Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-68562	2025-12-29	CRITICAL	9.9	Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through 8.7.3.
CVE-2025-68504	2025-12-29	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSearch allows DOM-Based XSS.This issue affects JetSearch: from n/a through 3.5.16.
CVE-2025-68503	2025-12-29	MEDIUM	6.5	Missing Authorization vulnerability in Crocoblock JetBlog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetBlog: from n/a through 2.4.7.
CVE-2025-68502	2025-12-29	MEDIUM	4.3	Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetPopup: from n/a through 2.0.20.1.
CVE-2025-69205	2025-12-29	MEDIUM	6.3	Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation…
CVE-2025-15205	2025-12-29	MEDIUM	6.3	A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument…
CVE-2024-27480	2025-12-29	N/A	0.0	givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload.
CVE-2025-13958	2025-12-29	MEDIUM	5.9	The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the…
CVE-2025-13417	2025-12-29	HIGH	8.6	The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform SQL injection attacks.
CVE-2024-25182	2025-12-29	N/A	0.0	givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
CVE-2025-69202	2025-12-29	N/A	0.0	Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached…
CVE-2025-14175	2025-12-29	N/A	0.0	A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation…
CVE-2024-30855	2025-12-29	N/A	0.0	DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.
CVE-2025-68706	2025-12-29	N/A	0.0	A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied…
CVE-2025-68431	2025-12-29	MEDIUM	6.5	libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap…
CVE-2025-67255	2025-12-29	N/A	0.0	In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
CVE-2025-67254	2025-12-29	N/A	0.0	NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
CVE-2025-15201	2025-12-29	LOW	3.5	A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting.…
CVE-2025-15200	2025-12-29	LOW	2.4	A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting.…
CVE-2025-15199	2025-12-29	MEDIUM	6.3	A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image…
CVE-2025-14728	2025-12-29	MEDIUM	6.8	Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore…
CVE-2025-14280	2025-12-29	MEDIUM	5.3	The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible…
CVE-2025-13592	2025-12-29	HIGH	7.2	The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers…
CVE-2025-68861	2025-12-29	HIGH	7.1	Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.
CVE-2025-55064	2025-12-29	MEDIUM	4.8	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55063	2025-12-29	MEDIUM	4.8	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55062	2025-12-29	MEDIUM	4.8	CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55061	2025-12-29	HIGH	8.8	CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-55060	2025-12-29	MEDIUM	6.1	CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-15198	2025-12-29	HIGH	7.3	A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User…
CVE-2025-69206	2025-12-29	MEDIUM	4.3	Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook…
CVE-2025-68870	2025-12-29	HIGH	7.5	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint…
CVE-2025-68868	2025-12-29	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a…
CVE-2025-66869	2025-12-29	N/A	0.0	Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
CVE-2025-66866	2025-12-29	N/A	0.0	An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66865	2025-12-29	N/A	0.0	An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66864	2025-12-29	N/A	0.0	An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66863	2025-12-29	N/A	0.0	An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66862	2025-12-29	N/A	0.0	A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66861	2025-12-29	N/A	0.0	An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
CVE-2025-53627	2025-12-29	MEDIUM	5.3	Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is…
CVE-2025-65442	2025-12-29	MEDIUM	6.1	DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted…
CVE-2025-60458	2025-12-29	MEDIUM	6.5	UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory…
CVE-2025-57462	2025-12-29	MEDIUM	6.1	Reflected Cross site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
CVE-2025-52691	2025-12-29	CRITICAL	10.0	Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVE-2025-15197	2025-12-29	MEDIUM	4.7	A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument…
CVE-2025-15196	2025-12-29	HIGH	7.3	A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection.…
CVE-2025-15195	2025-12-29	HIGH	7.3	A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes…
CVE-2025-15168	2025-12-29	HIGH	7.3	A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql…
CVE-2025-15150	2025-12-28	MEDIUM	5.3	A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer…

« Anterior Página 165 de 3934 Siguiente »