Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36299 2025-11-17 MEDIUM 4.3 IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system.
CVE-2025-13299 2025-11-17 HIGH 7.3 A flaw has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. This impacts an unknown function of the file /user/controller.php. Executing manipulation can lead to sql…
CVE-2025-13298 2025-11-17 HIGH 7.3 A vulnerability was detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. This affects an unknown function of the file /enrollment/controller.php. Performing manipulation results in sql injection. The…
CVE-2024-44664 2025-11-17 MEDIUM 6.5 PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
CVE-2024-44661 2025-11-17 MEDIUM 5.4 PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
CVE-2024-44659 2025-11-17 CRITICAL 9.8 PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
CVE-2024-46335 2025-11-17 MEDIUM 4.6 PHPGurukul Complaint Management System 2.0 is vulnerble to Cross Site Scripting (XSS) via the fromdate and todate parameters in between-date-userreport.php.
CVE-2024-44663 2025-11-17 MEDIUM 6.5 PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
CVE-2024-44662 2025-11-17 MEDIUM 6.5 PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
CVE-2024-44660 2025-11-17 MEDIUM 6.5 PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
CVE-2024-44658 2025-11-17 MEDIUM 6.5 PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the subcategory and category parameters in subcategory.php.
CVE-2024-44655 2025-11-17 MEDIUM 6.1 PHPGurukul Complaint Management System 2.0 is vulnerable to Cross Site Scripting (XSS) via the search parameter in user-search.php.
CVE-2024-44654 2025-11-17 MEDIUM 6.5 PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the email and mobileno parameters in reset-password.php.
CVE-2025-64758 2025-11-17 MEDIUM 4.8 @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply…
CVE-2025-64756 2025-11-17 HIGH 7.5 Glob matches files using patterns the shell uses. From versions 10.3.7 to 11.0.3, the glob CLI contains a command injection vulnerability in its -c/--cmd option that allows arbitrary…
CVE-2025-64342 2025-11-17 N/A 0.0 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. When the ESP32 is in advertising mode, if it receives a connection request containing an invalid Access Address…
CVE-2025-58407 2025-11-17 HIGH 7.4 Kernel or driver software installed on a Guest VM may post improper commands to the GPU Firmware to exploit a TOCTOU race condition and trigger a read and/or…
CVE-2025-55059 2025-11-17 MEDIUM 4.8 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55058 2025-11-17 MEDIUM 4.5 CWE-20 Improper Input Validation
CVE-2025-55057 2025-11-17 MEDIUM 4.5 Multiple CWE-352 Cross-Site Request Forgery (CSRF)
CVE-2025-55056 2025-11-17 MEDIUM 4.8 Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-55055 2025-11-17 MEDIUM 6.8 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2025-34323 2025-11-17 N/A 0.0 Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to unsafe interaction between sudo rules and file system permissions. The web server account…
CVE-2025-34322 2025-11-17 N/A 0.0 Nagios Log Server versions prior to 2026R1.0.1 contain an authenticated command injection vulnerability via the experimental 'Natural Language Queries' feature. Configuration values for this feature are read from…
CVE-2025-13297 2025-11-17 HIGH 7.3 A security vulnerability has been detected in itsourcecode Web-Based Internet Laboratory Management System 1.0. The impacted element is an unknown function of the file /course/controller.php. Such manipulation leads…
CVE-2024-44657 2025-11-17 MEDIUM 6.5 PHPGurukul Complaint Management System 2.0 is vulnerable to SQL Injection via the fromdate and todate parameters in between-date-userreport.php.
CVE-2024-44653 2025-11-17 MEDIUM 6.5 Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.
CVE-2024-44651 2025-11-17 MEDIUM 6.5 Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php.
CVE-2025-63918 2025-11-17 N/A 0.0 PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations.
CVE-2025-63917 2025-11-17 HIGH 7.1 PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity (XXE) references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling…
CVE-2025-62519 2025-11-17 HIGH 7.2 phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged…
CVE-2025-58410 2025-11-17 HIGH 7.5 Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by…
CVE-2025-13319 2025-11-17 HIGH 8.8 An injection vulnerability has been discovered in the API feature in Digi On-Prem Manager, enabling an attacker with valid API tokens to inject SQL via crafted input. The…
CVE-2025-13291 2025-11-17 HIGH 7.3 A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirm_order.php. Performing manipulation of the argument ID results in sql…
CVE-2025-13290 2025-11-17 MEDIUM 6.3 A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the…
CVE-2025-13193 2025-11-17 MEDIUM 5.5 A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS…
CVE-2024-46336 2025-11-17 MEDIUM 6.1 kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /client_user/feedback.php.
CVE-2024-46334 2025-11-17 MEDIUM 6.1 kashipara School Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the formuser and formpassword parameters in /adminLogin.php.
CVE-2024-44652 2025-11-17 MEDIUM 6.5 Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.
CVE-2024-44648 2025-11-17 MEDIUM 6.5 PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via id and adminremark parameters in quote-details.php.
CVE-2024-44647 2025-11-17 MEDIUM 6.1 PHPGurukul Small CRM 3.0 is vulnerable to Cross Site Scripting (XSS) via the aremark parameter in manage-tickets.php.
CVE-2024-44644 2025-11-17 MEDIUM 6.5 PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the frm_id and aremark parameters in manage-tickets.php.
CVE-2024-44641 2025-11-17 MEDIUM 6.5 PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection via the oldpass parameter in change-password.php.
CVE-2025-65083 2025-11-17 LOW 3.2 GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy…
CVE-2025-64046 2025-11-17 MEDIUM 6.1 OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in /system/update-run.php.
CVE-2025-63916 2025-11-17 HIGH 8.1 MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe,…
CVE-2025-63748 2025-11-17 HIGH 8.8 QaTraq 6.9.2 allows authenticated users to upload arbitrary files via the "Add Attachment" feature in the "Test Script" module. The application fails to restrict file types, enabling the…
CVE-2025-63747 2025-11-17 CRITICAL 9.8 QaTraq 6.9.2 ships with administrative account credentials which are enabled in default installations and permit immediate login via the web application login page. Because the account provides administrative…
CVE-2025-63708 2025-11-17 MEDIUM 6.1 Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the…
CVE-2025-13289 2025-11-17 MEDIUM 6.3 A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the…
« Anterior Página 287 de 3934 Siguiente »