Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-10981 2025-09-26 MEDIUM 4.3 A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be…
CVE-2025-10980 2025-09-26 MEDIUM 4.3 A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is…
CVE-2025-56769 2025-09-25 N/A 0.0 An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via…
CVE-2025-10979 2025-09-25 MEDIUM 4.3 A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is…
CVE-2025-10978 2025-09-25 MEDIUM 4.3 A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The…
CVE-2025-10977 2025-09-25 LOW 3.1 A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization.…
CVE-2025-59408 2025-09-25 N/A 0.0 Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
CVE-2025-59404 2025-09-25 N/A 0.0 Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
CVE-2025-59402 2025-09-25 N/A 0.0 Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary…
CVE-2025-26482 2025-09-25 MEDIUM 4.9 Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…
CVE-2025-11005 2025-09-25 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TOTOLINK X6000R allows OS Command Injection.This issue affects X6000R: through V9.4.0cu.1458_B20250708.
CVE-2025-59817 2025-09-25 HIGH 8.4 This vulnerability allows attackers to execute arbitrary commands on the underlying system. Because the web portal runs with root privileges, successful exploitation grants full control over the device,…
CVE-2025-59816 2025-09-25 HIGH 7.3 This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in…
CVE-2025-59815 2025-09-25 HIGH 8.4 This vulnerability allows malicious actors to execute arbitrary commands on the underlying system of the Zenitel ICX500 and ICX510 Gateway, granting shell access. Exploitation can compromise the device’s…
CVE-2025-59814 2025-09-25 HIGH 8.8 This vulnerability allows malicious actors to gain unauthorized access to the Zenitel ICX500 and ICX510 Gateway Billing Admin endpoint, enabling them to read the entire contents of the…
CVE-2025-57632 2025-09-25 N/A 0.0 libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper…
CVE-2025-43993 2025-09-25 HIGH 7.8 Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with…
CVE-2025-43816 2025-09-25 N/A 0.0 A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2024.Q4.10,…
CVE-2025-10967 2025-09-25 HIGH 7.3 A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql…
CVE-2025-10965 2025-09-25 MEDIUM 6.3 A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllm_call of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to…
CVE-2025-10964 2025-09-25 MEDIUM 6.3 A weakness has been identified in Wavlink NU516U1. Affected by this vulnerability is the function sub_401B30 of the file /cgi-bin/firewall.cgi. This manipulation of the argument remoteManagementEnabled causes command…
CVE-2025-29157 2025-09-25 N/A 0.0 An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including…
CVE-2025-29156 2025-09-25 N/A 0.0 Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
CVE-2025-10963 2025-09-25 MEDIUM 6.3 A security flaw has been discovered in Wavlink NU516U1 M16U1_V240425. Affected is the function sub_4016F0 of the file /cgi-bin/firewall.cgi. The manipulation of the argument del_flag results in command…
CVE-2025-10962 2025-09-25 MEDIUM 6.3 A vulnerability was identified in Wavlink NU516U1 M16U1_V240425. This impacts the function sub_403198 of the file /cgi-bin/wireless.cgi of the component SetName Page. The manipulation of the argument mac_5g…
CVE-2025-60249 2025-09-25 MEDIUM 6.4 vulnerability-lookup 2.16.0 allows XSS in bundle.py, comment.py, and user.py, by a user on a vulnerability-lookup instance who can add bundles, comments, or sightings. A cross-site scripting (XSS) vulnerability…
CVE-2025-57623 2025-09-25 N/A 0.0 A NULL pointer dereference in TOTOLINK N600R firmware v4.3.0cu.7866_B2022506 allows attackers to cause a Denial of Service.
CVE-2025-48707 2025-09-25 N/A 0.0 An issue was discovered in Stormshield Network Security (SNS) before 5.0.1. TPM authentication information could, in some HA use cases, be shared among administrators, which can cause secret…
CVE-2025-29155 2025-09-25 N/A 0.0 An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint
CVE-2025-10961 2025-09-25 MEDIUM 5.5 A vulnerability was determined in Wavlink NU516U1 M16U1_V240425. This affects the function sub_4030C0 of the file /cgi-bin/wireless.cgi of the component Delete_Mac_list Page. Executing manipulation of the argument delete_list…
CVE-2025-10960 2025-09-25 MEDIUM 6.3 A vulnerability was found in Wavlink NU516U1 M16U1_V240425. The impacted element is the function sub_402D1C of the file /cgi-bin/wireless.cgi of the component DeleteMac Page. Performing manipulation of the…
CVE-2025-10959 2025-09-25 MEDIUM 6.3 A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to…
CVE-2025-10958 2025-09-25 MEDIUM 6.3 A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument…
CVE-2025-34227 2025-09-25 N/A 0.0 Nagios XI < 2026R1 is vulnerable to an authenticated command injection vulnerability within the MongoDB Database, MySQL Query, MySQL Server, Postgres Server, and Postgres Query wizards. It is…
CVE-2025-10880 2025-09-25 N/A 0.0 All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to extract the proprietary "Dingtian Binary" protocol password by sending…
CVE-2025-10879 2025-09-25 N/A 0.0 All versions of Dingtian DT-R002 are vulnerable to an Insufficiently Protected Credentials vulnerability that could allow an attacker to retrieve the current user's username without authentication.
CVE-2025-60019 2025-09-25 LOW 3.7 glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory…
CVE-2025-60018 2025-09-25 MEDIUM 4.8 glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.
CVE-2025-59841 2025-09-25 CRITICAL 9.8 Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue…
CVE-2025-57446 2025-09-25 N/A 0.0 An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the…
CVE-2025-20362 2025-09-25 MEDIUM 6.5 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated,…
CVE-2025-20333 2025-09-25 CRITICAL 9.9 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated,…
CVE-2025-20363 2025-09-25 CRITICAL 9.0 A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE…
CVE-2025-60033 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60032 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60031 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60030 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60029 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60028 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60027 2025-09-26 N/A 0.0 Rejected reason: Not used
« Anterior Página 140 de 3649 Siguiente »