-05-15 MEDIUM 4.3 Mattermost versions 10.6.x
CVE-2025-31947 2025-05-15 MEDIUM 5.8 Mattermost versions 10.6.x
CVE-2025-32738 2025-05-15 MEDIUM 5.3 Missing authentication for critical function issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier. If exploited, a remote unauthenticated attacker may change…
CVE-2025-32002 2025-05-15 CRITICAL 9.8 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in I-O DATA network attached hard disk 'HDL-T Series' firmware Ver.1.21 and earlier…
CVE-2025-4737 2025-05-15 MEDIUM 6.2 Insufficient encryption vulnerability in the mobile application (com.transsion.aivoiceassistant) may lead to the risk of sensitive information leakage.
CVE-2025-27525 2025-05-15 LOW 3.9 Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before…
CVE-2025-27524 2025-05-15 MEDIUM 5.3 Weak encryption vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before…
CVE-2025-27523 2025-05-15 HIGH 8.7 XXE vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08,…
CVE-2025-48027 2025-05-15 MEDIUM 5.4 The HttpAuth plugin in pGina.Fork through 3.9.9.12 allows authentication bypass when an adversary controls DNS resolution for pginaloginserver.
CVE-2024-13914 2025-05-15 HIGH 7.2 The File Manager Advanced Shortcode WordPress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.4 (file-manager-advanced-shortcode) and 2.5.6 (advanced-file-manager-pro-premium), via…
CVE-2025-48024 2025-05-15 MEDIUM 5.0 In BlueWave Checkmate before 2.1, an authenticated regular user can access sensitive application secrets via the /api/v1/settings endpoint.
CVE-2025-3053 2025-05-15 HIGH 8.8 The UiPress lite | Effortless custom dashboards, admin themes and pages plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.5.07…
CVE-2025-4591 2025-05-15 MEDIUM 6.4 The Weluka Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'weluka-map' shortcode in all versions up to, and including, 1.0.3 due to insufficient…
CVE-2025-4589 2025-05-15 MEDIUM 6.4 The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bt-map' shortcode in all versions up to, and including, 1.3.2 due to insufficient…
CVE-2025-4126 2025-05-15 MEDIUM 6.4 The EG-Series plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [series] shortcode in all versions up to, and including, 2.1.1 due to insufficient input…
CVE-2025-3917 2025-05-15 CRITICAL 9.8 The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including,…
CVE-2025-4579 2025-05-15 HIGH 7.2 The WP Content Security Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blocked-uri and effective-directive parameters in all versions up to, and including, 2.3…
CVE-2025-47783 2025-05-14 N/A 0.0 Label Studio is a multi-type data labeling and annotation tool. A vulnerability in versions prior to 1.18.0 allows an attacker to inject a malicious script into the context…
CVE-2025-32421 2025-05-14 LOW 3.7 Next.js is a React framework for building full-stack web applications. Versions prior to 14.2.24 and 15.1.6 have a race-condition vulnerability. This issue only affects the Pages Router under…
CVE-2024-45067 2025-05-14 HIGH 8.2 Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-47888 2025-05-14 MEDIUM 5.9 Jenkins DingTalk Plugin 2.7.3 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections to the configured DingTalk webhooks.
CVE-2025-47887 2025-05-14 MEDIUM 4.3 Missing permission checks in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2025-47886 2025-05-14 MEDIUM 4.3 A cross-site request forgery (CSRF) vulnerability in Jenkins Cadence vManager Plugin 4.0.1-286.v9e25a_740b_a_48 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.
