Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-12344 2025-10-28 MEDIUM 6.3 A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header…
CVE-2025-12244 2025-10-27 MEDIUM 4.3 A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to…
CVE-2025-12245 2025-10-27 MEDIUM 5.3 A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument…
CVE-2025-12246 2025-10-27 MEDIUM 4.3 A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation…
CVE-2025-12252 2025-10-27 MEDIUM 6.3 A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in…
CVE-2025-12253 2025-10-27 HIGH 7.3 A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/portal/get_expiredtime.php. This manipulation of the argument…
CVE-2025-12254 2025-10-27 MEDIUM 6.3 A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument…
CVE-2025-12255 2025-10-27 MEDIUM 6.3 A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname…
CVE-2025-12256 2025-10-27 MEDIUM 6.3 A weakness has been identified in code-projects Online Event Judging System 1.0. This vulnerability affects unknown code of the file /edit_contestant.php. Executing manipulation of the argument contestant_id can…
CVE-2025-12257 2025-10-27 HIGH 7.3 A security vulnerability has been detected in SourceCodester Online Student Result System 1.0. This issue affects some unknown processing of the file /view_result.php. The manipulation of the argument…
CVE-2025-12258 2025-10-27 HIGH 8.8 A vulnerability was detected in TOTOLINK A3300R 17.0.0cu.557_B20221024. Impacted is the function setOpModeCfg of the file /cgi-bin/cstecgi.cg of the component POST Parameter Handler. The manipulation of the argument…
CVE-2025-12259 2025-10-27 HIGH 8.8 A flaw has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The affected element is the function setScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. This manipulation…
CVE-2025-12260 2025-10-27 HIGH 8.8 A vulnerability has been found in TOTOLINK A3300R 17.0.0cu.557_B20221024. The impacted element is the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi of the component POST Parameter Handler. Such manipulation…
CVE-2025-12261 2025-10-27 MEDIUM 6.3 A vulnerability was found in CodeAstro Gym Management System 1.0. This affects an unknown function of the file /admin/actions/remove-announcement.php. Performing manipulation of the argument ID results in sql…
CVE-2025-12262 2025-10-27 MEDIUM 6.3 A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead…
CVE-2025-12263 2025-10-27 MEDIUM 6.3 A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to…
CVE-2025-12265 2025-10-27 HIGH 8.8 A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes…
CVE-2025-12271 2025-10-27 HIGH 8.8 A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The…
CVE-2025-12272 2025-10-27 HIGH 8.8 A security flaw has been discovered in Tenda CH22 1.0.0.1. This impacts the function fromAddressNat of the file /goform/addressNat. Performing manipulation of the argument page results in buffer…
CVE-2025-12273 2025-10-27 HIGH 8.8 A weakness has been identified in Tenda CH22 1.0.0.1. Affected is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing manipulation of the argument page can lead to buffer…
CVE-2025-12274 2025-10-27 HIGH 8.8 A security vulnerability has been detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page…
CVE-2025-12342 2025-10-28 HIGH 7.3 A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component…
CVE-2025-12341 2025-10-28 HIGH 7.8 A vulnerability was detected in ermig1979 AntiDupl up to 2.3.12. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation…
CVE-2025-12339 2025-10-28 HIGH 7.3 A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the…
CVE-2025-12338 2025-10-28 HIGH 7.3 A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing manipulation of the argument pid…
CVE-2025-12337 2025-10-28 HIGH 7.3 A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/admin_feature.php. Performing manipulation of the argument…
CVE-2025-12336 2025-10-28 HIGH 7.3 A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the…
CVE-2025-12207 2025-10-27 LOW 3.3 A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null…
CVE-2025-12206 2025-10-27 LOW 3.3 A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs…
CVE-2025-12205 2025-10-27 MEDIUM 5.3 A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in…
CVE-2025-12204 2025-10-27 MEDIUM 5.3 A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to…
CVE-2025-43024 2025-10-28 N/A 0.0 A GUI dialog of an application allows to view what files are in the file system without proper authorization.
CVE-2025-33133 2025-10-28 MEDIUM 6.5 IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an…
CVE-2025-33132 2025-10-28 MEDIUM 6.5 IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to…
CVE-2025-33131 2025-10-28 MEDIUM 6.5 IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to…
CVE-2025-33126 2025-10-28 MEDIUM 6.5 IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0…
CVE-2025-12335 2025-10-28 MEDIUM 4.3 A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplier_update.php. This manipulation of the argument supp_name/supp_address causes…
CVE-2025-12332 2025-10-28 LOW 2.4 A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site…
CVE-2025-62259 2025-10-27 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported…
CVE-2025-62258 2025-10-27 N/A 0.0 CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and…
CVE-2025-12334 2025-10-27 MEDIUM 4.3 A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site…
CVE-2025-12333 2025-10-27 MEDIUM 4.3 A vulnerability has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross…
CVE-2025-62793 2025-10-27 MEDIUM 6.8 eLabFTW is an open source electronic lab notebook for research labs. The application served uploaded SVG files inline. Because SVG supports active content, an attacker could upload a…
CVE-2025-62781 2025-10-27 MEDIUM 5.0 PILOS (Platform for Interactive Live-Online Seminars) is a frontend for BigBlueButton. Prior to 4.8.0, users with a local account can change their password while logged in. When doing…
CVE-2025-62779 2025-10-27 N/A 0.0 Frappe Learning is a learning system that helps users structure their content. In Frappe Learning 2.39.1 and earlier, users were able to add HTML through input fields in…
CVE-2025-62778 2025-10-27 N/A 0.0 Frappe Learning is a learning management system. A security issue was identified in Frappe Learning 2.39.1 and earlier, where students were able to access the Quiz Form if…
CVE-2025-62261 2025-10-27 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported…
CVE-2025-62260 2025-10-27 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit…
CVE-2025-12331 2025-10-27 MEDIUM 4.7 A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of…
CVE-2025-12330 2025-10-27 LOW 2.4 A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page.…
« Anterior Página 36 de 3631 Siguiente »