Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57567 2025-10-17 CRITICAL 9.1 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator…
CVE-2025-49655 2025-10-17 CRITICAL 9.8 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing…
CVE-2025-26625 2025-10-17 N/A 0.0 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of…
CVE-2025-11905 2025-10-17 MEDIUM 6.3 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack…
CVE-2025-62428 2025-10-16 N/A 0.0 Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate…
CVE-2025-62423 2025-10-16 MEDIUM 6.7 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting…
CVE-2025-62418 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted…
CVE-2025-60361 2025-10-17 LOW 2.8 radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
CVE-2025-60360 2025-10-17 LOW 3.3 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
CVE-2025-60359 2025-10-17 MEDIUM 4.0 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
CVE-2025-62417 2025-10-16 N/A 0.0 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and…
CVE-2025-62416 2025-10-16 MEDIUM 5.1 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating…
CVE-2025-62415 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted…
CVE-2025-62414 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker…
CVE-2025-55085 2025-10-17 N/A 0.0 In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification.…
CVE-2025-48087 2025-10-17 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1.
CVE-2025-11904 2025-10-17 MEDIUM 6.3 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to…
CVE-2025-11849 2025-10-17 CRITICAL 9.3 Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions…
CVE-2025-61554 2025-10-16 MEDIUM 5.5 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor…
CVE-2025-62427 2025-10-16 N/A 0.0 The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side…
CVE-2025-61553 2025-10-16 HIGH 8.2 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host…
CVE-2025-61922 2025-10-16 CRITICAL 9.1 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express…
CVE-2025-48044 2025-10-17 N/A 0.0 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before…
CVE-2025-11903 2025-10-17 MEDIUM 6.3 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument…
CVE-2025-60358 2025-10-16 HIGH 7.5 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
CVE-2025-11902 2025-10-17 MEDIUM 6.3 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid…
CVE-2023-28815 2025-10-17 CRITICAL 9.8 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary…
CVE-2023-28814 2025-10-17 CRITICAL 9.8 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious…
CVE-2025-11895 2025-10-17 MEDIUM 4.3 The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmp_user_payout_detail_of_current_user() function…
CVE-2025-55100 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of…
CVE-2025-55099 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with…
CVE-2025-55098 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of…
CVE-2025-55097 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of…
CVE-2025-55096 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get()  when parsing a descriptor of…
CVE-2025-55094 2025-10-17 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet…
CVE-2025-55087 2025-10-17 N/A 0.0 In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
CVE-2025-55093 2025-10-17 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP…
CVE-2025-55092 2025-10-17 N/A 0.0 In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing…
CVE-2025-6950 2025-10-17 N/A 0.0 An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens…
CVE-2025-6949 2025-10-17 N/A 0.0 An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user…
CVE-2025-11900 2025-10-17 CRITICAL 9.8 The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-11899 2025-10-17 HIGH 8.1 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into…
CVE-2025-11898 2025-10-17 HIGH 7.5 Agentflow developed by Flowring has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2025-6894 2025-10-17 N/A 0.0 An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authorization logic of the affected device allows…
CVE-2025-6893 2025-10-17 N/A 0.0 An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data…
CVE-2025-6892 2025-10-17 N/A 0.0 An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints,…
CVE-2025-62506 2025-10-16 HIGH 8.1 MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted…
CVE-2025-62504 2025-10-16 MEDIUM 6.5 Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a…
CVE-2025-11896 2025-10-16 N/A 0.0 In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
CVE-2025-11864 2025-10-16 HIGH 7.3 A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such…
« Anterior Página 365 de 3934 Siguiente »