Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57462 2025-12-29 MEDIUM 6.1 Reflected Cross site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
CVE-2025-52691 2025-12-29 CRITICAL 10.0 Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVE-2025-15197 2025-12-29 MEDIUM 4.7 A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument…
CVE-2025-15196 2025-12-29 HIGH 7.3 A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection.…
CVE-2025-15195 2025-12-29 HIGH 7.3 A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes…
CVE-2025-15168 2025-12-29 HIGH 7.3 A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql…
CVE-2025-15150 2025-12-28 MEDIUM 5.3 A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer…
CVE-2025-69211 2025-12-29 N/A 0.0 Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it…
CVE-2025-69201 2025-12-29 N/A 0.0 Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes…
CVE-2025-69200 2025-12-29 HIGH 7.5 phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup`…
CVE-2025-68951 2025-12-29 MEDIUM 5.4 phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in…
CVE-2025-68897 2025-12-29 CRITICAL 9.9 Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2.
CVE-2025-68893 2025-12-29 MEDIUM 4.9 Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.
CVE-2025-68879 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5.
CVE-2025-68878 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.
CVE-2025-68877 2025-12-29 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue…
CVE-2025-68876 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.
CVE-2025-56333 2025-12-29 N/A 0.0 An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
CVE-2025-15194 2025-12-29 CRITICAL 9.8 A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler.…
CVE-2025-68929 2025-12-29 CRITICAL 9.0 Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link.…
CVE-2025-68928 2025-12-29 MEDIUM 5.4 Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing…
CVE-2025-65570 2025-12-29 N/A 0.0 A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand…
CVE-2025-15193 2025-12-29 HIGH 8.8 A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer…
CVE-2025-15192 2025-12-29 MEDIUM 6.3 A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument…
CVE-2025-57460 2025-12-29 N/A 0.0 File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
CVE-2025-15191 2025-12-29 MEDIUM 6.3 A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url…
CVE-2025-15190 2025-12-29 HIGH 8.8 A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results…
CVE-2025-15189 2025-12-29 HIGH 8.8 A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to…
CVE-2025-15188 2025-12-29 LOW 2.4 A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata…
CVE-2025-15187 2025-12-29 LOW 3.8 A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument…
CVE-2025-15186 2025-12-29 HIGH 7.3 A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the…
CVE-2025-15185 2025-12-29 HIGH 7.3 A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the…
CVE-2025-15184 2025-12-29 HIGH 7.3 A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in…
CVE-2025-15183 2025-12-29 HIGH 7.3 A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid…
CVE-2025-15182 2025-12-29 HIGH 7.3 A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can…
CVE-2025-15181 2025-12-29 HIGH 7.3 A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the…
CVE-2025-15180 2025-12-29 HIGH 7.2 A vulnerability was identified in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/webExcptypemanFilte of the component HTTP Request Handler. Such manipulation of…
CVE-2025-15228 2025-12-29 CRITICAL 9.8 BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on…
CVE-2025-15227 2025-12-29 HIGH 7.5 BPMFlowWebkit developed by WELLTEND TECHNOLOGY has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2025-15179 2025-12-29 HIGH 7.2 A vulnerability was determined in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/qossetting. This manipulation of the argument page causes stack-based buffer overflow. The…
CVE-2025-15178 2025-12-29 HIGH 7.2 A vulnerability was found in Tenda WH450 1.0.0.18. This issue affects some unknown processing of the file /goform/VirtualSer of the component HTTP Request Handler. The manipulation of the…
CVE-2025-15226 2025-12-29 CRITICAL 9.8 WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the…
CVE-2025-15225 2025-12-29 HIGH 7.5 WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
CVE-2025-15177 2025-12-29 HIGH 7.2 A vulnerability has been found in Tenda WH450 1.0.0.18. This vulnerability affects unknown code of the file /goform/SetIpBind of the component HTTP Request Handler. The manipulation of the…
CVE-2025-15176 2025-12-29 MEDIUM 5.3 A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing…
CVE-2025-15175 2025-12-29 LOW 3.5 A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site…
CVE-2025-15174 2025-12-29 LOW 3.5 A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to…
CVE-2025-15070 2025-12-29 MEDIUM 5.5 Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: from 3.0 before 4.0.
CVE-2025-15069 2025-12-29 HIGH 7.1 Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 4.0.
CVE-2025-15068 2025-12-29 HIGH 7.7 Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 4.0.
« Anterior Página 166 de 3934 Siguiente »