Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-67450 2025-12-26 HIGH 7.8 Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has…
CVE-2025-59888 2025-12-26 MEDIUM 6.7 Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system.…
CVE-2025-59887 2025-12-26 HIGH 8.6 Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package.…
CVE-2025-62578 2025-12-26 N/A 0.0 DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
CVE-2025-8075 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is…
CVE-2025-68946 2025-12-26 MEDIUM 5.4 In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
CVE-2025-52601 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption…
CVE-2025-52600 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input…
CVE-2025-52599 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The…
CVE-2025-52598 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform…
CVE-2025-68945 2025-12-26 MEDIUM 5.8 In Gitea before 1.21.2, an anonymous user can visit a private user's project.
CVE-2025-68944 2025-12-26 MEDIUM 5.0 Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
CVE-2025-68943 2025-12-26 MEDIUM 5.3 Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
CVE-2025-68942 2025-12-26 MEDIUM 5.4 Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
CVE-2025-68941 2025-12-26 MEDIUM 4.9 Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
CVE-2025-68940 2025-12-26 LOW 3.1 In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVE-2025-68939 2025-12-26 HIGH 8.2 Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVE-2025-15098 2025-12-26 MEDIUM 6.3 A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can…
CVE-2025-15097 2025-12-26 HIGH 7.3 A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is…
CVE-2025-15095 2025-12-26 LOW 3.5 A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting.…
CVE-2025-68938 2025-12-26 MEDIUM 4.3 Gitea before 1.25.2 mishandles authorization for deletion of releases.
CVE-2025-15094 2025-12-26 MEDIUM 4.3 A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing…
CVE-2025-68937 2025-12-26 N/A 0.0 Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is…
CVE-2025-14913 2025-12-26 MEDIUM 5.3 The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on…
CVE-2025-15090 2025-12-25 HIGH 8.8 A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results…
CVE-2025-15089 2025-12-25 HIGH 8.8 A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads…
CVE-2025-14820 2025-12-25 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-14715 2025-12-25 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-15088 2025-12-25 MEDIUM 6.3 A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord…
CVE-2025-15087 2025-12-25 MEDIUM 4.3 A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper…
CVE-2025-15086 2025-12-25 MEDIUM 4.3 A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be…
CVE-2025-68936 2025-12-25 MEDIUM 6.4 ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVE-2025-68935 2025-12-25 MEDIUM 6.4 ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVE-2025-15085 2025-12-25 MEDIUM 4.3 A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in…
CVE-2025-15084 2025-12-25 LOW 3.1 A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads…
CVE-2025-15083 2025-12-25 LOW 2.0 A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to…
CVE-2025-15082 2025-12-25 MEDIUM 5.3 A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation…
CVE-2025-15081 2025-12-25 MEDIUM 6.3 A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to…
CVE-2025-2406 2025-12-25 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting…
CVE-2025-2405 2025-12-25 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Titarus allows Cross-Site Scripting…
CVE-2025-2307 2025-12-25 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Aidango allows Cross-Site Scripting…
CVE-2025-66443 2025-12-25 HIGH 7.5 Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger…
CVE-2025-66379 2025-12-25 HIGH 7.5 Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in…
CVE-2025-66378 2025-12-25 MEDIUM 5.9 Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
CVE-2025-66377 2025-12-25 HIGH 7.5 Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node…
CVE-2025-59683 2025-12-25 HIGH 8.2 Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows…
CVE-2025-49088 2025-12-25 MEDIUM 5.9 Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service,…
CVE-2025-48704 2025-12-25 HIGH 7.5 Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
CVE-2025-32096 2025-12-25 HIGH 7.5 Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
CVE-2025-32095 2025-12-25 HIGH 7.5 Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a…
« Anterior Página 169 de 3934 Siguiente »