Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55221 2025-12-01 HIGH 8.6 A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP USB Function functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted network…
CVE-2025-54851 2025-12-01 HIGH 7.5 A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network…
CVE-2025-54850 2025-12-01 HIGH 7.5 A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network…
CVE-2025-54849 2025-12-01 HIGH 7.5 A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network…
CVE-2025-54848 2025-12-01 HIGH 7.5 A denial of service vulnerability exists in the Modbus TCP and Modbus RTU over TCP functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted series of network…
CVE-2025-3500 2025-12-01 CRITICAL 9.0 Integer Overflow or Wraparound vulnerability in Avast Antivirus (25.1.981.6) on Windows allows Privilege Escalation.This issue affects Antivirus: from 25.1.981.6 before 25.3.
CVE-2025-10101 2025-12-01 HIGH 8.1 Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus…
CVE-2025-49643 2025-12-01 N/A 0.0 An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of…
CVE-2025-49642 2025-12-01 N/A 0.0 Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
CVE-2025-27232 2025-12-01 N/A 0.0 An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
CVE-2025-13296 2025-12-01 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.
CVE-2025-8045 2025-12-01 MEDIUM 4.0 Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform…
CVE-2025-59789 2025-12-01 HIGH 7.5 Uncontrolled recursion in the json2pb component in Apache bRPC (version < 1.15.0) on all platforms allows remote attackers to make the server crash via sending deep recursive json…
CVE-2025-41070 2025-12-01 N/A 0.0 Reflected Cross-site Scripting (XSS) vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in…
CVE-2025-41739 2025-12-01 MEDIUM 5.9 An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to…
CVE-2025-41738 2025-12-01 HIGH 7.5 An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to…
CVE-2025-41700 2025-12-01 HIGH 7.8 An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code…
CVE-2025-13819 2025-12-01 MEDIUM 6.1 Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter,…
CVE-2025-13816 2025-12-01 MEDIUM 6.3 A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component…
CVE-2025-13815 2025-12-01 MEDIUM 6.3 A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the…
CVE-2025-61619 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61618 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61617 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61610 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61609 2025-12-01 HIGH 7.5 In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61608 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-61607 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-3012 2025-12-01 HIGH 7.5 In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-13814 2025-12-01 HIGH 7.3 A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side…
CVE-2025-11133 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-11132 2025-12-01 HIGH 7.5 In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
CVE-2025-13813 2025-12-01 MEDIUM 5.6 A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint.…
CVE-2025-13811 2025-12-01 MEDIUM 6.3 A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection.…
CVE-2025-13810 2025-12-01 MEDIUM 5.3 A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate…
CVE-2025-13809 2025-12-01 MEDIUM 6.3 A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection…
CVE-2025-13808 2025-12-01 HIGH 7.3 A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile…
CVE-2025-13807 2025-12-01 MEDIUM 4.3 A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation results in improper…
CVE-2025-13806 2025-12-01 HIGH 7.3 A security vulnerability has been detected in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This impacts an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Transaction API. The manipulation…
CVE-2025-13805 2025-12-01 LOW 3.7 A weakness has been identified in nutzam NutzBoot up to 2.6.0-SNAPSHOT. This affects the function getInputStream of the file nutzcloud/nutzcloud-literpc/src/main/java/org/nutz/boot/starter/literpc/impl/endpoint/http/HttpServletRpcEndpoint.java of the component LiteRpc-Serializer. Executing manipulation can lead…
CVE-2025-13804 2025-12-01 MEDIUM 4.3 A security flaw has been discovered in nutzam NutzBoot up to 2.6.0-SNAPSHOT. The impacted element is an unknown function of the file nutzboot-demo/nutzboot-demo-simple/nutzboot-demo-simple-web3j/src/main/java/io/nutz/demo/simple/module/EthModule.java of the component Ethereum Wallet…
CVE-2025-13803 2025-12-01 HIGH 7.3 A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument…
CVE-2025-13802 2025-12-01 MEDIUM 4.3 A vulnerability was determined in jairiidriss RestaurantWebsite up to e7911f12d035e8e2f9a75e7a28b59e4ef5c1d654. Impacted is an unknown function of the component Make a Reservation. This manipulation of the argument selected_date causes…
CVE-2025-13800 2025-12-01 MEDIUM 6.3 A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function set_mesh_disconnect of the file /send_order.cgi. The manipulation of the argument mac results in command injection.…
CVE-2025-64772 2025-12-01 HIGH 7.8 The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-13799 2025-12-01 MEDIUM 6.3 A vulnerability has been found in ADSLR NBR1005GPEV2 250814-r037c. This vulnerability affects the function ap_macfilter_del of the file /send_order.cgi. The manipulation of the argument mac leads to command…
CVE-2025-13798 2025-12-01 MEDIUM 6.3 A flaw has been found in ADSLR NBR1005GPEV2 250814-r037c. This affects the function ap_macfilter_add of the file /send_order.cgi. Executing manipulation of the argument mac can lead to command…
CVE-2025-13797 2025-12-01 MEDIUM 6.3 A vulnerability was detected in ADSLR B-QE2W401 250814-r037c. Affected by this issue is the function parameterdel_swifimac of the file /send_order.cgi. Performing manipulation of the argument del_swifimac results in…
CVE-2025-13796 2025-12-01 MEDIUM 6.3 A security vulnerability has been detected in deco-cx apps up to 0.120.1. Affected by this vulnerability is the function AnalyticsScript of the file website/loaders/analyticsScript.ts of the component Parameter…
CVE-2025-13795 2025-11-30 LOW 2.4 A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info…
CVE-2025-13793 2025-11-30 MEDIUM 4.3 A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter…
« Anterior Página 263 de 3934 Siguiente »