Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-44636 2025-11-14 MEDIUM 6.5 PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php.
CVE-2024-44635 2025-11-14 MEDIUM 6.1 PHPGurukul Student Record System 3.20 is vulnerable to Cross Site Scripting (XSS) via adminname and aemailid parameters in /admin-profile.php.
CVE-2024-44633 2025-11-14 MEDIUM 6.5 PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php.
CVE-2024-44632 2025-11-14 MEDIUM 6.5 PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php.
CVE-2024-44630 2025-11-14 MEDIUM 6.5 Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1,…
CVE-2024-42749 2025-11-14 MEDIUM 6.1 Cross Site Scripting vulnerability in Alto CMS v.1.1.13 allows a local attacker to execute arbitrary code via a crafted script.
CVE-2024-21635 2025-11-14 N/A 0.0 Memos is a privacy-first, lightweight note-taking service that uses Access Tokens to authenticate application access. When a user changes their password, the existing list of Access Tokens stay…
CVE-2025-8870 2025-11-14 MEDIUM 4.9 On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
CVE-2025-13170 2025-11-14 HIGH 7.3 A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing manipulation of the argument admin_id…
CVE-2025-9982 2025-11-14 N/A 0.0 A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to…
CVE-2025-11918 2025-11-14 N/A 0.0 Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue…
CVE-2025-10018 2025-11-14 N/A 0.0 QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-8855 2025-11-14 HIGH 8.1 Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client,…
CVE-2025-11981 2025-11-14 MEDIUM 4.9 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to…
CVE-2025-11794 2025-11-14 MEDIUM 4.9 Mattermost versions 10.11.x
CVE-2025-55073 2025-11-14 MEDIUM 5.4 Mattermost versions 10.11.x
CVE-2025-55070 2025-11-14 MEDIUM 6.5 Mattermost versions
CVE-2025-41436 2025-11-14 LOW 3.1 Mattermost versions
CVE-2025-11776 2025-11-14 MEDIUM 4.3 Mattermost versions
CVE-2025-64444 2025-11-14 HIGH 7.2 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained…
CVE-2025-10686 2025-11-14 HIGH 7.2 The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include…
CVE-2025-13161 2025-11-14 HIGH 7.5 IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2025-13160 2025-11-14 MEDIUM 5.3 IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal…
CVE-2025-9479 2025-11-14 MEDIUM 4.3 Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security…
CVE-2025-13107 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13102 2025-11-14 MEDIUM 4.3 Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security…
CVE-2025-13097 2025-11-14 MEDIUM 5.4 Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2025-12904 2025-11-14 HIGH 7.2 The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient…
CVE-2024-9126 2025-11-14 HIGH 7.5 Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2024-7021 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2024-7017 2025-11-14 HIGH 7.5 Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2024-13983 2025-11-14 MEDIUM 6.3 Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity:…
CVE-2024-13178 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11920 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.…
CVE-2024-11919 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2025-64530 2025-11-13 HIGH 7.5 Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and…
CVE-2025-64754 2025-11-13 N/A 0.0 Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts.…
CVE-2025-64753 2025-11-13 MEDIUM 5.3 grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions…
CVE-2025-64752 2025-11-13 MEDIUM 6.8 grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from…
CVE-2025-64749 2025-11-13 MEDIUM 4.3 Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions…
CVE-2025-64748 2025-11-13 MEDIUM 6.5 Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when…
CVE-2025-64747 2025-11-13 MEDIUM 5.5 Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 11.13.0 that allows users…
CVE-2025-47913 2025-11-13 HIGH 7.5 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVE-2025-36251 2025-11-13 CRITICAL 9.6 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process…
CVE-2025-36250 2025-11-13 CRITICAL 10.0 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary…
CVE-2025-36236 2025-11-13 HIGH 8.2 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories…
CVE-2025-36096 2025-11-13 CRITICAL 9.0 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized…
CVE-2025-13131 2025-11-13 HIGH 7.8 A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default…
CVE-2025-13130 2025-11-13 HIGH 7.8 A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect…
CVE-2025-64746 2025-11-13 MEDIUM 4.6 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field…
« Anterior Página 294 de 3936 Siguiente »