Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-2665 2025-03-23 HIGH 7.3 A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-reports-details.php. The…
CVE-2024-57099 2025-02-03 CRITICAL 9.8 ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to…
CVE-2025-0915 2025-05-05 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause…
CVE-2025-1000 2025-05-05 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of…
CVE-2024-57450 2025-02-03 CRITICAL 9.8 ChestnutCMS
CVE-2024-57452 2025-02-03 HIGH 7.5 ChestnutCMS
CVE-2025-43000 2025-05-13 HIGH 7.9 Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity…
CVE-2025-42997 2025-05-13 MEDIUM 6.6 Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior…
CVE-2025-31329 2025-05-13 MEDIUM 6.2 SAP NetWeaver is vulnerable to an Information Disclosure vulnerability caused by the injection of malicious instructions into user configuration settings. An attacker with administrative privileges can craft these…
CVE-2025-30018 2025-05-13 HIGH 8.6 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an application servlet request with a crafted XML file which when parsed,…
CVE-2025-30012 2025-05-13 LOW 3.9 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific…
CVE-2025-30011 2025-05-13 MEDIUM 5.3 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send…
CVE-2025-30010 2025-05-13 MEDIUM 6.1 The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to craft…
CVE-2025-30009 2025-05-13 MEDIUM 6.1 he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute…
CVE-2025-26662 2025-05-13 MEDIUM 4.4 The Data Services Management Console does not sufficiently encode user-controlled inputs, allowing an attacker to inject malicious script. When a targeted victim, who is already logged in, clicks…
CVE-2023-49641 2025-05-13 CRITICAL 9.8 Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent…
CVE-2025-46825 2025-05-12 N/A 0.0 Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the…
CVE-2025-3659 2025-05-12 N/A 0.0 Improper authentication handling was identified in a set of HTTP POST requests affecting the following product families: * Digi PortServer TS - prior to and including 82000747_AA, build…
CVE-2025-1079 2025-05-12 HIGH 7.8 Client RCE on macOS and Linux via improper symbolic link resolution in Google Web Designer's preview feature
CVE-2025-47682 2025-05-12 CRITICAL 9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cozy Vision Technologies Pvt. Ltd. SMS Alert Order Notifications – WooCommerce allows SQL Injection.This…
CVE-2024-55466 2025-05-12 MEDIUM 6.5 An arbitrary file upload vulnerability in the Image Gallery of ThingsBoard Community, ThingsBoard Cloud and ThingsBoard Professional v3.8.1 allows attackers to execute arbitrary code via uploading a crafted…
CVE-2024-4982 2025-05-12 HIGH 7.6 A directory traversal vulnerability was discovered in Pagure server. If a malicious user submits a specially cratfted git repository they could discover secrets on the server.
CVE-2024-4981 2025-05-12 HIGH 7.6 A vulnerability was discovered in Pagure server. If a malicious user were to submit a git repository with symbolic links, the server could unintentionally show incorporate and make…
CVE-2025-44175 2025-05-12 MEDIUM 5.4 Tenda AC10 v4 V16.03.10.13 is vulnerable to Buffer Overflow in the GetParentControlInfo function.
CVE-2023-34732 2025-05-12 MEDIUM 5.4 An issue in the userId parameter in the change password function of Flytxt NEON-dX v0.0.1-SNAPSHOT-6.9-qa-2-9-g5502a0c allows attackers to execute brute force attacks to discover user passwords.
CVE-2025-0035 2025-05-13 HIGH 7.3 Unquoted search path within AMD Cloud Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2024-6364 2025-05-13 N/A 0.0 A vulnerability in Absolute Persistence® versions before 2.8 exists when it is not activated. This may allow a skilled attacker with both physical access to the device, and…
CVE-2024-36339 2025-05-13 HIGH 7.3 A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-36321 2025-05-13 HIGH 7.3 Unquoted search path within AIM-T Manageability Service can allow a local attacker to escalate privileges, potentially resulting in arbitrary code execution.
CVE-2024-21960 2025-05-13 HIGH 7.3 Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2025-47278 2025-05-13 N/A 0.0 Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being…
CVE-2025-47276 2025-05-13 HIGH 7.5 Actualizer is a single shell script solution to allow developers and embedded engineers to create Debian operating systems (OS). Prior to version 1.2.0, Actualizer uses OpenSSL's "-passwd" function,…
CVE-2025-31493 2025-05-13 N/A 0.0 Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `collection()` helper or `$kirby->collection()`…
CVE-2025-30207 2025-05-13 N/A 0.0 Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups…
CVE-2025-22462 2025-05-13 CRITICAL 9.8 An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain…
CVE-2025-44039 2025-05-13 MEDIUM 5.1 CP-XR-DE21-S -4G Router Firmware version 1.031.022 was discovered to contain insecure protections for its UART console. This vulnerability allows local attackers to connect to the UART port via…
CVE-2025-30159 2025-05-13 N/A 0.0 Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby sites that use the `snippet()` helper or `$kirby->snippet()`…
CVE-2025-22859 2025-05-13 MEDIUM 5.3 A Relative Path Traversal vulnerability [CWE-23] in FortiClientEMS 7.4.0 through 7.4.1 and FortiClientEMS Cloud 7.4.0 through 7.4.1 may allow a remote unauthenticated attacker to perform a limited arbitrary file…
CVE-2025-22460 2025-05-13 HIGH 7.8 Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges.
CVE-2024-35281 2025-05-13 LOW 2.5 An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may…
CVE-2024-12533 2025-05-13 LOW 3.3 Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1…
CVE-2024-42446 2025-05-13 HIGH 7.5 APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to…
CVE-2024-36340 2025-05-13 MEDIUM 6.6 A junction point vulnerability within AMD uProf can allow a local low-privileged attacker to create junction points, potentially resulting in arbitrary file deletion or disclosure.
CVE-2025-4649 2025-05-13 MEDIUM 4.9 Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring,…
CVE-2025-32917 2025-05-13 N/A 0.0 Privilege escalation in jar_signature agent plugin in Checkmk versions
CVE-2025-4648 2025-05-13 HIGH 8.4 Download of Code Without Integrity Check vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can inject XSS by altering the content of a SVG…
CVE-2025-4647 2025-05-13 HIGH 8.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Centreon web allows Reflected XSS. A user with elevated privileges can bypass sanitization measures…
CVE-2025-4646 2025-05-13 HIGH 7.2 Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4.
CVE-2025-40628 2025-05-13 N/A 0.0 SQL injection vulnerability in DomainsPRO 1.2. This vulnerability could allow an attacker to retrieve, create, update and delete databases via the “d” parameter in the “/article.php” endpoint.
CVE-2025-40566 2025-05-13 HIGH 8.8 A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1). Affected products…
« Anterior Página 1235 de 4311 Siguiente »