Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54298 2025-07-28 N/A 0.0 A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
CVE-2025-50492 2025-07-28 HIGH 7.5 Improper session invalidation in the component /edms/change-password.php of PHPGurukul e-Diary Management System v1 allows attackers to execute a session hijacking…
CVE-2025-50491 2025-07-28 HIGH 7.1 Improper session invalidation in the component /banker/change-password.php of PHPGurukul Bank Locker Management System v1 allows attackers to execute a session…
CVE-2025-50489 2025-07-28 HIGH 7.5 Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session…
CVE-2025-50488 2025-07-28 HIGH 7.1 Improper session invalidation in the component /library/change-password.php of PHPGurukul Online Library Management System v3.0 allows attackers to execute a session…
CVE-2025-43023 2025-07-28 N/A 0.0 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software documentation. This potential vulnerability is…
CVE-2025-7676 2025-07-28 N/A 0.0 DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute…
CVE-2025-54538 2025-07-28 MEDIUM 5.5 In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
CVE-2025-54537 2025-07-28 MEDIUM 5.5 In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
CVE-2025-54536 2025-07-28 MEDIUM 5.4 In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
CVE-2025-54535 2025-07-28 MEDIUM 5.8 In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
CVE-2025-54534 2025-07-28 MEDIUM 4.8 In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
CVE-2025-54533 2025-07-28 MEDIUM 4.3 In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
CVE-2025-54532 2025-07-28 MEDIUM 4.3 In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
CVE-2025-54531 2025-07-28 HIGH 7.7 In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
CVE-2025-54530 2025-07-28 HIGH 7.5 In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
CVE-2025-54529 2025-07-28 LOW 3.7 In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
CVE-2025-54528 2025-07-28 MEDIUM 5.4 In JetBrains TeamCity before 2025.07 a CSRF was possible in GitHub App connection flow
CVE-2025-54527 2025-07-28 MEDIUM 6.1 In JetBrains YouTrack before 2025.2.86935, 2025.2.87167, 2025.3.87341, 2025.3.87344 improper iframe configuration in widget sandbox allows popups to bypass security restrictions
CVE-2025-50494 2025-07-28 HIGH 7.5 Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Car Washing Management System v1.0 allows attackers to execute a session…
CVE-2025-50493 2025-07-28 HIGH 7.5 Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session…
CVE-2025-50490 2025-07-28 HIGH 7.5 Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session…
CVE-2025-6250 2025-07-28 N/A 0.0 Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypassing…
CVE-2025-2297 2025-07-28 N/A 0.0 Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into…
CVE-2024-49343 2025-07-28 MEDIUM 5.4 IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code,…
CVE-2024-49342 2025-07-28 HIGH 7.5 IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to…
CVE-2025-54666 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54665 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54664 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54663 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54662 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54661 2025-07-29 N/A 0.0 Rejected reason: Not used
CVE-2025-54418 2025-07-28 CRITICAL 9.8 CodeIgniter is a PHP full-stack web framework. A command injection vulnerability present in versions prior to 4.6.2 affects applications that…
CVE-2025-53696 2025-07-28 N/A 0.0 iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These…
CVE-2025-30125 2025-07-28 N/A 0.0 An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. All dashcams were shipped with the same default credentials…
CVE-2025-8279 2025-07-28 HIGH 8.7 Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution
CVE-2025-53695 2025-07-28 N/A 0.0 OS Command Injection in iSTAR Ultra products web application allows an authenticated attacker to gain even more privileged access ('root'…
CVE-2025-8242 2025-07-27 HIGH 8.8 A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the…
CVE-2025-32731 2025-07-28 MEDIUM 6.1 A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted…
CVE-2025-30133 2025-07-28 N/A 0.0 An issue was discovered on IROAD Dashcam FX2 devices. Bypass of Device Pairing/Registration can occur. It requires device registration via…
CVE-2025-30126 2025-07-28 N/A 0.0 An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Via port 7777 without any need to pair or…
CVE-2025-30124 2025-07-28 N/A 0.0 An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. When a new SD card is inserted into the…
CVE-2025-27724 2025-07-28 CRITICAL 9.3 A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file…
CVE-2025-26469 2025-07-28 CRITICAL 9.3 An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can…
CVE-2025-24485 2025-07-28 MEDIUM 5.8 A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request…
CVE-2025-8275 2025-07-28 MEDIUM 5.3 A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by…
CVE-2025-54569 2025-07-28 MEDIUM 4.5 In Malwarebytes Binisoft Windows Firewall Control before 6.16.0.0, the installer is vulnerable to local privilege escalation.
CVE-2025-4056 2025-07-28 LOW 3.7 A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to…
CVE-2025-8274 2025-07-28 HIGH 7.3 A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an…
CVE-2025-5997 2025-07-28 HIGH 8.8 Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse.This issue affects PhishPro: before 7.5.4.2.
« Anterior Página 13 de 3361 Siguiente »