Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-63460	2025-10-31	N/A	0.0	Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-59501	2025-10-31	MEDIUM	4.8	Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
CVE-2025-63467	2025-10-31	N/A	0.0	Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63466	2025-10-31	N/A	0.0	Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-12554	2025-10-31	N/A	0.0	Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12553	2025-10-31	N/A	0.0	Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-60749	2025-10-31	HIGH	7.8	DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
CVE-2025-12552	2025-10-31	N/A	0.0	Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12509	2025-10-31	HIGH	8.4	On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
CVE-2025-12508	2025-10-31	HIGH	8.4	When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
CVE-2025-12507	2025-10-31	HIGH	8.8	The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
CVE-2025-12357	2025-10-31	HIGH	8.3	By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with…
CVE-2025-64389	2025-10-31	N/A	0.0	The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
CVE-2025-64388	2025-10-31	N/A	0.0	Denial of service of the web server through specific requests to this protocol
CVE-2025-64387	2025-10-31	N/A	0.0	The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in…
CVE-2025-64385	2025-10-31	N/A	0.0	The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can…
CVE-2025-64168	2025-10-31	HIGH	7.1	Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or…
CVE-2025-12501	2025-10-31	HIGH	7.5	Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in…
CVE-2025-64386	2025-10-31	N/A	0.0	The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will…
CVE-2025-62232	2025-10-31	HIGH	7.5	Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This…
CVE-2025-52665	2025-10-31	CRITICAL	10.0	A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.…
CVE-2025-12521	2025-10-31	MEDIUM	5.3	The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes…
CVE-2025-12460	2025-10-31	N/A	0.0	An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img…
CVE-2025-11191	2025-10-31	MEDIUM	5.3	The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.
CVE-2021-47692	2025-10-30	N/A	0.0	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of https://www.cve.org/CVERecord?id=CVE-2021-33179 .
CVE-2025-4952	2025-10-31	N/A	0.0	Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the…
CVE-2025-36249	2025-10-31	LOW	3.7	IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie…
CVE-2025-33003	2025-10-31	HIGH	7.8	IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
CVE-2024-13992	2025-10-31	N/A	0.0	Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from…
CVE-2025-48984	2025-10-31	HIGH	8.8	A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.
CVE-2025-64365	2025-10-31	N/A	0.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in colabrio Ohio Extra ohio-extra allows DOM-Based XSS.This issue affects Ohio Extra: from n/a through
CVE-2025-64364	2025-10-31	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Masterstudy masterstudy allows PHP Local File Inclusion.This issue affects Masterstudy: from…
CVE-2025-64363	2025-10-31	N/A	0.0	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeventhQueen Kleo kleo allows PHP Local File Inclusion.This issue affects Kleo: from…
CVE-2025-11602	2025-10-31	N/A	0.0	Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no…
CVE-2025-40106	2025-10-31	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking…
CVE-2025-12115	2025-10-31	HIGH	7.5	The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price alteration in all versions up to, and including, 2.1.9. This is due to…
CVE-2025-12041	2025-10-31	MEDIUM	5.3	The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'erifl_file' AJAX action in all versions…
CVE-2025-11843	2025-10-31	N/A	0.0	Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premises contain an account impersonation vulnerability. A malicious user may potentially be able to impersonate the…
CVE-2025-8383	2025-10-31	MEDIUM	4.3	The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation…
CVE-2025-30191	2025-10-31	MEDIUM	5.4	Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party…
CVE-2025-30189	2025-10-31	HIGH	7.4	When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login,…
CVE-2025-30188	2025-10-31	HIGH	7.5	Malicious or unintentional API requests can be used to add significant amount of data to caches. Caches may evict information that is required to operate the web frontend,…
CVE-2025-12175	2025-10-31	MEDIUM	4.3	The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tec_qr_code_modal' AJAX endpoint in all versions up to,…
CVE-2025-12094	2025-10-31	MEDIUM	5.3	The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including,…
CVE-2025-8385	2025-10-31	MEDIUM	6.8	The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zf_get_file_by_url…
CVE-2025-6520	2025-10-31	CRITICAL	9.8	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606.
CVE-2025-10897	2025-10-31	HIGH	8.6	The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers…
CVE-2025-8489	2025-10-31	CRITICAL	9.8	The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 .…
CVE-2025-7846	2025-10-31	HIGH	8.8	The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the save_fields() function in all versions up…
CVE-2025-5397	2025-10-31	CRITICAL	9.8	The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.8.1. This is due to the check_login() function not properly…

« Anterior Página 20 de 3627 Siguiente »