Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-65778	2025-12-15	N/A	0.0	An issue was discovered in Wekan The Open Source kanban board system up to version 18.15, fixed in 18.16. Uploaded attachments can be served with attacker-controlled Content-Type (text/html),…
CVE-2025-65431	2025-12-15	N/A	0.0	An issue was discovered in allauth-django before 65.13.0. Both Okta and NetIQ were using preferred_username as the identifier for third-party provider accounts. That value may be mutable and…
CVE-2025-65430	2025-12-15	MEDIUM	5.4	An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as is_active=False after having handed tokens for that user while the account was still active had…
CVE-2025-37732	2025-12-15	MEDIUM	5.4	Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload…
CVE-2025-37731	2025-12-15	MEDIUM	6.8	Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate…
CVE-2025-14714	2025-12-15	N/A	0.0	An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application…
CVE-2025-11670	2025-12-15	MEDIUM	6.4	Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.
CVE-2025-14711	2025-12-15	HIGH	7.3	A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes…
CVE-2025-14710	2025-12-15	HIGH	7.3	A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in…
CVE-2025-14709	2025-12-15	CRITICAL	9.8	A security vulnerability has been detected in Shiguangwu sgwbox N3 2.0.25. Affected by this issue is some unknown functionality of the file /usr/sbin/http_eshell_server of the component WIRELESSCFGGET Interface.…
CVE-2025-14708	2025-12-15	CRITICAL	9.8	A weakness has been identified in Shiguangwu sgwbox N3 2.0.25. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/http_eshell_server of the component WIREDCFGGET Interface. Executing…
CVE-2025-14022	2025-12-15	HIGH	7.7	LINE client for iOS prior to 15.4 allows man-in-the-middle attacks due to improper SSL/TLS certificate validation in an integrated financial SDK. The SDK interfered with the application's network…
CVE-2025-14021	2025-12-15	MEDIUM	4.3	The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes…
CVE-2025-14020	2025-12-15	MEDIUM	5.4	LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when…
CVE-2025-14019	2025-12-15	LOW	3.4	LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt,…
CVE-2025-14712	2025-12-15	HIGH	7.5	Student Learning Assessment and Support System developed by JHENG GAO has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to view a specific page and obtain…
CVE-2025-14707	2025-12-15	CRITICAL	9.8	A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component DOCKER Feature. Performing manipulation of…
CVE-2025-14706	2025-12-15	CRITICAL	9.8	A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component NETREBOOT Interface. Such manipulation leads to command…
CVE-2025-14549	2025-12-15	N/A	0.0	In the Eclipse OMR compiler component, since release 0.7.0, an optimization enabled for Eclipse OpenJ9 consumers of OMR on Z processors incorrectly handles NUL (0x00) characters during the…
CVE-2025-13355	2025-12-15	HIGH	7.1	The URL Shortify WordPress plugin before 1.11.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which…
CVE-2025-12684	2025-12-15	HIGH	7.1	The URL Shortify WordPress plugin before 1.11.3 does not sanitize and escape a parameter before outputting it back in the page, leading to a reflected cross site scripting,…
CVE-2025-11363	2025-12-15	MEDIUM	5.3	The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via the wpr_addons_upload_file action.
CVE-2025-14705	2025-12-15	CRITICAL	9.8	A vulnerability was determined in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function of the component SHARESERVER Feature. This manipulation of the argument params causes command injection.…
CVE-2025-14704	2025-12-15	HIGH	7.3	A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in…
CVE-2025-67906	2025-12-15	MEDIUM	5.4	In MISP before 2.5.28, app/View/Elements/Workflows/executionPath.ctp allows XSS in the workflow execution path.
CVE-2025-14703	2025-12-15	MEDIUM	5.3	A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function of the file /fsnotify of the component POST Message Handler. The…
CVE-2025-14702	2025-12-15	MEDIUM	4.4	A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path…
CVE-2025-13740	2025-12-15	MEDIUM	6.4	The Lightweight Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `lightweight-accordion` shortcode in all versions up to, and including, 1.5.20 due to insufficient…
CVE-2025-14699	2025-12-15	MEDIUM	5.3	A security vulnerability has been detected in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code of the component biz.faxapp.app. Such manipulation leads to path traversal.…
CVE-2025-14698	2025-12-15	MEDIUM	4.4	A weakness has been identified in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects an unknown part of the component gallery.photogallery.pictures.vault.album. This manipulation causes path…
CVE-2025-14697	2025-12-15	LOW	3.7	A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file…
CVE-2025-14696	2025-12-15	MEDIUM	5.3	A vulnerability was identified in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this vulnerability is an unknown functionality of the file /api/GylOperator/UpdatePasswordBatch. The…
CVE-2025-14695	2025-12-15	MEDIUM	6.3	A vulnerability was determined in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. Affected is the function html_renderer of the file plugins/html_renderer/index.js of the component Inter-plugin API. Executing manipulation of the…
CVE-2025-14694	2025-12-15	MEDIUM	4.7	A vulnerability was found in ketr JEPaaS up to 7.2.8. This impacts the function readAllPostil of the file /je/postil/postil/readAllPostil. Performing manipulation of the argument keyWord results in sql…
CVE-2025-14693	2025-12-15	MEDIUM	6.6	A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The…
CVE-2025-67901	2025-12-15	MEDIUM	5.3	openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for…
CVE-2025-14692	2025-12-15	MEDIUM	4.3	A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It…
CVE-2025-67900	2025-12-14	HIGH	8.1	NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
CVE-2025-67899	2025-12-14	LOW	2.9	uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
CVE-2025-14691	2025-12-14	MEDIUM	4.3	A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting.…
CVE-2025-67898	2025-12-14	MEDIUM	4.5	MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for…
CVE-2025-13281	2025-12-14	MEDIUM	5.8	A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected…
CVE-2025-67907	2025-12-15	N/A	0.0	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-67906. Reason: This candidate is a reservation duplicate of CVE-2025-67906. Notes: All CVE users should reference CVE-2025-67906 instead of…
CVE-2025-14674	2025-12-14	MEDIUM	6.3	A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injection. The…
CVE-2025-14673	2025-12-14	HIGH	7.3	A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The…
CVE-2025-14672	2025-12-14	HIGH	7.3	A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing manipulation can lead to heap-based buffer overflow.…
CVE-2025-14668	2025-12-14	HIGH	7.3	A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing manipulation of the argument Username results in…
CVE-2025-14667	2025-12-14	HIGH	7.3	A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument…
CVE-2025-14666	2025-12-14	HIGH	7.3	A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username…
CVE-2025-14665	2025-12-14	CRITICAL	9.8	A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of…

« Anterior Página 211 de 3934 Siguiente »