Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47736 2025-05-09 LOW 2.9 dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8.
CVE-2025-47735 2025-05-09 LOW 2.9 inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.
CVE-2025-4457 2025-05-09 HIGH 7.3 A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation…
CVE-2025-4456 2025-05-09 HIGH 7.3 A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the…
CVE-2025-4455 2025-05-09 HIGH 7.0 A vulnerability was found in Patch My PC Home Updater up to 5.1.3.0. It has been rated as critical. This issue affects some unknown processing in the library…
CVE-2025-4446 2025-05-09 HIGH 8.0 A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of…
CVE-2025-4440 2025-05-08 HIGH 8.0 A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation…
CVE-2025-31946 2025-05-08 MEDIUM 6.2 Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption…
CVE-2025-29972 2025-05-08 CRITICAL 9.9 Server-Side Request Forgery (SSRF) in Azure allows an authorized attacker to perform spoofing over a network.
CVE-2025-29827 2025-05-08 CRITICAL 9.9 Improper Authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.
CVE-2025-27720 2025-05-08 HIGH 7.4 The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
CVE-2025-27578 2025-05-08 HIGH 7.5 Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to…
CVE-2025-1331 2025-05-08 HIGH 7.8 IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to the use…
CVE-2025-1330 2025-05-08 HIGH 7.8 IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1  could allow a local user to execute arbitrary code on the system due to failure…
CVE-2025-1329 2025-05-08 HIGH 7.8 IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure…
CVE-2025-46833 2025-05-08 N/A 0.0 Programs/P73_SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute…
CVE-2025-46812 2025-05-08 N/A 0.0 Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.15 are vulnerable to XSS attacks when pasting malicious code. An attacker could trick a…
CVE-2025-46712 2025-05-08 LOW 3.7 Erlang/OTP is a set of libraries for the Erlang programming language. In versions prior to OTP-27.3.4 (for OTP-27), OTP-26.2.5.12 (for OTP-26), and OTP-25.3.2.21 (for OTP-25), Erlang/OTP SSH fails…
CVE-2025-46336 2025-05-08 MEDIUM 4.2 Rack::Session is a session management implementation for Rack. In versions starting from 2.0.0 to before 2.1.1, when using the Rack::Session::Pool middleware, and provided the attacker can acquire a…
CVE-2024-9448 2025-05-08 HIGH 7.5 On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to…
CVE-2025-27695 2025-05-08 MEDIUM 4.9 Dell Wyse Management Suite, versions prior to WMS 5.1 contain an Authentication Bypass by Spoofing vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability,…
CVE-2025-0505 2025-05-08 CRITICAL 10.0 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary,…
CVE-2024-8100 2025-05-08 HIGH 8.7 On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision.
CVE-2024-12378 2025-05-08 CRITICAL 9.1 On affected platforms running Arista EOS with secure Vxlan configured, restarting the Tunnelsec agent will result in packets being sent over the secure Vxlan tunnels in the clear.
CVE-2024-11186 2025-05-08 CRITICAL 10.0 On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory…
CVE-2025-4098 2025-05-08 N/A 0.0 Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected…
CVE-2025-1948 2025-05-08 HIGH 7.5 In Eclipse Jetty versions 12.0.0 to 12.0.16 included, an HTTP/2 client can specify a very large value for the HTTP/2 settings parameter SETTINGS_MAX_HEADER_LIST_SIZE. The Jetty HTTP/2 server does…
CVE-2024-13009 2025-05-08 HIGH 7.2 In Eclipse Jetty versions 9.4.0 to 9.4.56 a buffer can be incorrectly released when confronted with a gzip error when inflating a request body. This can result in…
CVE-2025-44021 2025-05-08 LOW 2.8 OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling (if a deployment was performed via the API). A malicious project assigned…
CVE-2025-26844 2025-05-08 CRITICAL 9.8 An issue was discovered in Znuny through 7.1.3. A cookie is set without the HttpOnly flag.
CVE-2025-26842 2025-05-08 HIGH 7.5 An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with…
CVE-2023-51328 2025-05-08 MEDIUM 5.4 PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters.
CVE-2025-4207 2025-05-08 MEDIUM 5.9 Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination.…
CVE-2025-46750 2025-05-12 MEDIUM 4.4 SEL BIOS packages prior to 1.3.49152.117 or 2.6.49152.98 allow a local attacker to bypass password authentication and change password-protected BIOS settings by importing a BIOS settings file with…
CVE-2025-46749 2025-05-12 MEDIUM 4.3 An authenticated user could submit scripting to fields that lack proper input and output sanitization leading to subsequent client-side script execution.
CVE-2025-46748 2025-05-12 LOW 2.7 An authenticated user attempting to change their password could do so without using the current password.
CVE-2025-46747 2025-05-12 MEDIUM 5.7 An authenticated user without user-management permissions could identify other user accounts.
CVE-2025-46746 2025-05-12 MEDIUM 5.8 An administrator could discover another account's credentials.
CVE-2025-46745 2025-05-12 MEDIUM 6.5 An authenticated user without user-management permissions could view other users' account information.
CVE-2025-46744 2025-05-12 LOW 2.7 An authenticated administrator could modify the Created By username for a user account
CVE-2025-46743 2025-05-12 MEDIUM 6.3 An authenticated user's token could be used by another source after the user had logged out prior to the token expiring.
CVE-2025-46742 2025-05-12 MEDIUM 4.3 Users who were required to change their password could still access system information before changing their password
CVE-2025-46741 2025-05-12 MEDIUM 5.7 A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
CVE-2025-46740 2025-05-12 HIGH 7.5 An authenticated user without user administrative permissions could change the administrator Account Name.
CVE-2025-46739 2025-05-12 HIGH 8.1 An unauthenticated user could discover account credentials via a brute-force attack without rate limiting
CVE-2025-3632 2025-05-12 HIGH 7.5 IBM 4769 Developers Toolkit 7.0.0 through 7.5.52 could allow a remote attacker to cause a denial of service in the Hardware Security Module (HSM) due to improper memory…
CVE-2025-47578 2025-05-12 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Edward Caissie BNS Twitter Follow Button allows DOM-Based XSS.This issue affects BNS Twitter Follow Button: from…
CVE-2025-46738 2025-05-12 MEDIUM 6.6 An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code.
CVE-2025-46737 2025-05-12 HIGH 7.4 SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which…
CVE-2025-47274 2025-05-12 N/A 0.0 ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP…
« Anterior Página 1248 de 4311 Siguiente »