Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-40218 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside…
CVE-2025-40217 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: pidfs: validate extensible ioctls Validate extensible ioctls stricter than we do now.
CVE-2025-40216 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: don't rely on user vaddr alignment There is no guaranteed alignment for user pointers, however the calculation…
CVE-2025-2848 2025-12-04 MEDIUM 6.3 A vulnerability in Synology Mail Server allows remote authenticated attackers to read and write non-sensitive settings, and disable some non-critical functions.
CVE-2025-29846 2025-12-04 HIGH 7.2 A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
CVE-2025-29845 2025-12-04 MEDIUM 4.3 A vulnerability in VideoPlayer2 subtitle cgi allows remote authenticated users to read .srt files.
CVE-2025-29844 2025-12-04 MEDIUM 4.3 A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
CVE-2025-29843 2025-12-04 MEDIUM 5.4 A vulnerability in FileStation thumb cgi allows remote authenticated users to read/write image files.
CVE-2025-14008 2025-12-04 MEDIUM 4.7 A flaw has been found in dayrui XunRuiCMS up to 4.7.1. This vulnerability affects unknown code of the file admin79f2ec220c7e.php?c=api&m=test_site_domain of the component Project Domain Change Test. This…
CVE-2025-14007 2025-12-04 LOW 2.0 A vulnerability was detected in dayrui XunRuiCMS up to 4.7.1. This affects an unknown part of the file /admin79f2ec220c7e.php?c=api&m=demo&name=mobile of the component Domain Name Binding Page. The manipulation…
CVE-2025-14006 2025-12-04 LOW 3.5 A security vulnerability has been detected in dayrui XunRuiCMS up to 4.7.1. Affected by this issue is some unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=1 of the component Add…
CVE-2024-5401 2025-12-04 MEDIUM 4.3 Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager (DSM) before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079…
CVE-2024-45539 2025-12-04 HIGH 7.5 Out-of-bounds write vulnerability in cgi components in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to conduct denial-of-service…
CVE-2024-45538 2025-12-04 CRITICAL 9.6 Cross-Site Request Forgery (CSRF) vulnerability in WebAPI Framework in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller (DSMUC) before 3.1.4-23079 allows remote attackers to…
CVE-2025-14005 2025-12-04 LOW 2.4 A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. Affected by this vulnerability is an unknown functionality of the file /admind45f74adbd95.php?c=field&m=add&rname=site&rid=1&page=0 of the component Add Display…
CVE-2025-14004 2025-12-04 MEDIUM 4.7 A security flaw has been discovered in dayrui XunRuiCMS up to 4.7.1. Affected is an unknown function of the file /admind45f74adbd95.php?c=email&m=add of the component Email Setting Handler. Performing…
CVE-2025-40215 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists…
CVE-2025-40214 2025-12-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of…
CVE-2025-11222 2025-12-04 MEDIUM 6.1 Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to untrusted sites via specially crafted URLs, potentially facilitating phishing attacks and…
CVE-2025-41080 2025-12-04 N/A 0.0 A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious…
CVE-2025-41079 2025-12-04 N/A 0.0 A stored Cross-Site Scripting (XSS) vulnerability has been found in Seafile v12.0.10. This vulnerability allows an attacker to execute arbitrary code in the victim's browser by storing malicious…
CVE-2025-14010 2025-12-04 MEDIUM 5.5 A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes.…
CVE-2025-12826 2025-12-04 MEDIUM 4.8 The Custom Post Type UI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.18.0. This is due to the plugin not…
CVE-2025-12782 2025-12-04 MEDIUM 4.3 The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.9.4. This is due to the…
CVE-2025-13513 2025-12-04 MEDIUM 6.1 The Clik stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `$_SERVER['PHP_SELF']` parameter in all versions up to, and including, 0.8 due to insufficient input…
CVE-2025-11727 2025-12-04 HIGH 7.2 The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync() function in…
CVE-2025-11379 2025-12-04 MEDIUM 5.3 The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin…
CVE-2025-62173 2025-12-04 N/A 0.0 ## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API
CVE-2025-66404 2025-12-03 MEDIUM 6.4 MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the…
CVE-2025-66293 2025-12-03 HIGH 7.1 LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability…
CVE-2025-65868 2025-12-03 N/A 0.0 XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
CVE-2025-64055 2025-12-03 N/A 0.0 An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update,…
CVE-2025-66489 2025-12-03 N/A 0.0 Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided,…
CVE-2025-66453 2025-12-03 N/A 0.0 Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into…
CVE-2025-66411 2025-12-03 HIGH 7.8 Coder allows organizations to provision remote development environments via Terraform. Prior to 2.26.5, 2.27.7, and 2.28.4, Workspace Agent manifests containing sensitive values were logged in plaintext unsanitized. An…
CVE-2025-66406 2025-12-03 MEDIUM 5.0 Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This…
CVE-2025-65345 2025-12-03 N/A 0.0 alexusmai laravel-file-manager 3.3.1 and below is vulnerable to Directory Traversal. The zip/archiving functionality allows an attacker to create archives containing files and directories outside the intended scope due…
CVE-2025-65097 2025-12-03 N/A 0.0 RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User…
CVE-2025-65096 2025-12-03 N/A 0.0 RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read…
CVE-2025-65027 2025-12-03 HIGH 7.6 RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that…
CVE-2025-61727 2025-12-03 MEDIUM 6.5 An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain…
CVE-2025-50361 2025-12-03 MEDIUM 5.1 Buffer Overflow was found in SmallBASIC community SmallBASIC with SDL Before v12_28, and commit sha:298a1d495355959db36451e90a0ac74bcc5593fe in the function main.cpp, which can lead to potential information leakage and crash.
CVE-2025-13086 2025-12-03 N/A 0.0 Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate…
CVE-2025-12385 2025-12-03 N/A 0.0 Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM,…
CVE-2025-66222 2025-12-03 CRITICAL 9.6 DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram renderer allows an attacker…
CVE-2025-66220 2025-12-03 MEDIUM 5.0 Envoy is a high-performance edge/middle/service proxy. In 1.33.12, 1.34.10, 1.35.6, 1.36.2, and earlier, Envoy’s mTLS certificate matcher for match_typed_subject_alt_names may incorrectly treat certificates containing an embedded null byte…
CVE-2025-66208 2025-12-03 N/A 0.0 Collabora Online - Built-in CODE Server (richdocumentscode) provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online…
CVE-2025-66032 2025-12-03 N/A 0.0 Claude Code is an agentic coding tool. Prior to 1.0.93, Due to errors in parsing shell commands related to $IFS and short CLI flags, it was possible to…
CVE-2025-63402 2025-12-03 MEDIUM 5.5 An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or…
CVE-2025-63401 2025-12-03 MEDIUM 5.5 Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
« Anterior Página 255 de 3934 Siguiente »