Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-61303 2025-10-20 CRITICAL 9.8 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample…
CVE-2025-61301 2025-10-20 HIGH 7.5 Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply…
CVE-2025-60783 2025-10-20 MEDIUM 6.5 There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL…
CVE-2025-60781 2025-10-20 MEDIUM 6.1 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
CVE-2025-12024 2025-10-21 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-60856 2025-10-20 MEDIUM 6.8 Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary…
CVE-2025-62684 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62683 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62682 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62681 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62680 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62679 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62678 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62677 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-8053 2025-10-20 N/A 0.0 Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the…
CVE-2025-8052 2025-10-20 N/A 0.0 SQL Injection vulnerability in opentext Flipper allows SQL Injection.  The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data…
CVE-2025-8051 2025-10-20 N/A 0.0 Path Traversal vulnerability in opentext Flipper allows Absolute Path Traversal.  The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2.
CVE-2025-8049 2025-10-20 N/A 0.0 Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the…
CVE-2025-8048 2025-10-20 N/A 0.0 External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and…
CVE-2025-62697 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in The Wikimedia Foundation Mediawiki - LanguageSelector Extension allows Code Injection.This issue affects Mediawiki…
CVE-2025-62528 2025-10-20 MEDIUM 5.4 Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for a project member to put…
CVE-2025-62527 2025-10-20 HIGH 7.1 Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password…
CVE-2025-62522 2025-10-20 N/A 0.0 Vite is a frontend tooling framework for JavaScript. In versions from 2.9.18 to before 3.0.0, 3.2.9 to before 4.0.0, 4.5.3 to before 5.0.0, 5.2.6 to before 5.4.21, 6.0.0…
CVE-2025-61488 2025-10-20 HIGH 7.6 An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter
CVE-2025-62429 2025-10-20 HIGH 7.2 ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter…
CVE-2025-5517 2025-10-20 MEDIUM 6.8 Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (MID/ CE) -Terra AC MID, ABB Terra AC wallbox…
CVE-2025-62700 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - MultiBoilerplate Extensionmaste allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62698 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - ExternalGuidance allows Stored XSS.This issue affects Mediawiki - ExternalGuidance:…
CVE-2025-62693 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - LastModified Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62510 2025-10-20 HIGH 8.1 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names.…
CVE-2025-62509 2025-10-20 HIGH 8.1 FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege…
CVE-2025-55086 2025-10-20 N/A 0.0 In NetXDuo version before 6.4.4, a networking support module for Eclipse Foundation ThreadX, in the DHCPV6 client there was an unchecked index extracting the server DUID from the…
CVE-2025-47902 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Microchip Time Provider 4100 allows SQL Injection.This issue affects Time Provider 4100: before 2.5.
CVE-2025-47901 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100:…
CVE-2025-47900 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Microchip Time Provider 4100 allows OS Command Injection.This issue affects Time Provider 4100:…
CVE-2025-3465 2025-10-20 HIGH 7.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ABB CoreSense™ HM, ABB CoreSense™ M10.This issue affects CoreSense™ HM: through 2.3.1; CoreSense™ M10: through…
CVE-2025-11979 2025-10-20 MEDIUM 5.3 An authorized user may crash the MongoDB server by causing buffer over-read. This can be done by issuing a DDL operation while queries are being issued, under some…
CVE-2025-54957 2025-10-20 MEDIUM 6.5 An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution…
CVE-2025-9574 2025-10-20 CRITICAL 9.1 Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects .  All firmware versions with the Serial Number from 2000 to 5166
CVE-2025-6515 2025-10-20 MEDIUM 6.8 The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to…
CVE-2025-61456 2025-10-20 MEDIUM 6.1 A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response…
CVE-2025-61417 2025-10-20 HIGH 8.8 Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file,…
CVE-2025-57738 2025-10-20 HIGH 7.2 Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations…
CVE-2025-48025 2025-10-20 N/A 0.0 In Samsung Mobile Processor and Wearable Processor Exynos 980, 1280, 1330, 1380, 1480, 2400, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to…
CVE-2025-40017 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once…
CVE-2025-40016 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have…
CVE-2025-40015 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to…
CVE-2025-40013 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could…
CVE-2025-40012 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed…
CVE-2025-40011 2025-10-20 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the…
« Anterior Página 361 de 3934 Siguiente »