Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-47989 2025-10-14 HIGH 7.0 Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-47979 2025-10-14 MEDIUM 5.5 Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-37146 2025-10-14 HIGH 7.2 A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow…
CVE-2025-37143 2025-10-14 MEDIUM 4.9 An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor…
CVE-2025-36730 2025-10-14 N/A 0.0 A prompt injection vulnerability exists in Windsurft version 1.10.7 in Write mode using SWE-1 model. It is possible to create a file name that will be appended to…
CVE-2025-25004 2025-10-14 HIGH 7.3 Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2025-24052 2025-10-14 HIGH 7.8 Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal…
CVE-2024-6211 2025-10-13 N/A 0.0 Rejected reason: loading template...
CVE-2025-62242 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through…
CVE-2025-62241 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment…
CVE-2025-58084 2025-10-13 LOW 3.5 Mattermost Desktop App versions
CVE-2025-62243 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-62170 2025-10-13 HIGH 7.5 rAthena is an open-source cross-platform MMORPG server. A use-after-free vulnerability exists in the RODEX functionality of rAthena's map-server in versions prior to commit af2f3ba. An unauthenticated attacker can…
CVE-2025-61775 2025-10-13 N/A 0.0 Vickey is a Misskey-based microblogging platform. A vulnerability exists in Vickey prior to version 2025.10.0 where unexpired email confirmation links can be reused multiple times to send repeated…
CVE-2025-7707 2025-10-13 HIGH 7.1 The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local…
CVE-2025-62244 2025-10-13 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update…
CVE-2025-11695 2025-10-13 HIGH 8.0 When tlsInsecure=False appears in a connection string, certificate validation is disabled. This vulnerability affects MongoDB Rust Driver versions prior to v3.2.5
CVE-2025-43991 2025-10-13 MEDIUM 6.3 SupportAssist for Home PCs versions 4.8.2 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contain an UNIX Symbolic Link (Symlink) following vulnerability. A low privileged…
CVE-2025-6919 2025-10-13 CRITICAL 9.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue…
CVE-2025-39965 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891…
CVE-2025-39964 2025-10-13 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing two writes to the same af_alg socket is bogus…
CVE-2025-37729 2025-10-13 CRITICAL 9.1 Improper neutralization of special elements used in a template engine in Elastic Cloud Enterprise (ECE) can lead to a malicious actor with Admin access exfiltrating sensitive information and…
CVE-2025-9902 2025-10-13 HIGH 7.5 Authorization Bypass Through User-Controlled Key vulnerability in AKIN Software Computer Import Export Industry and Trade Co. Ltd. QRMenu allows Privilege Abuse.This issue affects QRMenu: from 1.05.12 before Version…
CVE-2025-9337 2025-10-13 N/A 0.0 A null pointer dereference has been identified in the AsIO3.sys driver. The vulnerability can be triggered by a specially crafted input, which may lead to a system crash…
CVE-2025-9336 2025-10-13 N/A 0.0 A stack buffer overflow has been identified in the AsIO3.sys driver. This vulnerability can be triggered by input manipulation, may leading to a system crash (BSOD) or other…
CVE-2025-11184 2025-10-13 N/A 0.0 Cross-site scripting vulnerability in QGIS QWC2 Registration GUI
CVE-2025-11183 2025-10-13 N/A 0.0 Cross-Site Scripting vulnerability in attribute table in QGIS QWC2
CVE-2025-10720 2025-10-13 N/A 0.0 The WP Private Content Plus through 3.6.2 provides a global content protection feature that requires a password. However, the access control check is based only on the presence…
CVE-2025-9968 2025-10-13 N/A 0.0 A link following vulnerability exists in the UnifyScanner component of Armoury Crate. This vulnerability may be triggered by creating a specially crafted junction, potentially leading to local privilege…
CVE-2025-9976 2025-10-13 CRITICAL 9.0 An OS Command Injection vulnerability affecting Station Launcher App in 3DEXPERIENCE platform from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x could allow an attacker to execute arbitrary code…
CVE-2025-11675 2025-10-13 HIGH 7.2 Enterprise Cloud Database developed by Ragic has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution…
CVE-2025-11674 2025-10-13 MEDIUM 6.8 SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.
CVE-2025-11673 2025-10-13 HIGH 7.2 SOOP-CLM developed by PiExtract has a Hidden Functionality vulnerability, allowing privileged remote attackers to exploit a hidden functionality to execute arbitrary code on the server.
CVE-2025-11672 2025-10-13 MEDIUM 5.3 Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain user group names.
CVE-2025-11671 2025-10-13 MEDIUM 5.3 Uniweb/SoliPACS WebServer developed by EBM Technologies has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access a specific page to obtain information such as account names and…
CVE-2025-11668 2025-10-13 MEDIUM 4.7 A vulnerability was determined in code-projects Automated Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/update_user.php. This manipulation of the argument Password…
CVE-2025-11667 2025-10-13 MEDIUM 6.3 A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname…
CVE-2025-10558 2025-10-13 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVE-2025-10557 2025-10-13 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary…
CVE-2025-10556 2025-10-13 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script…
CVE-2025-10552 2025-10-13 HIGH 8.7 A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
CVE-2025-9265 2025-10-13 N/A 0.0 A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be…
CVE-2025-8915 2025-10-13 N/A 0.0 Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
CVE-2025-27259 2025-10-13 N/A 0.0 Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.
CVE-2025-27258 2025-10-13 N/A 0.0 Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.
CVE-2025-11666 2025-10-13 MEDIUM 6.7 A flaw has been found in Tenda RP3 Pro up to 22.5.7.93. This impacts an unknown function of the file force_upgrade.sh of the component Firmware Update Handler. Executing…
CVE-2025-11665 2025-10-13 MEDIUM 4.7 A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdater_main of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os…
CVE-2025-11664 2025-10-13 MEDIUM 4.7 A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of…
CVE-2025-0636 2025-10-13 HIGH 8.4 EMCLI contains a high severity vulnerability where improper neutralization of special elements used in an OS command could be exploited leading to Arbitrary Code Execution.
CVE-2025-9698 2025-10-13 N/A 0.0 The Plus Addons for Elementor WordPress plugin before 6.3.16 does not sanitize SVG file contents, which could allow users with minimum role access as Author to perform Stored…
« Anterior Página 380 de 3934 Siguiente »