Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-13451 2025-11-20 HIGH 7.3 A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads…
CVE-2025-13450 2025-11-20 LOW 3.5 A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site…
CVE-2025-13449 2025-11-20 HIGH 7.3 A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in…
CVE-2025-40605 2025-11-20 MEDIUM 5.3 A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../)…
CVE-2025-40604 2025-11-20 MEDIUM 6.5 Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to…
CVE-2025-40601 2025-11-20 HIGH 7.5 A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to…
CVE-2025-13424 2025-11-20 MEDIUM 4.7 A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to…
CVE-2025-13423 2025-11-20 MEDIUM 4.7 A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the…
CVE-2025-12121 2025-11-20 HIGH 7.3 Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in…
CVE-2025-12120 2025-11-20 HIGH 7.3 Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for…
CVE-2025-64428 2025-11-20 N/A 0.0 Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14.…
CVE-2025-64185 2025-11-20 N/A 0.0 Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and…
CVE-2025-63207 2025-11-19 CRITICAL 9.8 The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can…
CVE-2025-62724 2025-11-20 MEDIUM 4.3 Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" (TOCTOU) attack when downloading…
CVE-2025-62709 2025-11-20 MEDIUM 6.8 ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the…
CVE-2025-62875 2025-11-20 N/A 0.0 An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
CVE-2025-63206 2025-11-19 CRITICAL 9.8 An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies…
CVE-2025-63205 2025-11-19 HIGH 7.5 An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware…
CVE-2025-13437 2025-11-20 N/A 0.0 When zx is invoked with --prefer-local=, the CLI creates a symlink named ./node_modules pointing to /node_modules. Due to a logic error in src/cli.ts (linkNodeModules / cleanup), the function…
CVE-2025-13422 2025-11-20 HIGH 7.3 A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id…
CVE-2025-13421 2025-11-19 HIGH 7.3 A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc…
CVE-2025-65226 2025-11-20 MEDIUM 4.3 Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the deviceId parameter in /goform/saveParentControlInfo.
CVE-2025-65223 2025-11-20 MEDIUM 4.3 Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the urls parameter of /goform/saveParentControlInfo.
CVE-2025-65222 2025-11-20 MEDIUM 4.3 Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the rebootTime parameter of /goform/SetSysAutoRebbotCfg.
CVE-2025-65221 2025-11-20 MEDIUM 4.3 Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow via the list parameter of /goform/setPptpUserList.
CVE-2025-65220 2025-11-20 MEDIUM 4.3 Tenda AC21 V16.03.08.16 is vulnerable to Buffer Overflow in: /goform/SetVirtualServerCfg via the list parameter.
CVE-2025-62731 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will…
CVE-2025-62730 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative…
CVE-2025-63932 2025-11-19 HIGH 7.3 D-Link Router DIR-868L A1 FW106KRb01.bin has an unauthenticated remote code execution vulnerability in the cgibin binary. The HNAP service provided by cgibin does not filter the HTTP SOAPAction…
CVE-2025-63208 2025-11-19 HIGH 7.5 An issue was discovered in bridgetech VB288 Objective QoE Content Extractor, firmware version 5.6.0-8, allowing attackers to gain sensitive information such as administrator passwords via the /probe/core/setup/passwd endpoint.
CVE-2025-62729 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple…
CVE-2025-62297 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited…
CVE-2025-62296 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.…
CVE-2025-62295 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.…
CVE-2025-62294 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values…
CVE-2025-62293 2025-11-20 N/A 0.0 SOPlanning is vulnerable to Broken Access Control in /status endpoint. Due to lack of permission checks in Project Status functionality an authenticated attacker is able to add, edit and…
CVE-2025-60737 2025-11-20 N/A 0.0 Cross Site Scripting vulnerability in Ilevia EVE X1 Server Firmware Version
CVE-2025-36161 2025-11-20 MEDIUM 5.9 IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this…
CVE-2025-51662 2025-11-19 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript…
CVE-2025-34320 2025-11-20 N/A 0.0 BASIS BBj versions prior to 25.00 contain a Jetty-served web endpoint that fails to properly validate or canonicalize input path segments. This allows unauthenticated directory traversal sequences to…
CVE-2025-13425 2025-11-20 N/A 0.0 A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index…
CVE-2025-13420 2025-11-19 HIGH 7.3 A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject…
CVE-2025-13415 2025-11-19 LOW 3.5 A vulnerability was identified in icret EasyImages up to 2.8.6. This affects an unknown part of the file /app/upload.php of the component SVG Image Handler. The manipulation of…
CVE-2024-31405 2025-11-20 N/A 0.0 Rejected reason: Voluntarily withdrawn
CVE-2025-64984 2025-11-20 MEDIUM 6.1 Kaspersky has fixed a security issue in Kaspersky Endpoint Security for Linux (any version with anti-virus databases prior to 18.11.2025), Kaspersky Industrial CyberSecurity for Linux Nodes (any version…
CVE-2025-63719 2025-11-19 HIGH 7.3 Campcodes Online Hospital Management System 1.0 is vulnerable to SQL Injection in /admin/index.php via the parameter username.
CVE-2025-65026 2025-11-19 MEDIUM 6.1 esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, The esm.sh CDN service contains a Template Literal Injection vulnerability (CWE-94) in its…
CVE-2025-65025 2025-11-19 HIGH 8.2 esm.sh is a nobuild content delivery network(CDN) for modern web development. Prior to version 136, the esm.sh CDN service is vulnerable to path traversal during NPM package tarball…
CVE-2025-62346 2025-11-20 MEDIUM 6.8 A Cross-Site Request Forgery (CSRF) vulnerability was identified in HCL Glovius Cloud. An attacker can force a user's web browser to execute an unwanted, malicious action on a…
CVE-2025-60796 2025-11-20 N/A 0.0 phpPgAdmin 7.13.0 and earlier contains multiple cross-site scripting (XSS) vulnerabilities across various components. User-supplied input from $_REQUEST parameters is reflected in HTML output without proper encoding or sanitization…
« Anterior Página 279 de 3934 Siguiente »