Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-56499 2025-11-18 MEDIUM 6.5 Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config…
CVE-2025-54320 2025-11-18 MEDIUM 4.3 In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit…
CVE-2025-58034 2025-11-18 HIGH 7.2 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0…
CVE-2025-0351 2025-11-19 N/A 0.0 Rejected reason: Voluntarily withdrawn
CVE-2025-65941 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65940 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65939 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65938 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65937 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65936 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65935 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65934 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65933 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-63955 2025-11-18 HIGH 7.5 A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged…
CVE-2025-63749 2025-11-18 MEDIUM 6.5 pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options parameter.
CVE-2025-63514 2025-11-18 MEDIUM 6.1 kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVE-2025-61662 2025-11-18 MEDIUM 4.9 A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module…
CVE-2025-61661 2025-11-18 MEDIUM 4.8 A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device,…
CVE-2025-54771 2025-11-18 MEDIUM 4.9 A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid…
CVE-2025-54770 2025-11-18 MEDIUM 4.9 A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because…
CVE-2025-37160 2025-11-18 MEDIUM 5.3 A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this…
CVE-2025-37155 2025-11-18 HIGH 7.8 A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow…
CVE-2025-13083 2025-11-18 LOW 3.7 Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before…
CVE-2025-13082 2025-11-18 MEDIUM 4.3 User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from…
CVE-2025-13080 2025-11-18 MEDIUM 5.3 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from…
CVE-2025-12761 2025-11-18 LOW 3.5 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi step form: from…
CVE-2025-12760 2025-11-18 MEDIUM 5.4 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
CVE-2025-63226 2025-11-18 N/A 0.0 The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are…
CVE-2025-37159 2025-11-18 MEDIUM 5.8 A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation…
CVE-2025-37158 2025-11-18 MEDIUM 6.7 A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected…
CVE-2025-63225 2025-11-18 N/A 0.0 The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive…
CVE-2025-61664 2025-11-18 MEDIUM 4.9 A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not…
CVE-2025-61663 2025-11-18 MEDIUM 4.9 A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because…
CVE-2025-60455 2025-11-18 N/A 0.0 Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
CVE-2025-52639 2025-11-18 LOW 3.5 HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering…
CVE-2025-37163 2025-11-18 HIGH 7.2 A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute…
CVE-2025-37157 2025-11-18 MEDIUM 6.7 A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected…
CVE-2025-37156 2025-11-18 MEDIUM 6.8 A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the…
CVE-2025-34324 2025-11-18 N/A 0.0 GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed,…
CVE-2025-63994 2025-11-18 N/A 0.0 An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-63829 2025-11-18 MEDIUM 5.3 eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
CVE-2025-55796 2025-11-18 HIGH 7.5 The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These…
CVE-2025-13081 2025-11-18 MEDIUM 5.9 Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from…
CVE-2025-63800 2025-11-18 HIGH 7.5 The password change endpoint in Open Source Point of Sale 3.4.1 allows users to set their account password to an empty string due to missing server-side validation. When…
CVE-2025-63604 2025-11-18 MEDIUM 6.5 A code injection vulnerability exists in baryhuang/mcp-server-aws-resources-python 0.1.0 that allows remote code execution through insufficient input validation in the execute_query method. The vulnerability stems from the exposure of…
CVE-2025-63513 2025-11-18 N/A 0.0 kishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functionality.
CVE-2025-63603 2025-11-18 MEDIUM 6.5 A command injection vulnerability exists in the MCP Data Science Server's (reading-plus-ai/mcp-server-data-exploration) 0.1.6 in the safe_eval() function (src/mcp_server_ds/server.py:108). The function uses Python's exec() to execute user-supplied scripts but…
CVE-2025-63602 2025-11-18 HIGH 7.3 A vulnerability was discovered in Awesome Miner thru 11.2.4 that allows arbitrary read and write to kernel memory and MSRs (such as LSTAR) as an unprivileged user. This…
CVE-2025-63512 2025-11-18 MEDIUM 6.5 kishan0725 Hospital Management System/ v4 is vulnerable to SQL Injection in admin-panel1.php, specifically in the deleting doctor logic. The application fails to properly sanitize or parameterize user-supplied input…
CVE-2025-63408 2025-11-18 MEDIUM 5.1 Local Agent DVR versions thru 6.6.1.0 are vulnerable to directory traversal that allows an unauthenticated local attacker to gain access to sensitive information, cause a server-side forgery request…
« Anterior Página 283 de 3934 Siguiente »