CVE-2025-47885 2025-05-14 HIGH 8.8 Jenkins Health Advisor by CloudBees Plugin 374.v194b_d4f0c8c8 and earlier does not escape responses from the Jenkins Health Advisor server, resulting in a stored cross-site scripting (XSS) vulnerability exploitable…
CVE-2025-47884 2025-05-14 CRITICAL 9.1 In Jenkins OpenID Connect Provider Plugin 96.vee8ed882ec4d and earlier the generation of build ID Tokens uses potentially overridden values of environment variables, in conjunction with certain other plugins…
CVE-2025-44879 2025-05-14 HIGH 7.5 WS-WN572HP3 V230525 was discovered to contain a buffer overflow in the component /www/cgi-bin/upload.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP…
CVE-2025-44024 2025-05-14 MEDIUM 6.1 Cross-Site Scripting (XSS) vulnerability was discovered in the Pichome system v2.1.0 and before. The vulnerability exists due to insufficient sanitization of user input in the login form. An…
CVE-2025-26783 2025-05-14 HIGH 7.5 An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, W1000, Modem 5300, and Modem 5400.…
CVE-2025-32363 2025-05-14 CRITICAL 9.8 mediDOK before 2.5.18.43 allows remote attackers to achieve remote code execution on a target system via deserialization of untrusted data.
CVE-2025-25370 2025-05-14 MEDIUM 4.6 An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only…
CVE-2024-58101 2025-05-14 HIGH 8.1 Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio…
CVE-2024-57096 2025-05-14 MEDIUM 5.5 An issue in wps office before v.19302 allows a local attacker to obtain sensitive information via a crafted file.
CVE-2025-4641 2025-05-14 N/A 0.0 Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability…
CVE-2025-4640 2025-05-14 N/A 0.0 Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So…
CVE-2025-4780 2025-05-16 MEDIUM 6.3 A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been rated as critical. This issue affects some unknown processing of the file /foreigner-search.php. The…
CVE-2025-4778 2025-05-16 MEDIUM 6.3 A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been declared as critical. This vulnerability affects unknown code of the file /normal-search.php. The manipulation…
CVE-2025-4600 2025-05-16 N/A 0.0 A request smuggling vulnerability existed in the Google Cloud Classic Application Load Balancer due to improper handling of chunked-encoded HTTP requests. This allowed attackers to craft requests that…
CVE-2025-4211 2025-05-16 N/A 0.0 Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious…
CVE-2025-47790 2025-05-16 MEDIUM 6.4 Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9,…
CVE-2025-32962 2025-05-16 MEDIUM 4.3 Flask-AppBuilder is an application development framework built on top of Flask. Versions prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by…
CVE-2025-40629 2025-05-16 N/A 0.0 PNETLab 4.2.10 does not properly sanitize user inputs in its file access mechanisms. This allows attackers to perform directory traversal by manipulating file paths in HTTP requests. Specifically,…
CVE-2025-2306 2025-05-16 MEDIUM 5.9 An Improper Access Control vulnerability was identified in the file download functionality. This vulnerability allows users to download sensitive documents without authentication, if the URL is known. The…
CVE-2025-2305 2025-05-16 HIGH 8.6 A Path traversal vulnerability in the file download functionality was identified. This vulnerability allows unauthenticated users to download arbitrary files, in the context of the application server, from…
CVE-2025-4770 2025-05-16 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in PHPGurukul Park Ticketing Management System 2.0. This issue affects some unknown processing of the file /view-normal-ticket.php. The…
CVE-2025-4769 2025-05-16 HIGH 7.0 A vulnerability classified as critical was found in CBEWIN Anytxt Searcher 1.3.1128.0. This vulnerability affects unknown code of the file ATService.exe. The manipulation leads to uncontrolled search path.…
CVE-2025-40632 2025-05-16 N/A 0.0 Cross-site scripting (XSS) in Icewarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to modify the “lastLogin” cookie with malicious JavaScript code that will be executed…
CVE-2025-40631 2025-05-16 N/A 0.0 HTTP host header injection vulnerability in Icewarp Mail Server affecting version 11.4.0. By modifying the Host header and adding a payload, arbitrary JavaScript code can be executed on…
CVE-2025-40630 2025-05-16 N/A 0.0 Open redirection vulnerability in IceWarp Mail Server affecting version 11.4.0. This vulnerability allows an attacker to redirect a user to any domain by sending a malicious URL to…
« Anterior Página 1217 de 4310 Siguiente »