Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40627 2025-05-12 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This…
CVE-2025-40626 2025-05-12 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in AbanteCart v1.4.0, that could allow an attacker to execute JavaScript code in a victim's browser by sending the victim a malicious URL. This…
CVE-2025-47271 2025-05-12 N/A 0.0 The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5,…
CVE-2025-47270 2025-05-12 HIGH 7.5 nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. The `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross is vulnerable to a Denial of Service…
CVE-2025-46729 2025-05-12 N/A 0.0 julmud/phpDVDProfiler is an adoption of the defunct phpDVDProfiler project, which allows users to display on the web their DVD collections maintained with Invelos's DVDProfiler software. Starting in v_20230807…
CVE-2025-32390 2025-05-12 N/A 0.0 EspoCRM is a free, open-source customer relationship management platform. Prior to version 9.0.8, HTML Injection in Knowledge Base (KB) articles leads to complete page defacement imitating the login…
CVE-2025-1533 2025-05-12 N/A 0.0 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other…
CVE-2025-41393 2025-05-12 MEDIUM 6.1 Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on…
CVE-2025-3496 2025-05-12 HIGH 7.5 An unauthenticated remote attacker can cause a buffer overflow which could lead to unexpected behaviour or DoS via Bluetooth or RS-232 interface.
CVE-2025-4561 2025-05-12 HIGH 8.8 The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
CVE-2025-4560 2025-05-12 MEDIUM 6.5 The ISOinsight from Netvision has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access certain system functions. These functions include viewing the administrator list, viewing and editing…
CVE-2025-4559 2025-05-12 CRITICAL 9.8 The ISOinsight from Netvision has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-3649 2025-05-12 MEDIUM 6.8 The LightPress Lightbox WordPress plugin before 2.3.4 does not check download links point to valid, non-Javascript URLs, allowing users with at least the contributor role to conduct Stored…
CVE-2025-4558 2025-05-12 CRITICAL 9.8 The GPM from WormHole Tech has an Unverified Password Change vulnerability, allowing unauthenticated remote attackers to change any user's password and use the modified password to log into…
CVE-2025-4557 2025-05-12 CRITICAL 9.1 The specific APIs of Parking Management System from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific APIs and operate system functions. These…
CVE-2025-4556 2025-05-12 CRITICAL 9.8 The web management interface of Okcat Parking Management Platform from ZONG YU has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell…
CVE-2025-4555 2025-05-12 CRITICAL 9.8 The web management interface of Okcat Parking Management Platform from ZONG YU has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access system functions. These functions…
CVE-2025-4552 2025-05-12 MEDIUM 5.4 A vulnerability has been found in ContiNew Admin up to 3.6.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/system/user/1/password. The…
CVE-2025-4551 2025-05-11 LOW 3.5 A vulnerability, which was classified as problematic, was found in ContiNew Admin up to 3.6.0. Affected is an unknown function of the file /dev-api/common/file. The manipulation of the…
CVE-2025-4542 2025-05-11 LOW 3.1 A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the…
CVE-2025-4541 2025-05-11 MEDIUM 6.3 A vulnerability classified as critical has been found in LmxCMS 1.41. Affected is the function manageZt of the file c\admin\ZtAction.class.php of the component POST Request Handler. The manipulation…
CVE-2025-4539 2025-05-11 HIGH 7.0 A vulnerability was found in Hainan ToDesk 4.7.6.3. It has been declared as critical. This vulnerability affects unknown code in the library profapi.dll of the component DLL File…
CVE-2025-4538 2025-05-11 MEDIUM 6.3 A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File…
CVE-2025-4537 2025-05-11 LOW 3.1 A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue…
CVE-2025-4536 2025-05-11 MEDIUM 5.3 A vulnerability has been found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-4535 2025-05-11 MEDIUM 5.3 A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of…
