Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID Publicado Severidad CVSS Descripción
CVE-2025-1792 2025-05-30 LOW 3.1 Mattermost versions 10.7.x
CVE-2025-0602 2025-05-30 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x…
CVE-2024-7096 2025-05-30 MEDIUM 4.2 A privilege escalation vulnerability exists in multiple [Vendor Name] products due to a business logic flaw in SOAP admin services.…
CVE-2025-4598 2025-05-30 MEDIUM 4.7 A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace…
CVE-2025-48331 2025-05-30 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in Vanquish WooCommerce Orders & Customers Exporter allows Retrieve Embedded Sensitive Data.This…
CVE-2025-4433 2025-05-30 HIGH 8.8 Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User…
CVE-2025-2500 2025-05-30 HIGH 7.4 A vulnerability exists in the SOAP Web services of the Asset Suite versions listed below. If successfully exploited, an attacker…
CVE-2025-1484 2025-05-30 MEDIUM 6.5 A vulnerability exists in the media upload component of the Asset Suite versions listed below. If successfully exploited an attacker…
CVE-2025-5190 2025-05-30 HIGH 8.8 The Browse As plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 0.2. This is…
CVE-2025-4944 2025-05-30 MEDIUM 6.4 The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Compare…
CVE-2025-4597 2025-05-30 MEDIUM 6.5 The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of…
CVE-2025-1763 2025-05-30 HIGH 8.7 An issue has been discovered in GitLab EE that allows for cross-site-scripting attack and content security policy bypass in a…
CVE-2025-4636 2025-05-30 HIGH 7.8 Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control…
CVE-2025-4635 2025-05-30 MEDIUM 6.6 A malicious user with administrative privileges in the web portal would be able to manipulate the Diagnostics module to obtain…
CVE-2025-4634 2025-05-30 MEDIUM 4.1 The web portal on airpointer 2.4.107-2 was vulnerable local file inclusion. A malicious user with administrative privileges in the web…
CVE-2025-4633 2025-05-30 MEDIUM 6.5 Default credentials were present in the web portal for Airpointer 2.4.107-2, allowing an unauthenticated malicious actor to log in via…
CVE-2025-5259 2025-05-30 MEDIUM 6.4 The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions…
CVE-2025-4659 2025-05-30 MEDIUM 5.3 The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full…
CVE-2025-4429 2025-05-30 MEDIUM 6.1 The Gearside Developer Dashboard WordPress plugin through 1.0.72 does not sanitise and escape a parameter before outputting it back in…
CVE-2025-48889 2025-05-30 MEDIUM 5.3 Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API,…
CVE-2025-48490 2025-05-30 N/A 0.0 Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations…
CVE-2025-41235 2025-05-30 HIGH 8.6 Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies.
CVE-2025-48491 2025-05-30 N/A 0.0 Project AI is a platform designed to create AI agents. Prior to the pre-beta version, a hardcoded API key was…
CVE-2025-48381 2025-05-30 N/A 0.0 Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. In versions starting from…
CVE-2025-48068 2025-05-30 N/A 0.0 Next.js is a React framework for building full-stack web applications. In versions starting from 13.0 to before 15.2.2, Next.js may…
CVE-2025-47952 2025-05-30 N/A 0.0 Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Prior to versions 2.11.25 and 3.4.1, there is a…
CVE-2025-48757 2025-05-30 CRITICAL 9.3 An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary…
CVE-2024-12224 2025-05-30 N/A 0.0 Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a…
CVE-2025-46352 2025-05-30 CRITICAL 9.8 The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible…
CVE-2025-41438 2025-05-30 CRITICAL 9.8 The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is…
CVE-2025-1907 2025-05-30 CRITICAL 9.8 Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
CVE-2025-5331 2025-05-29 HIGH 7.3 A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of…
CVE-2025-5330 2025-05-29 HIGH 7.3 A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of…
CVE-2025-5307 2025-05-29 HIGH 7.8 Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose…
CVE-2025-5328 2025-05-29 MEDIUM 5.4 A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del…
CVE-2025-5327 2025-05-29 MEDIUM 6.3 A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of…
CVE-2025-5326 2025-05-29 MEDIUM 6.3 A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by this…
CVE-2025-5325 2025-05-29 MEDIUM 6.3 A vulnerability has been found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0 and classified as critical. Affected by…
CVE-2025-4967 2025-05-29 CRITICAL 9.1 Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.
CVE-2025-47933 2025-05-29 CRITICAL 9.0 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker…
CVE-2025-47288 2025-05-29 LOW 3.5 Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there…
CVE-2025-3050 2025-05-29 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow…
CVE-2025-2518 2025-05-29 MEDIUM 5.3 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable…
CVE-2024-54952 2025-05-29 HIGH 7.5 MikroTik RouterOS 6.40.5, the SMB service contains a memory corruption vulnerability. Remote, unauthenticated attackers can exploit this issue by sending…
CVE-2024-49350 2025-05-29 MEDIUM 6.5 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through…
CVE-2025-5324 2025-05-29 LOW 3.3 A vulnerability, which was classified as problematic, was found in TechPowerUp GPU-Z 2.23.0. Affected is the function sub_140001880 in the…
CVE-2025-48336 2025-05-29 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in ThimPress Course Builder allows Object Injection.This issue affects Course Builder: from n/a before 3.6.6.
CVE-2025-46701 2025-05-29 HIGH 7.3 Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's GCI servlet allows security constraint bypass of security constraints that apply…
CVE-2025-32752 2025-05-29 MEDIUM 4.9 Dell ThinOS 2502 and prior contain a Cleartext Storage of Sensitive Information vulnerability. A high privileged attacker with physical access…
CVE-2025-5323 2025-05-29 LOW 3.7 A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function send_email_change_user_email…
« Anterior Página 333 de 3515 Siguiente »