Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-58310 2025-12-11 N/A 0.0 APC Network Management Card 4 contains a path traversal vulnerability that allows unauthenticated attackers to access sensitive system files by manipulating URL parameters. Attackers can exploit directory traversal…
CVE-2024-58309 2025-12-11 N/A 0.0 xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send…
CVE-2024-58308 2025-12-11 N/A 0.0 Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like '…
CVE-2024-58307 2025-12-11 N/A 0.0 CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through…
CVE-2024-58306 2025-12-11 N/A 0.0 minaliC 2.0.0 contains a denial of service vulnerability that allows remote attackers to crash the web server by sending oversized GET requests. Attackers can send crafted HTTP requests…
CVE-2024-58303 2025-12-11 N/A 0.0 FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting…
CVE-2024-58302 2025-12-11 N/A 0.0 FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings…
CVE-2024-58301 2025-12-11 N/A 0.0 Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable endpoints like…
CVE-2024-58300 2025-12-11 N/A 0.0 Siklu MultiHaul TG series devices before version 2.0.0 contain an unauthenticated vulnerability that allows remote attackers to retrieve randomly generated credentials via a network request. Attackers can send…
CVE-2024-58298 2025-12-11 N/A 0.0 Compuware iStrobe Web 20.13 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to upload malicious JSP files through a path traversal in the file upload…
CVE-2024-58297 2025-12-11 N/A 0.0 PyroCMS v3.0.1 contains a stored cross-site scripting vulnerability in the admin redirects configuration that allows attackers to inject malicious scripts. Attackers can insert a payload in the 'Redirect…
CVE-2024-58296 2025-12-11 N/A 0.0 CE Phoenix v3.0.1 contains a stored cross-site scripting vulnerability in the currencies administration panel that allows attackers to inject malicious scripts. Attackers can insert XSS payloads in the…
CVE-2024-58295 2025-12-11 N/A 0.0 ElkArte Forum 1.1.9 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the theme installation process. Attackers can upload a ZIP…
CVE-2024-58294 2025-12-11 N/A 0.0 FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the…
CVE-2024-58293 2025-12-11 N/A 0.0 Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items,…
CVE-2024-58292 2025-12-11 N/A 0.0 XMB Forum 1.9.12.06 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript into templates and front page settings. Attackers can insert XSS payloads…
CVE-2024-58291 2025-12-11 N/A 0.0 Flatboard 3.2 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts in forum information fields. Attackers can insert JavaScript payloads that execute when…
CVE-2024-58290 2025-12-11 N/A 0.0 Xhibiter NFT Marketplace 1.10.2 contains a SQL injection vulnerability in the collections endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit boolean-based,…
CVE-2024-58289 2025-12-11 N/A 0.0 Microweber 2.0.15 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts into user profile fields. Attackers can input script payloads in the first…
CVE-2024-58288 2025-12-11 N/A 0.0 Genexus Protection Server 9.7.2.10 contains an unquoted service path vulnerability in the protsrvservice Windows service configuration. Attackers can exploit the unquoted binary path to execute arbitrary code with…
CVE-2024-58287 2025-12-11 N/A 0.0 reNgine 2.2.0 contains a command injection vulnerability in the nmap_cmd parameter of scan engine configuration that allows authenticated attackers to execute arbitrary commands. Attackers can modify the nmap_cmd…
CVE-2024-58286 2025-12-11 N/A 0.0 dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with…
CVE-2025-66590 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Write vulnerability can be exploited by an attacker to cause the program to write data past the end of…
CVE-2025-66589 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), an Out-of-bounds Read vulnerability can be exploited by an attacker to cause the program to read data past the end of…
CVE-2025-66588 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Uninitialized Pointer vulnerability can be exploited by an attacker which can lead to arbitrary code execution.
CVE-2025-66587 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), the affected application is vulnerable to memory corruption while parsing specially crafted .ctl files. This could allow an attacker to execute…
CVE-2025-66586 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), an Access of Resource Using Incompatible Type vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files.…
CVE-2025-66585 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), a Use After Free vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow…
CVE-2025-66584 2025-12-11 N/A 0.0 In AzeoTech DAQFactory release 20.7 (Build 2555), a Stack-Based Buffer Overflow vulnerability can be exploited to cause memory corruption while parsing specially crafted .ctl files. This could allow…
CVE-2025-66429 2025-12-11 N/A 0.0 An issue was discovered in cPanel 110 through 132. A directory traversal vulnerability within the Team Manager API allows for overwrite of an arbitrary file. This can allow…
CVE-2025-64702 2025-12-11 MEDIUM 5.3 quic-go is an implementation of the QUIC protocol in Go. Versions 0.56.0 and below are vulnerable to excessive memory allocation through quic-go's HTTP/3 client and server implementations by…
CVE-2025-55816 2025-12-11 N/A 0.0 HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
CVE-2025-14538 2025-12-11 LOW 3.5 A security vulnerability has been detected in yangshare warehouseManager 仓库管理系统 1.1.0. This affects the function addCustomer of the file CustomerManageHandler.java. Such manipulation of the argument Name leads to…
CVE-2025-14537 2025-12-11 HIGH 7.3 A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of…
CVE-2025-14293 2025-12-11 MEDIUM 6.5 The WP Job Portal plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.4.0 via the 'downloadCustomUploadedFile' function. This makes it…
CVE-2025-13664 2025-12-11 MEDIUM 6.7 A potential security vulnerability in Quartus® Prime Standard Edition Design Software may allow escalation of privilege.
CVE-2025-13663 2025-12-11 MEDIUM 6.7 Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists.
CVE-2025-55184 2025-12-11 HIGH 7.5 A pre-authentication denial of service vulnerability exists in React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack.…
CVE-2025-55183 2025-12-11 MEDIUM 5.3 An information leak vulnerability exists in specific configurations of React Server Components versions 19.0.0, 19.0.1 19.1.0, 19.1.1, 19.1.2, 19.2.0 and 19.2.1, including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and…
CVE-2025-36937 2025-12-11 N/A 0.0 In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional…
CVE-2025-36936 2025-12-11 N/A 0.0 In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional…
CVE-2025-36935 2025-12-11 N/A 0.0 In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed.…
CVE-2025-36932 2025-12-11 N/A 0.0 In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…
CVE-2025-36924 2025-12-11 HIGH 8.0 In ss_DecodeLcsAssistDataReqMsg(void) of ss_LcsManagement.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with…
CVE-2025-36923 2025-12-11 HIGH 8.0 In NrmmDecoder::DecodeSORTransparentContext of cn_NrmmDecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) escalation of privilege with…
CVE-2025-55307 2025-12-11 LOW 3.3 An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. Opening a malicious PDF containing a crafted JavaScript call to search.query()…
CVE-2025-66048 2025-12-11 CRITICAL 9.8 Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution.…
CVE-2025-66047 2025-12-11 CRITICAL 9.8 Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution.…
CVE-2025-66046 2025-12-11 CRITICAL 9.8 Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution.…
CVE-2025-66045 2025-12-11 CRITICAL 9.8 Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution.…
« Anterior Página 223 de 3936 Siguiente »