Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-12939	2025-11-10	MEDIUM	6.3	A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation…
CVE-2025-12938	2025-11-10	HIGH	7.3	A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords…
CVE-2025-41001	2025-11-10	N/A	0.0	Cross Site Scripting (XSS) vulnerability stored in SOPlanning v1.53.02, which consist of a stored XSS due to a lack of proper validation of user input by sending a…
CVE-2025-12405	2025-11-10	N/A	0.0	An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the…
CVE-2025-41107	2025-11-10	N/A	0.0	Stored Cross Site Scripting (XSS) vulnerability in Smart School 7.0 due to lack of proper validation of user input when sending a POST request to '/online_admission', wich affects…
CVE-2025-12409	2025-11-10	N/A	0.0	A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. By creating a malicious report with native functions enabled, and…
CVE-2025-12397	2025-11-10	N/A	0.0	A SQL injection vulnerability was found in Looker Studio. A Looker Studio user with report view access could inject malicious SQL that would execute with the report owner's…
CVE-2025-12155	2025-11-10	N/A	0.0	A Command Injection vulnerability, resulting from improper file path sanitization (Directory Traversal) in Looker allows an attacker with Developer permission to execute arbitrary shell commands when a user…
CVE-2025-41731	2025-11-10	HIGH	7.4	A vulnerability was identified in the password generation algorithm when accessing the debug-interface. An unauthenticated local attacker with knowledge of the password generation timeframe might be able to…
CVE-2025-12933	2025-11-10	MEDIUM	6.3	A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql…
CVE-2025-62689	2025-11-10	HIGH	7.5	NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after…
CVE-2025-59777	2025-11-10	HIGH	7.5	NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after…
CVE-2025-12932	2025-11-10	MEDIUM	4.7	A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid…
CVE-2025-12931	2025-11-10	MEDIUM	6.3	A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID…
CVE-2025-12613	2025-11-10	HIGH	8.6	Versions of the package cloudinary before 2.7.0 are vulnerable to Arbitrary Argument Injection due to improper parsing of parameter values containing an ampersand. An attacker can inject additional,…
CVE-2025-12928	2025-11-10	HIGH	7.3	A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in…
CVE-2025-12868	2025-11-10	CRITICAL	9.8	New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the…
CVE-2025-12867	2025-11-10	HIGH	7.2	EIP Plus developed by Hundred Plus has an Arbitrary File Uplaod vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
CVE-2025-12927	2025-11-10	MEDIUM	4.7	A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archives_add.php. Such manipulation of the argument flags[]…
CVE-2025-12926	2025-11-10	MEDIUM	6.3	A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid…
CVE-2025-12866	2025-11-10	CRITICAL	9.8	EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting…
CVE-2025-12865	2025-11-10	HIGH	8.8	U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-12864	2025-11-10	HIGH	8.8	U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-12925	2025-11-10	HIGH	7.3	A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The…
CVE-2025-12924	2025-11-10	MEDIUM	4.3	A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack…
CVE-2025-12923	2025-11-10	LOW	2.7	A vulnerability was determined in liweiyi ChestnutCMS up to 1.5.8. This vulnerability affects the function resourceDownload of the file /dev-api/common/download. Executing manipulation of the argument path can lead…
CVE-2025-12922	2025-11-10	MEDIUM	6.3	A vulnerability was found in OpenClinica Community Edition up to 3.12.2/3.13. This affects an unknown part of the file /ImportCRFData?action=confirm of the component CRF Data Import. Performing manipulation…
CVE-2025-12921	2025-11-10	MEDIUM	4.3	A vulnerability has been found in OpenClinica Community Edition up to 3.12.2/3.13. Affected by this issue is some unknown functionality of the file /ImportCRFData?action=confirm of the component CRF…
CVE-2025-12920	2025-11-09	LOW	2.4	A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument…
CVE-2025-12919	2025-11-09	LOW	3.7	A vulnerability was detected in EverShop up to 2.0.1. Affected is an unknown function of the file /src/modules/oms/graphql/types/Order/Order.resolvers.js of the component Order Handler. The manipulation of the argument…
CVE-2025-12918	2025-11-09	LOW	3.1	A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the…
CVE-2025-12917	2025-11-09	MEDIUM	4.3	A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads…
CVE-2025-40109	2025-11-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides…
CVE-2025-40108	2025-11-09	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: serial: qcom-geni: Fix blocked task Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for serial driver") and its…
CVE-2025-12916	2025-11-09	MEDIUM	6.3	A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation…
CVE-2025-12915	2025-11-08	MEDIUM	6.4	A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion.…
CVE-2025-12914	2025-11-08	MEDIUM	4.7	A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the…
CVE-2025-12913	2025-11-08	MEDIUM	4.7	A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead…
CVE-2025-12837	2025-11-08	MEDIUM	6.4	The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due…
CVE-2025-12643	2025-11-08	MEDIUM	6.4	The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'saphali_liqpay' shortcode in all versions up to, and including, 1.0.2. This is…
CVE-2025-12399	2025-11-08	HIGH	7.2	The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all…
CVE-2025-12092	2025-11-08	MEDIUM	6.5	The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' functionality in all versions up to, and…
CVE-2025-11980	2025-11-08	MEDIUM	4.9	The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'delete_orphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping…
CVE-2025-11967	2025-11-08	HIGH	7.2	The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and…
CVE-2025-11448	2025-11-08	MEDIUM	4.3	The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/envira-convert/v1/bulk-convert'…
CVE-2025-12099	2025-11-08	HIGH	7.2	The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8…
CVE-2025-12098	2025-11-08	MEDIUM	5.3	The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.8…
CVE-2025-12621	2025-11-08	MEDIUM	5.3	The Flexible Refund and Return Order for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a misconfigured capability check on the 'create_refund' function…
CVE-2025-12498	2025-11-08	MEDIUM	4.3	The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function…
CVE-2025-9334	2025-11-08	HIGH	8.8	The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited Code Injection in all versions up to, and including, 1.7.7. This is due…

« Anterior Página 308 de 3934 Siguiente »