CVE-2025-4534 2025-05-11 LOW 3.7 A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The…
CVE-2025-4533 2025-05-11 LOW 2.7 A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload.…
CVE-2025-4532 2025-05-11 HIGH 7.0 A vulnerability classified as critical has been found in Shanghai Bairui Information Technology SunloginClient 15.8.3.19819. This affects an unknown part in the library process.dll of the file sunlogin_guard.exe.…
CVE-2025-4531 2025-05-11 MEDIUM 6.3 A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been rated as critical. Affected by this issue is the function postData of…
CVE-2025-4530 2025-05-11 MEDIUM 4.3 A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm 1.0. It has been declared as problematic. Affected by this vulnerability is the function handleFileDownload of the file FileController.java…
CVE-2025-4529 2025-05-11 MEDIUM 4.3 A vulnerability was found in Seeyon Zhiyuan OA Web Application System 8.1 SP2. It has been classified as problematic. Affected is the function Download of the file seeyon\opt\Seeyon\A8\ApacheJetspeed\webapps\seeyon\WEB-INF\lib\seeyon-apps-m3.jar!\com\seeyon\apps\m3\core\controller\M3CoreController.class…
CVE-2025-4528 2025-05-11 MEDIUM 4.3 A vulnerability was found in Dígitro NGC Explorer up to 3.44.15 and classified as problematic. This issue affects some unknown processing. The manipulation leads to session expiration. The…
CVE-2025-4527 2025-05-11 LOW 3.7 A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads…
CVE-2025-47828 2025-05-11 MEDIUM 6.4 Lumi H5P-Nodejs-library before 9.3.3 omits a sanitizeHtml call for plain text strings.
CVE-2025-4526 2025-05-11 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in Dígitro NGC Explorer 3.44.15. This affects an unknown part of the component Configuration Page. The manipulation leads to…
CVE-2025-4525 2025-05-10 HIGH 7.0 A vulnerability, which was classified as critical, has been found in Discord 1.0.9188 on Windows. Affected by this issue is some unknown functionality in the library WINSTA.dll. The…
CVE-2025-47817 2025-05-10 HIGH 8.8 In BlueWave Checkmate through 2.0.2 before b387eba, a profile edit request can include a role parameter.
CVE-2025-4515 2025-05-10 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown part of the file settings.yaml. The manipulation of the…
CVE-2025-4514 2025-05-10 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Zhengzhou Jiuhua Electronic Technology mayicms up to 5.8E. Affected by this issue is some unknown functionality of…
CVE-2025-4513 2025-05-10 MEDIUM 4.3 A vulnerability classified as problematic was found in Catalyst User Key Authentication Plugin 20220819 on Moodle. Affected by this vulnerability is an unknown functionality of the file /auth/userkey/logout.php…
CVE-2025-4512 2025-05-10 MEDIUM 4.3 A vulnerability classified as problematic has been found in Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7. Affected is an unknown function of the file /astre/iodasweb/app.jsp. The manipulation of the argument action leads…
CVE-2025-4511 2025-05-10 MEDIUM 6.3 A vulnerability was found in vector4wang spring-boot-quick up to 20250422. It has been rated as critical. This issue affects the function ResponseEntity of the file /spring-boot-quick-master/quick-img2txt/src/main/java/com/quick/controller/Img2TxtController.java of the…
CVE-2025-4510 2025-05-10 MEDIUM 6.3 A vulnerability was found in Changjietong UFIDA CRM 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /optnty/optntyday.php. The manipulation of the…
CVE-2023-53145 2025-05-10 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is…
CVE-2025-2158 2025-05-10 HIGH 8.8 The WordPress Review Plugin: The Ultimate Solution for Building a Review Website plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including,…
CVE-2025-2944 2025-05-10 MEDIUM 6.4 The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video Button and Countdown Widgets in all versions up to, and including,…
CVE-2025-1137 2025-05-10 HIGH 7.5 IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
CVE-2025-4495 2025-05-10 LOW 3.5 A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of…
CVE-2025-47424 2025-05-09 HIGH 7.1 Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.
« Anterior Página 1249 de 4311 Siguiente »