Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-42985 2025-07-08 MEDIUM 6.1 Due to insufficient sanitization in the SAP BusinessObjects Content Administrator Workbench, attackers could craft malicious URLs and execute scripts in…
CVE-2025-42981 2025-07-08 MEDIUM 6.1 Due to an open redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft a URL link…
CVE-2025-42980 2025-07-08 CRITICAL 9.1 SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable when a privileged user can upload untrusted or malicious content which,…
CVE-2025-42979 2025-07-08 MEDIUM 5.6 The GuiXT application, which is integrated with SAP GUI for Windows, uses obfuscation algorithms instead of secure symmetric ciphers for…
CVE-2025-42978 2025-07-08 LOW 3.5 The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the…
CVE-2025-42974 2025-07-08 MEDIUM 4.3 Due to missing authorization check, an attacker authenticated as a non-administrative user could call a remote-enabled function module. This could…
CVE-2025-42973 2025-07-08 MEDIUM 5.4 Due to a Cross-Site Scripting vulnerability in SAP Data Services Management Console, an authenticated attacker could exploit the search functionality…
CVE-2025-42971 2025-07-08 MEDIUM 4.0 A memory corruption vulnerability exists in SAPCAR allowing an attacker to craft malicious SAPCAR archives. When a high privileged victim…
CVE-2025-42970 2025-07-08 MEDIUM 5.8 SAPCAR improperly sanitizes the file paths while extracting SAPCAR archives. Due to this, an attacker could craft a malicious SAPCAR…
CVE-2025-42969 2025-07-08 MEDIUM 6.1 SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to inject a malicious script into a dynamically…
CVE-2025-42968 2025-07-08 MEDIUM 5.0 SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information…
CVE-2025-42967 2025-07-08 CRITICAL 9.9 SAP S/4HANA and SAP SCM Characteristic Propagation has remote code execution vulnerability. This allows an attacker with user level privileges…
CVE-2025-42966 2025-07-08 CRITICAL 9.1 SAP NetWeaver XML Data Archiving Service allows an authenticated attacker with administrative privileges to exploit an insecure Java deserialization vulnerability…
CVE-2025-42965 2025-07-08 MEDIUM 4.1 SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source…
CVE-2025-42964 2025-07-08 CRITICAL 9.1 SAP NetWeaver Enterprise Portal Administration is vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized,…
CVE-2025-42963 2025-07-08 CRITICAL 9.1 A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java…
CVE-2025-42962 2025-07-08 MEDIUM 6.1 SAP Business Warehouse (Business Explorer Web) allows an attacker to create a malicious link. If an authenticated user clicks on…
CVE-2025-42961 2025-07-08 MEDIUM 4.9 Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could…
CVE-2025-42960 2025-07-08 MEDIUM 4.3 SAP Business Warehouse and SAP BW/4HANA BEx Tools allow an authenticated attacker to gain higher access levels than intended by…
CVE-2025-42959 2025-07-08 HIGH 8.1 An unauthenticated attacker may exploit a scenario where a Hashed Message Authentication Code (HMAC) credential, extracted from a system missing…
CVE-2025-42954 2025-07-08 LOW 2.7 SAP NetWeaver Business Warehouse CCAW application allows a privileged attacker to cause a high CPU load by executing a RFC…
CVE-2025-42953 2025-07-08 HIGH 8.1 SAP Netweaver System Configuration does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This…
CVE-2025-42952 2025-07-08 HIGH 7.7 SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to add fields to arbitrary SAP database tables and/or…
CVE-2025-31326 2025-07-08 MEDIUM 4.1 SAP�BusinessObjects Business�Intelligence Platform (Web Intelligence) is vulnerable to HTML Injection, allowing an attacker with basic user privileges to inject malicious…
CVE-2025-7135 2025-07-07 HIGH 7.3 A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects…
CVE-2025-53527 2025-07-07 N/A 0.0 WeGIA is a web manager for charitable institutions. A Time-Based Blind SQL Injection vulnerability was discovered in the almox parameter…
CVE-2025-53377 2025-07-07 N/A 0.0 WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint…
CVE-2025-53617 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53616 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53615 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53614 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53613 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53612 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53611 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53610 2025-07-08 N/A 0.0 Rejected reason: Not used
CVE-2025-53497 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RelatedArticles Extension…
CVE-2025-7057 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Quiz Extension…
CVE-2025-53491 2025-07-07 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - FlaggedRevs Extension…
CVE-2025-53487 2025-07-07 MEDIUM 5.4 The ApprovedRevs extension for MediaWiki is vulnerable to stored XSS in multiple locations where system messages are inserted into raw…
CVE-2025-53486 2025-07-07 MEDIUM 5.4 The WikiCategoryTagCloud extension is vulnerable to reflected XSS via the linkstyle attribute, which is improperly concatenated into inline HTML without…
CVE-2025-7139 2025-07-07 LOW 2.4 A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects…
CVE-2025-7138 2025-07-07 MEDIUM 6.3 A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been declared as critical. This vulnerability affects…
CVE-2025-53536 2025-07-07 HIGH 8.1 Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with…
CVE-2025-53535 2025-07-07 N/A 0.0 Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware…
CVE-2025-20325 2025-07-07 LOW 3.1 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119,…
CVE-2025-20324 2025-07-07 MEDIUM 5.4 In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119,…
CVE-2025-20323 2025-07-07 MEDIUM 4.3 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or…
CVE-2025-20322 2025-07-07 MEDIUM 4.3 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119,…
CVE-2025-20321 2025-07-07 MEDIUM 6.5 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119,…
CVE-2025-24508 2025-07-07 MEDIUM 6.4 Extraction of Account Connectivity Credentials (ACCs) from the IT Management Agent secure storage
« Anterior Página 191 de 3484 Siguiente »