Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-42192 2025-10-16 MEDIUM 5.5 HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
CVE-2025-62412 2025-10-16 LOW 3.8 LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to…
CVE-2025-62411 2025-10-16 MEDIUM 5.5 LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS
CVE-2025-61514 2025-10-16 MEDIUM 6.5 An arbitrary file upload vulnerability in SageMath, Inc CoCalc before commit 0d2ff58 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2025-62409 2025-10-16 N/A 0.0 Envoy is a cloud-native, open source edge and service proxy. Prior to 1.36.1, 1.35.5, 1.34.9, and 1.33.10, large requests and responses can potentially trigger TCP connection pool crashes…
CVE-2025-61539 2025-10-16 MEDIUM 6.1 Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
CVE-2025-60855 2025-10-16 MEDIUM 5.1 Reolink Video Doorbell WiFi DB_566128M5MP_W performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges.
CVE-2025-61330 2025-10-16 MEDIUM 6.5 A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak…
CVE-2025-60641 2025-10-16 MEDIUM 6.5 The file mexcel.php in the Vfront 0.99.52 codebase contains a vulnerable call to unserialize(base64_decode($_POST['mexcel'])), where $_POST['mexcel'] is user-controlled input. This input is decoded from base64 and deserialized without…
CVE-2025-60639 2025-10-16 MEDIUM 6.5 Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).
CVE-2025-56700 2025-10-16 MEDIUM 5.4 Boolean SQL injection vulnerability in the web app of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows a low level priviliged user that has access…
CVE-2025-56699 2025-10-16 MEDIUM 5.4 SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via…
CVE-2025-34513 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an OS command injection vulnerability in mbus_build_from_csv.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to service this…
CVE-2025-62425 2025-10-16 HIGH 8.3 MAS (Matrix Authentication Service) is a user management and authentication service for Matrix homeservers, written and maintained by Element. A logic flaw in matrix-authentication-service 0.20.0 through 1.4.0 allows…
CVE-2025-61543 2025-10-16 HIGH 7.1 A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An…
CVE-2025-61541 2025-10-16 HIGH 7.1 Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header…
CVE-2025-34255 2025-10-16 N/A 0.0 D-Link Nuclias Connect firmware versions
CVE-2025-34254 2025-10-16 N/A 0.0 D-Link Nuclias Connect firmware versions
CVE-2025-34253 2025-10-16 N/A 0.0 D-Link Nuclias Connect firmware versions
CVE-2025-11853 2025-10-16 MEDIUM 6.3 A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulation can lead…
CVE-2025-11852 2025-10-16 MEDIUM 5.3 A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/device_service of the component ONVIF Service. Performing manipulation results in…
CVE-2025-11493 2025-10-16 HIGH 8.8 The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. This creates a risk where an…
CVE-2025-11492 2025-10-16 CRITICAL 9.6 In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could…
CVE-2025-62586 2025-10-16 CRITICAL 9.8 OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password. Fixed in FOIAXpress version 11.13.2.0.
CVE-2025-62413 2025-10-16 MEDIUM 6.1 MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message…
CVE-2025-62407 2025-10-16 MEDIUM 6.1 Frappe is a full-stack web application framework. Prior to 14.98.0 and 15.83.0, an open redirect was possible through the redirect argument on the login page, if a specific…
CVE-2025-61924 2025-10-16 LOW 3.8 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due…
CVE-2025-61923 2025-10-16 MEDIUM 4.1 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the backoffice is missing validation on input resulting in…
CVE-2025-61909 2025-10-16 N/A 0.0 Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration…
CVE-2025-61908 2025-10-16 N/A 0.0 Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing…
CVE-2025-61907 2025-10-16 N/A 0.0 Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects…
CVE-2025-34519 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an insecure hashing algorithm vulnerability. The product stores passwords using the MD5 hash function without applying a per‑password salt. Because MD5 is…
CVE-2025-34518 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a relative path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends…
CVE-2025-34517 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an absolute path traversal vulnerability in get_file_content.php that allows an attacker to read arbitrary files. Ilevia has declined to service this vulnerability, and recommends…
CVE-2025-34516 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a use of default credentials vulnerability that allows an unauthenticated attacker to obtain remote access. Ilevia has declined to service this…
CVE-2025-34515 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service…
CVE-2025-34514 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain authenticated OS command injection vulnerabilities in multiple web-accessible PHP scripts that call exec() and allow an authenticated attacker to…
CVE-2025-34512 2025-10-16 N/A 0.0 Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain a reflected cross-site scripting (XSS) vulnerability in index.php that allows an unauthenticated attacker to execute arbitrary code. Ilevia has declined to…
CVE-2025-53951 2025-10-16 MEDIUM 5.3 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and…
CVE-2025-54658 2025-10-16 HIGH 7.8 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and…
CVE-2025-53950 2025-10-16 MEDIUM 5.5 An Exposure of Private Personal Information ('Privacy Violation') vulnerability [CWE-359] in Fortinet FortiDLP Agent's Outlookproxy plugin for MacOS and Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through…
CVE-2025-46752 2025-10-16 MEDIUM 4.4 A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
CVE-2025-43280 2025-10-15 MEDIUM 6.1 The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail…
CVE-2025-43281 2025-10-15 HIGH 8.4 The issue was addressed with improved authentication. This issue is fixed in macOS Sequoia 15.6. A local attacker may be able to elevate their privileges.
CVE-2025-43282 2025-10-15 MEDIUM 5.5 A double free issue was addressed with improved memory management. This issue is fixed in macOS Sequoia 15.6, iOS 18.6 and iPadOS 18.6, watchOS 11.6, tvOS 18.6, visionOS…
CVE-2025-43313 2025-10-15 MEDIUM 5.5 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.7.7, macOS Sonoma 14.7.7, macOS Sequoia 15.6. An app may be able to…
CVE-2025-61789 2025-10-16 MEDIUM 5.3 Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable…
CVE-2025-58051 2025-10-16 MEDIUM 6.5 Nextcloud Tables allows you to create your own tables with individual columns. Prior 0.7.6, 0.8.8, and 0.9.5, when importing a table, a user was able to specify files…
CVE-2025-53092 2025-10-16 MEDIUM 6.5 Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value…
CVE-2025-36128 2025-10-16 HIGH 7.5 IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read…
« Anterior Página 366 de 3934 Siguiente »