Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62701 2025-10-21 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories:…
CVE-2025-62696 2025-10-21 N/A 0.0 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation…
CVE-2025-62695 2025-10-21 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-9133 2025-10-21 HIGH 8.1 A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware…
CVE-2025-8078 2025-10-21 HIGH 7.2 A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series…
CVE-2025-7851 2025-10-21 N/A 0.0 An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE-2025-7850 2025-10-21 N/A 0.0 A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
CVE-2025-6542 2025-10-21 N/A 0.0 An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
CVE-2025-6541 2025-10-21 N/A 0.0 An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVE-2025-54764 2025-10-20 MEDIUM 6.2 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
CVE-2025-12001 2025-10-20 N/A 0.0 Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-11536 2025-10-20 MEDIUM 5.0 The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action.…
CVE-2018-25118 2025-10-20 N/A 0.0 GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed…
CVE-2025-62658 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension:…
CVE-2025-62657 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension:…
CVE-2025-62656 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension:…
CVE-2025-61303 2025-10-20 CRITICAL 9.8 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample…
CVE-2025-61301 2025-10-20 HIGH 7.5 Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply…
CVE-2025-60783 2025-10-20 MEDIUM 6.5 There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL…
CVE-2025-60781 2025-10-20 MEDIUM 6.1 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
CVE-2025-12024 2025-10-21 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-60856 2025-10-20 MEDIUM 6.8 Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary…
CVE-2025-62684 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62683 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62682 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62681 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62680 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62679 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62678 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62677 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-8053 2025-10-20 N/A 0.0 Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the…
CVE-2025-8052 2025-10-20 N/A 0.0 SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data…
CVE-2025-8051 2025-10-20 N/A 0.0 Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
CVE-2025-8049 2025-10-20 N/A 0.0 Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the…
CVE-2025-8048 2025-10-20 N/A 0.0 External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and…
CVE-2025-62697 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki…
CVE-2025-62528 2025-10-20 MEDIUM 5.4 Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put…
CVE-2025-62527 2025-10-20 HIGH 7.1 Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password…
CVE-2025-62522 2025-10-20 N/A 0.0 Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0…
CVE-2025-61488 2025-10-20 HIGH 7.6 An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
CVE-2025-62429 2025-10-20 HIGH 7.2 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter…
CVE-2025-5517 2025-10-20 MEDIUM 6.8 Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox…
CVE-2025-62700 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62698 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance:…
CVE-2025-62693 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62510 2025-10-20 HIGH 8.1 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names.…
CVE-2025-62509 2025-10-20 HIGH 8.1 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege…
CVE-2025-55086 2025-10-20 N/A 0.0 In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the…
CVE-2025-47902 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
CVE-2025-47901 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100:…
« Anterior Página 360 de 3933 Siguiente »