Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-15454 2026-01-05 LOW 3.1 A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results…
CVE-2025-15453 2026-01-05 MEDIUM 6.3 A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation…
CVE-2025-15452 2026-01-05 LOW 2.4 A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a…
CVE-2025-15451 2026-01-05 LOW 2.4 A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System…
CVE-2025-15450 2026-01-05 MEDIUM 6.3 A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName…
CVE-2025-5591 2026-01-05 N/A 0.0 Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim user’s session and perform actions in…
CVE-2025-15449 2026-01-05 MEDIUM 5.4 A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal.…
CVE-2025-15448 2026-01-05 MEDIUM 6.3 A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible…
CVE-2025-15446 2026-01-04 HIGH 7.3 A flaw has been found in Seeyon Zhiyuan OA Web Application System up to 20251223. The impacted element is an unknown function of the file /assetsGroupReport/fixedAssetsList.j%73p. Executing a…
CVE-2026-0579 2026-01-04 HIGH 7.3 A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation…
CVE-2026-0578 2026-01-04 HIGH 7.3 A vulnerability has been found in code-projects Online Product Reservation System 1.0. Affected by this issue is some unknown functionality of the file /handgunner-administrator/delete.php. The manipulation of the…
CVE-2025-15443 2026-01-04 MEDIUM 4.7 A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. Such manipulation of the argument cate_id leads to sql…
CVE-2025-15442 2026-01-04 MEDIUM 4.7 A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. This manipulation of the argument cate_id causes sql injection. The…
CVE-2026-0577 2026-01-04 MEDIUM 6.3 A flaw has been found in code-projects Online Product Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /handgunner-administrator/prod.php. Executing manipulation can lead…
CVE-2025-14830 2026-01-04 MEDIUM 4.9 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JFrog Artifactory (Workers) allows Cross-Site Scripting (XSS).This issue affects Artifactory (Workers): from >=7.94.0 through
CVE-2026-0576 2026-01-04 HIGH 7.3 A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing manipulation of…
CVE-2026-0575 2026-01-04 HIGH 7.3 A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. This impacts an unknown function of the file /handgunner-administrator/adminlogin.php of the component Administrator Login. Such…
CVE-2026-0574 2026-01-04 MEDIUM 6.3 A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function saveUserRole of the file warehouse\src\main\java\com\yeqifu\sys\controller\UserController.java of the component Request Handler. This manipulation causes…
CVE-2025-3660 2026-01-04 MEDIUM 6.5 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing…
CVE-2025-3654 2026-01-04 MEDIUM 5.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers…
CVE-2025-3653 2026-01-04 HIGH 7.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification.…
CVE-2025-3652 2026-01-04 MEDIUM 5.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and…
CVE-2025-3646 2026-01-04 HIGH 7.3 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by…
CVE-2025-15115 2026-01-04 MEDIUM 6.5 Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation…
CVE-2026-21652 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21651 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21650 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21649 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21648 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21647 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21646 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21645 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21644 2026-01-03 N/A 0.0 Rejected reason: Not used
CVE-2026-21484 2026-01-03 MEDIUM 5.3 AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint…
CVE-2025-64125 2026-01-03 N/A 0.0 A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do…
CVE-2025-64124 2026-01-03 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller…
CVE-2025-64123 2026-01-02 N/A 0.0 Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
CVE-2025-64122 2026-01-02 N/A 0.0 Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.
CVE-2025-64121 2026-01-02 N/A 0.0 Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Authentication Bypass.This issue affects Multi-Stack Controller (MSC): from 2.3.8 before 2.5.1.
CVE-2025-64120 2026-01-02 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller…
CVE-2025-64119 2026-01-02 N/A 0.0 A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affects Battery Management System: through 2.3.9.
CVE-2025-14072 2026-01-02 MEDIUM 5.3 The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.
CVE-2025-13456 2026-01-02 MEDIUM 6.1 The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could…
CVE-2025-13153 2026-01-02 MEDIUM 6.1 The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users…
CVE-2025-12685 2026-01-02 MEDIUM 6.5 The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
CVE-2026-21483 2026-01-02 N/A 0.0 listmonk is a standalone, self-hosted, newsletter and mailing list manager. Prior to version 6.0.0, lower-privileged user with campaign management permissions can inject malicious JavaScript into campaigns or templates.…
CVE-2026-21452 2026-01-02 HIGH 7.5 MessagePack for Java is a serializer implementation for Java. A denial-of-service vulnerability exists in versions prior to 0.9.11 when deserializing .msgpack files containing EXT32 objects with attacker-controlled payload…
CVE-2026-21451 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. A stored Cross-Site Scripting (XSS) vulnerability exists in Bagisto prior to version 2.3.10 within the CMS page editor. Although the…
CVE-2026-21450 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution…
CVE-2026-21449 2026-01-02 N/A 0.0 Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via first name and last name from a low-privilege user.…
« Anterior Página 135 de 3934 Siguiente »