Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-63948 2025-12-18 MEDIUM 5.4 A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information…
CVE-2025-63947 2025-12-18 MEDIUM 5.4 A Reflected Cross-Site Scripting (XSS) vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary web script or HTML via the dbname parameter…
CVE-2025-62004 2025-12-18 MEDIUM 6.2 BullWall Server Intrusion Protection services are initialized after login services. An authenticated attacker with administrative permissions can log in after boot and bypass MFA. SIP service does not…
CVE-2025-62003 2025-12-18 MEDIUM 6.2 BullWall Server Intrusion Protection has a noticeable delay before the MFA check when connecting via RDP. A remote authenticated attacker with administrative privileges can potentially bypass detection during…
CVE-2025-62002 2025-12-18 MEDIUM 4.3 BullWall Ransomware Containment relies on the number of file modifications to trigger detection. An authenticated attacker could encrypt a single large file without triggering a detection alert. Versions…
CVE-2025-62001 2025-12-18 HIGH 8.8 BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not monitored. An attacker with file write permissions could bypass detection by renaming a directory. Versions…
CVE-2025-62000 2025-12-18 HIGH 7.1 BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the…
CVE-2025-59529 2025-12-18 MEDIUM 5.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server…
CVE-2025-53710 2025-12-18 HIGH 7.5 Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in…
CVE-2025-46268 2025-12-18 MEDIUM 6.3 Advantech WebAccess/SCADA  is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVE-2025-14850 2025-12-18 HIGH 8.1 Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
CVE-2025-14849 2025-12-18 HIGH 8.8 Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CVE-2025-14848 2025-12-18 MEDIUM 4.3 Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
CVE-2025-13911 2025-12-18 MEDIUM 6.4 The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python…
CVE-2025-67048 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67039. Reason: This record is a reservation duplicate of CVE-2025-67039. Notes: All CVE users should reference CVE-2025-67039 instead of…
CVE-2025-67047 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67036. Reason: This record is a reservation duplicate of CVE-2025-67036. Notes: All CVE users should reference CVE-2025-67036 instead of…
CVE-2025-67046 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67037. Reason: This record is a reservation duplicate of CVE-2025-67037. Notes: All CVE users should reference CVE-2025-67037 instead of…
CVE-2025-67045 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67041. Reason: This record is a reservation duplicate of CVE-2025-67041. Notes: All CVE users should reference CVE-2025-67041 instead of…
CVE-2025-67044 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67035. Reason: This record is a reservation duplicate of CVE-2025-67035. Notes: All CVE users should reference CVE-2025-67035 instead of…
CVE-2025-67043 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67038. Reason: This record is a reservation duplicate of CVE-2025-67038. Notes: All CVE users should reference CVE-2025-67038 instead of…
CVE-2025-68491 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68490 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68489 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68488 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68487 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68486 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68485 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68484 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68483 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2023-53944 2025-12-18 MEDIUM 6.5 EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can…
CVE-2023-53943 2025-12-18 MEDIUM 5.3 GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting…
CVE-2023-53942 2025-12-18 HIGH 8.8 File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom…
CVE-2023-53939 2025-12-18 MEDIUM 5.4 TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with…
CVE-2023-53938 2025-12-18 MEDIUM 5.4 RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted…
CVE-2025-67163 2025-12-18 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum…
CVE-2025-64375 2025-12-18 MEDIUM 6.5 Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through
CVE-2025-64374 2025-12-18 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through
CVE-2025-64270 2025-12-18 MEDIUM 6.5 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from…
CVE-2025-64268 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through
CVE-2025-64258 2025-12-18 HIGH 7.5 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog…
CVE-2025-64222 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through
CVE-2025-64218 2025-12-18 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through
CVE-2025-64214 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-64192 2025-12-18 MEDIUM 6.3 Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
CVE-2023-53737 2025-12-18 MEDIUM 4.6 A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts…
CVE-2025-43428 2025-12-17 CRITICAL 9.8 A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos…
CVE-2025-43475 2025-12-17 MEDIUM 5.5 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
CVE-2025-43514 2025-12-17 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
CVE-2025-43526 2025-12-17 CRITICAL 9.8 This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened…
CVE-2025-6326 2025-12-18 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from…
« Anterior Página 190 de 3934 Siguiente »