Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-64474 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64473 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-64472 2025-11-06 N/A 0.0 Rejected reason: Not used
CVE-2025-47151 2025-11-05 CRITICAL 9.8 A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An…
CVE-2025-46784 2025-11-05 HIGH 7.5 A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial…
CVE-2025-46705 2025-11-05 HIGH 7.5 A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of…
CVE-2025-46404 2025-11-05 HIGH 7.5 A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker…
CVE-2025-63334 2025-11-05 CRITICAL 9.8 PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST…
CVE-2025-56231 2025-11-05 CRITICAL 9.1 Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.
CVE-2025-59716 2025-11-05 MEDIUM 5.3 ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an…
CVE-2025-63248 2025-11-05 HIGH 7.5 DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other…
CVE-2025-61304 2025-11-05 CRITICAL 9.8 OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.
CVE-2025-55343 2025-11-05 CRITICAL 9.9 Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Administracion/listas/formArea_ajax.php codDepe, Administracion/listas/formDepeHijo_ajax.php codDepe, Administracion/listas/formDepePadre_ajax.php codInst, asociar_documentos/asociar_borrar_referencia.php radi_nume, asociar_documentos/asociar_documento_buscar_query.php…
CVE-2025-57244 2025-11-05 MEDIUM 5.4 OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is…
CVE-2025-12745 2025-11-05 MEDIUM 5.3 A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted…
CVE-2025-10853 2025-11-05 MEDIUM 5.2 A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor…
CVE-2025-6027 2025-11-05 MEDIUM 6.3 The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated…
CVE-2025-63416 2025-11-05 CRITICAL 9.1 ** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the…
CVE-2025-62722 2025-11-04 N/A 0.0 LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows…
CVE-2025-62721 2025-11-04 N/A 0.0 LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks,…
CVE-2025-62720 2025-11-04 N/A 0.0 LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in…
CVE-2025-62719 2025-11-04 N/A 0.0 LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests…
CVE-2025-5770 2025-11-05 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary…
CVE-2025-56232 2025-11-05 N/A 0.0 GOG Galaxy 2.0.0.2 suffers from Missing SSL Certificate Validation. An attacker who controls the local network, DNS, or a proxy can perform a man-in-the-middle (MitM) attack to intercept…
CVE-2025-43418 2025-11-05 MEDIUM 4.6 This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2. An attacker with physical access to…
CVE-2025-31954 2025-11-05 MEDIUM 5.4 HCL iAutomate v6.5.1 and v6.5.2 is susceptible to a sensitive information disclosure. An HTTP GET method is used to process a request and includes sensitive information in the…
CVE-2025-12735 2025-11-05 CRITICAL 9.8 The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can…
CVE-2025-11093 2025-11-05 HIGH 8.4 An arbitrary code execution vulnerability exists in multiple WSO2 products due to insufficient restrictions in the GraalJS and NashornJS Script Mediator engines. Authenticated users with elevated privileges can…
CVE-2025-11072 2025-11-05 MEDIUM 5.3 The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary…
CVE-2025-10873 2025-11-05 MEDIUM 5.3 The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.
CVE-2025-10567 2025-11-05 MEDIUM 6.3 The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS…
CVE-2023-43000 2025-11-05 HIGH 8.8 A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.5, iOS 16.6 and iPadOS 16.6, Safari 16.6. Processing maliciously crafted web…
CVE-2025-10907 2025-11-05 HIGH 8.4 An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validation of uploaded content and destination in SOAP admin services. A malicious actor with administrative…
CVE-2025-10713 2025-11-05 MEDIUM 6.5 An XML External Entity (XXE) vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions,…
CVE-2025-64459 2025-11-05 CRITICAL 9.1 An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. The methods `QuerySet.filter()`, `QuerySet.exclude()`, and `QuerySet.get()`, and the class `Q()`, are subject to…
CVE-2025-64458 2025-11-05 HIGH 7.5 An issue was discovered in 5.1 before 5.1.14, 4.2 before 4.2.26, and 5.2 before 5.2.8. NFKC normalization in Python is slow on Windows. As a consequence, `django.http.HttpResponseRedirect`, `django.http.HttpResponsePermanentRedirect`,…
CVE-2025-57130 2025-11-05 HIGH 8.3 An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially…
CVE-2025-46424 2025-11-05 MEDIUM 6.7 Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implementation vulnerability. A high privileged attacker could potentially exploit this vulnerability leading to…
CVE-2025-46366 2025-11-05 MEDIUM 6.7 Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential…
CVE-2025-46365 2025-11-05 MEDIUM 5.3 Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploited by an Authenticated attacker to cause Command Injection on an affected Dell CloudLink.
CVE-2025-46364 2025-11-05 CRITICAL 9.1 Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system.
CVE-2025-45379 2025-11-05 HIGH 8.4 Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection from console to gain shell access of system.
CVE-2025-45378 2025-11-05 CRITICAL 9.1 Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged user with known password can break into command shell of CloudLink server and gain access…
CVE-2025-43990 2025-11-05 HIGH 7.3 Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…
CVE-2025-30479 2025-11-05 HIGH 8.4 Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known password can run command injection to gain control of system.
CVE-2025-20377 2025-11-05 MEDIUM 4.3 A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is…
CVE-2025-20376 2025-11-05 MEDIUM 6.5 A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an…
CVE-2025-20375 2025-11-05 MEDIUM 6.5 A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to upload and execute arbitrary files. This vulnerability is due to an…
CVE-2025-20374 2025-11-05 MEDIUM 4.9 A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to perform a directory traversal and access arbitrary resources. This vulnerability is…
CVE-2025-20358 2025-11-05 CRITICAL 9.4 A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining…
« Anterior Página 317 de 3934 Siguiente »