Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-65069 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-65068 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-65067 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-65066 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-65065 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-65064 2025-11-15 N/A 0.0 Rejected reason: Not used
CVE-2025-12182 2025-11-15 MEDIUM 4.3 The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including,…
CVE-2025-64446 2025-11-14 CRITICAL 9.8 A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may…
CVE-2025-9317 2025-11-15 HIGH 8.4 The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active…
CVE-2025-8386 2025-11-15 MEDIUM 6.9 The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that…
CVE-2025-64309 2025-11-15 HIGH 8.6 Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be…
CVE-2025-64308 2025-11-15 HIGH 7.5 The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
CVE-2025-64307 2025-11-15 MEDIUM 6.5 The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or…
CVE-2025-62765 2025-11-15 HIGH 7.5 General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.
CVE-2025-59780 2025-11-15 HIGH 7.5 General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.
CVE-2025-58083 2025-11-15 CRITICAL 10.0 General Industrial Controls Lynx+ Gateway  is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
CVE-2025-55034 2025-11-15 HIGH 8.2 General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.
CVE-2025-1256 2025-11-14 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-13188 2025-11-14 CRITICAL 9.8 A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in…
CVE-2023-7328 2025-11-14 N/A 0.0 Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user…
CVE-2022-4985 2025-11-14 N/A 0.0 Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to…
CVE-2021-4471 2025-11-14 N/A 0.0 TG8 Firewall exposes a directory such as /data/ over HTTP without authentication. This directory stores credential files for previously logged-in users. A remote unauthenticated attacker can enumerate and…
CVE-2021-4470 2025-11-14 N/A 0.0 TG8 Firewall contains a pre-authentication remote code execution vulnerability in the runphpcmd.php endpoint. The syscmd POST parameter is passed directly to a system command without validation and executed…
CVE-2021-4469 2025-11-14 N/A 0.0 Denver SHO-110 IP cameras expose a secondary HTTP service on TCP port 8001 that provides access to a '/snapshot' endpoint without authentication. While the primary web interface on…
CVE-2021-4468 2025-11-14 N/A 0.0 PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file…
CVE-2021-4467 2025-11-14 N/A 0.0 Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for…
CVE-2021-4466 2025-11-14 N/A 0.0 IPCop versions up to and including 2.1.9 contain an authenticated remote code execution vulnerability within the web-based administration interface. The email configuration component inserts user-controlled values, including the…
CVE-2021-4465 2025-11-14 N/A 0.0 ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted…
CVE-2018-25125 2025-11-14 N/A 0.0 Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of…
CVE-2016-15056 2025-11-14 N/A 0.0 Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files…
CVE-2025-64084 2025-11-14 MEDIUM 6.5 An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vucc_details_ajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a…
CVE-2025-63891 2025-11-14 HIGH 7.5 Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes)…
CVE-2025-63745 2025-11-14 MEDIUM 5.5 A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the info() function of bin_ne.c. A crafted binary input can trigger a segmentation fault, leading…
CVE-2025-63744 2025-11-14 MEDIUM 5.3 A NULL pointer dereference vulnerability was discovered in radare2 6.0.5 and earlier within the load() function of bin_dyldcache.c. Processing a crafted file can cause a segmentation fault and…
CVE-2025-63830 2025-11-14 MEDIUM 6.1 CKFinder 1.4.3 is vulnerable to Cross Site Scripting (XSS) in the File Upload function. An attacker can upload a crafted SVG containing active content.
CVE-2025-63725 2025-11-14 MEDIUM 6.1 Reflected Cross-Site Scripting (XSS) vulnerability in SVX Portal 2.7A via the id parameter to Recivers.php.
CVE-2025-13187 2025-11-14 MEDIUM 5.3 A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected…
CVE-2025-13186 2025-11-14 LOW 2.4 A weakness has been identified in Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution up to 4.0. This impacts an unknown function of the file /dashboard/Ccustomer/manage_customer. This manipulation…
CVE-2025-63701 2025-11-14 MEDIUM 6.8 A heap corruption vulnerability exists in the Advantech TP-3250 printer driver's DrvUI_x64_ADVANTECH.dll (v0.3.9200.20789) when DocumentPropertiesW() is called with a valid dmDriverExtra value but an undersized output buffer. The…
CVE-2025-63291 2025-11-14 MEDIUM 6.5 When processing API requests, the Alteryx server 2022.1.1.42654 and 2024.1 used MongoDB object IDs to uniquely identify the data being requested by the caller. The Alteryx server did…
CVE-2025-54345 2025-11-14 HIGH 7.5 An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
CVE-2025-13178 2025-11-14 LOW 3.5 A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation…
CVE-2025-13185 2025-11-14 MEDIUM 4.7 A security flaw has been discovered in Bdtask/CodeCanyon News365 up to 7.0.3. This affects an unknown function of the file /admin/dashboard/profile. The manipulation of the argument profile_image/banner_image results…
CVE-2025-54559 2025-11-14 LOW 3.7 An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
CVE-2025-54346 2025-11-14 HIGH 7.6 A Reflected Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s…
CVE-2025-13204 2025-11-14 HIGH 7.3 npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The…
CVE-2025-13182 2025-11-14 LOW 3.5 A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross…
CVE-2025-63680 2025-11-14 HIGH 8.6 Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code…
CVE-2025-63724 2025-11-14 MEDIUM 6.0 SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php.
CVE-2025-54560 2025-11-14 LOW 3.8 A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.
« Anterior Página 290 de 3934 Siguiente »