Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4768 2025-05-16 MEDIUM 6.3 A vulnerability classified as critical has been found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. This affects the function uploadPicture of the file PictureServiceImpl.java. The manipulation of the argument…
CVE-2025-4767 2025-05-16 MEDIUM 5.3 A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function test_custom_tool of the file introspect/backend/integration_routes.py…
CVE-2025-1975 2025-05-16 HIGH 7.5 A vulnerability in the Ollama server version 0.5.11 allows a malicious user to cause a Denial of Service (DoS) attack by customizing the manifest content and spoofing a…
CVE-2024-53827 2025-05-16 HIGH 7.5 Ericsson Packet Core Controller (PCC) contains a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation
CVE-2025-3624 2025-05-16 MEDIUM 4.3 Missing Authorization vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.4-00.
CVE-2025-1531 2025-05-16 MEDIUM 6.5 Authentication credentials leakage vulnerability in Hitachi Ops Center Analyzer viewpoint.This issue affects Hitachi Ops Center Analyzer viewpoint: from 10.0.0-00 before 11.0.4-00.
CVE-2024-8201 2025-05-16 MEDIUM 5.4 Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before…
CVE-2025-1245 2025-05-16 MEDIUM 6.5 Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer  (Hitachi Ops Center Analyzer detail view component).This issue affects Hitachi Infrastructure…
CVE-2025-4747 2025-05-16 MEDIUM 6.3 A vulnerability was found in Bohua NetDragon Firewall 1.0 and classified as critical. This issue affects some unknown processing of the file /systemstatus/ip_status.php. The manipulation of the argument…
CVE-2025-48175 2025-05-16 MEDIUM 4.5 In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
CVE-2025-4742 2025-05-16 MEDIUM 5.3 A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization.…
CVE-2025-4740 2025-05-16 MEDIUM 5.3 A vulnerability was found in BeamCtrl Airiana up to 11.0. It has been declared as problematic. This vulnerability affects unknown code of the file coef. The manipulation leads…
CVE-2025-4169 2025-05-16 MEDIUM 6.4 The Posts per Cat [Unmaintained plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ppc' shortcode in all versions up to, and including, 1.4.2 due…
CVE-2025-4733 2025-05-16 HIGH 8.8 A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the…
CVE-2025-4732 2025-05-16 HIGH 8.8 A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request…
CVE-2025-47809 2025-05-16 HIGH 8.2 Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). For exploitation, there must have been an unprivileged installation with UAC, and…
CVE-2025-4730 2025-05-16 HIGH 8.8 A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel…
CVE-2025-4729 2025-05-16 MEDIUM 6.3 A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice…
CVE-2025-47930 2025-05-16 N/A 0.0 Zulip is an open-source team chat application. Starting in version 10.0 and prior to version 10.3, the "Who can create public channels" access control mechanism can be circumvented…
CVE-2025-4727 2025-05-15 LOW 3.7 A vulnerability was found in Meteor up to 3.2.1 and classified as problematic. This issue affects the function Object.assign of the file packages/ddp-server/livedata_server.js. The manipulation of the argument…
CVE-2025-47275 2025-05-15 CRITICAL 9.1 Auth0-PHP provides the PHP SDK for Auth0 Authentication and Management APIs. Starting in version 8.0.0-BETA1 and prior to version 8.14.0, session cookies of applications using the Auth0-PHP SDK…
CVE-2025-47929 2025-05-15 N/A 0.0 DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b.…
CVE-2025-47928 2025-05-15 CRITICAL 9.1 Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the checking out the head.sha of a forked…
CVE-2025-47789 2025-05-15 MEDIUM 6.1 Horilla is a free and open source Human Resource Management System (HRMS). In versions up to and including 1.3, an attacker can craft a Horilla URL that refers…
CVE-2025-47784 2025-05-15 N/A 0.0 Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause `str_replace` to…
CVE-2025-46834 2025-05-15 N/A 0.0 Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular…
CVE-2024-9831 2025-05-15 HIGH 7.2 The Taskbuilder WordPress plugin before 3.0.9 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-26152 2024-02-22 MEDIUM 4.7 ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or…
CVE-2023-3966 2024-02-22 HIGH 7.5 A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses.…
CVE-2025-4500 2025-05-10 MEDIUM 5.3 A vulnerability, which was classified as critical, has been found in code-projects Hotel Management System 1.0. Affected by this issue is the function Edit of the component Edit…
CVE-2025-4469 2025-05-09 LOW 2.4 A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the…
CVE-2022-42160 2022-10-13 HIGH 8.8 D-Link COVR 1200,1202,1203 v1.08 was discovered to contain a command injection vulnerability via the system_time_timezone parameter at function SetNTPServerSettings.
CVE-2022-42159 2022-10-13 MEDIUM 4.3 D-Link COVR 1200,1202,1203 v1.08 was discovered to have a predictable seed in a Pseudo-Random Number Generator.
CVE-2022-34021 2022-10-13 MEDIUM 5.4 Multiple Cross Site Scripting (XSS) vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 via the form fields.
CVE-2022-34020 2022-10-13 HIGH 8.8 Cross Site Request Forgery (CSRF) vulnerability in ResIOT ResIOT IOT Platform + LoRaWAN Network Server through 4.1.1000114 allows attackers to add new admin users to the platform or…
CVE-2022-33106 2022-10-12 CRITICAL 9.8 WiJungle NGFW Version U250 was discovered to be vulnerable to No Rate Limit attack, allowing the attacker to brute force the admin password leading to Account Take Over.
CVE-2022-24697 2022-10-13 CRITICAL 9.8 Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks…
CVE-2021-20030 2022-10-13 HIGH 7.5 SonicWall GMS is vulnerable to file path manipulation resulting that an unauthenticated attacker can gain access to web directory containing application's binaries and configuration files.
CVE-2018-18447 2022-10-12 CRITICAL 9.8 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
CVE-2018-18446 2022-10-12 CRITICAL 9.8 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
CVE-2025-2472 2025-03-18 HIGH 7.3 A vulnerability has been found in PHPGurukul Apartment Visitors Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php…
CVE-2025-2471 2025-03-18 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Affected is an unknown function of the file /boat-details.php. The manipulation of the…
CVE-2025-4502 2025-05-10 HIGH 7.3 A vulnerability has been found in Campcodes Sales and Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pages/creditor_add.php. The manipulation leads…
CVE-2025-22466 2025-04-08 HIGH 8.2 Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required.
CVE-2025-22465 2025-04-08 MEDIUM 6.1 Reflected XSS in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to execute arbitrary javascript in a victim's browser.…
CVE-2025-22464 2025-04-08 MEDIUM 6.1 An untrusted pointer dereference vulnerability in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an attacker with local access to write arbitrary data…
CVE-2025-22461 2025-04-08 HIGH 7.2 SQL injection in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote authenticated attacker with admin privileges to achieve code execution.
CVE-2025-22459 2025-04-08 MEDIUM 4.8 Improper certificate validation in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows a remote unauthenticated attacker to intercept limited traffic between clients and…
CVE-2025-4503 2025-05-10 HIGH 7.3 A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customer_update.php. The manipulation of…
CVE-2024-42179 2025-01-12 LOW 2.0 HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version.
« Anterior Página 1218 de 4310 Siguiente »