Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62171 2025-10-17 MEDIUM 5.9 ImageMagick is an open source software suite for displaying, converting, and editing raster image files. In ImageMagick versions prior to 7.1.2-7 and 6.9.13-32, an integer overflow vulnerability exists…
CVE-2025-62168 2025-10-17 CRITICAL 10.0 Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The…
CVE-2025-8414 2025-10-17 N/A 0.0 Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this…
CVE-2025-62356 2025-10-17 HIGH 7.5 A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects…
CVE-2025-62353 2025-10-17 CRITICAL 9.8 A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects…
CVE-2025-60279 2025-10-17 CRITICAL 9.6 A server-side request forgery (SSRF) vulnerability in Illia Cloud illia-Builder before v4.8.5 allows authenticated users to send arbitrary requests to internal services via the API. An attacker can…
CVE-2025-59043 2025-10-17 HIGH 7.5 OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version.…
CVE-2025-58747 2025-10-17 N/A 0.0 Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled…
CVE-2025-57567 2025-10-17 CRITICAL 9.1 A remote code execution (RCE) vulnerability exists in the PluXml CMS theme editor, specifically in the minify.php file located under the default theme directory (/themes/defaut/css/minify.php). An authenticated administrator…
CVE-2025-49655 2025-10-17 CRITICAL 9.8 Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing…
CVE-2025-26625 2025-10-17 N/A 0.0 Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of…
CVE-2025-11905 2025-10-17 MEDIUM 6.3 A vulnerability was found in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle of the file app\modules\cms\controller\gather.js. The manipulation results in code injection. The attack…
CVE-2025-62428 2025-10-16 N/A 0.0 Drawing-Captcha APP provides interactive, engaging verification for Web-Based Applications. The vulnerability is a Host Header Injection in the /register and /confirm-email endpoints. It allows an attacker to manipulate…
CVE-2025-62423 2025-10-16 MEDIUM 6.7 ClipBucket V5 provides open source video hosting with PHP. In version5.5.2 - #140 and earlier, a Blind SQL injection vulnerability exists in the Admin Area’s “/admin_area/login_as_user.php” file. Exploiting…
CVE-2025-62418 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted…
CVE-2025-60361 2025-10-17 LOW 2.8 radare2 v5.9.8 and before contains a memory leak in the function bochs_open.
CVE-2025-60360 2025-10-17 LOW 3.3 radare2 v5.9.8 and before contains a memory leak in the function r2r_subprocess_init.
CVE-2025-60359 2025-10-17 MEDIUM 4.0 radare2 v5.9.8 and before contains a memory leak in the function r_bin_object_new.
CVE-2025-62417 2025-10-16 N/A 0.0 Bagisto is an open source laravel eCommerce platform. When product data that begins with a spreadsheet formula character (for example =, +, -, or @) is accepted and…
CVE-2025-62416 2025-10-16 MEDIUM 5.1 Bagisto is an open source laravel eCommerce platform. Bagisto v2.3.7 is vulnerable to Server-Side Template Injection (SSTI) due to unsanitized user input being processed by the server-side templating…
CVE-2025-62415 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the TinyMCE image upload functionality allows an attacker with sufficient privileges (e.g. admin) to upload a crafted…
CVE-2025-62414 2025-10-16 MEDIUM 6.9 Bagisto is an open source laravel eCommerce platform. In Bagisto v2.3.7, the “Create New Customer” feature (in the admin panel) is vulnerable to Cross-Site Scripting (XSS). An attacker…
CVE-2025-55085 2025-10-17 N/A 0.0 In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification.…
CVE-2025-48087 2025-10-17 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason C. Memberlite Shortcodes memberlite-shortcodes allows Stored XSS.This issue affects Memberlite Shortcodes: from n/a through 1.4.1.
CVE-2025-11904 2025-10-17 MEDIUM 6.3 A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of the file /cms/model/hasUse. The manipulation of the argument ID leads to…
CVE-2025-11849 2025-10-17 CRITICAL 9.3 Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions…
CVE-2025-61554 2025-10-16 MEDIUM 5.5 A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor…
CVE-2025-62427 2025-10-16 N/A 0.0 The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side…
CVE-2025-61553 2025-10-16 HIGH 8.2 An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host…
CVE-2025-61922 2025-10-16 CRITICAL 9.1 PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express…
CVE-2025-48044 2025-10-17 N/A 0.0 Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before…
CVE-2025-11903 2025-10-17 MEDIUM 6.3 A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument…
CVE-2025-60358 2025-10-16 HIGH 7.5 radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
CVE-2025-11902 2025-10-17 MEDIUM 6.3 A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid…
CVE-2023-28815 2025-10-17 CRITICAL 9.8 Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary…
CVE-2023-28814 2025-10-17 CRITICAL 9.8 Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious…
CVE-2025-11895 2025-10-17 MEDIUM 4.3 The Binary MLM Plan plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.0. This is due to the bmp_user_payout_detail_of_current_user() function…
CVE-2025-55100 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio10_sam_parse_func() when parsing a list of…
CVE-2025-55099 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_alternate_setting_locate() when parsing a descriptor with…
CVE-2025-55098 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_device_type_get() when parsing a descriptor of…
CVE-2025-55097 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_audio_streaming_sampling_get() when parsing a descriptor of…
CVE-2025-55096 2025-10-17 N/A 0.0 In USBX before 6.4.3, the USB support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _ux_host_class_hid_report_descriptor_get()  when parsing a descriptor of…
CVE-2025-55094 2025-10-17 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_icmpv6_validate_options() when handling a packet…
CVE-2025-55087 2025-10-17 N/A 0.0 In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters.
CVE-2025-55093 2025-10-17 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() when handling unicast DHCP…
CVE-2025-55092 2025-10-17 N/A 0.0 In Eclipse Foundation NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_option_process() when processing…
CVE-2025-6950 2025-10-17 N/A 0.0 An Use of Hard-coded Credentials vulnerability has been identified in Moxa’s network security appliances and routers. The system employs a hard-coded secret key to sign JSON Web Tokens…
CVE-2025-6949 2025-10-17 N/A 0.0 An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A critical authorization flaw in the API allows an authenticated, low-privileged user…
CVE-2025-11900 2025-10-17 CRITICAL 9.8 The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-11899 2025-10-17 HIGH 8.1 Agentflow developed by Flowring has an Use of Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information, thereby logging into…
« Anterior Página 367 de 3936 Siguiente »