Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-11337	2025-10-06	MEDIUM	5.3	A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName…
CVE-2025-11336	2025-10-06	MEDIUM	5.3	A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such…
CVE-2025-11335	2025-10-06	MEDIUM	4.7	A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd.…
CVE-2025-11334	2025-10-06	HIGH	7.3	A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument…
CVE-2025-11333	2025-10-06	LOW	2.4	A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The…
CVE-2025-11332	2025-10-06	LOW	3.5	A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing manipulation of the argument…
CVE-2025-11331	2025-10-06	MEDIUM	4.7	A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation…
CVE-2025-11330	2025-10-06	MEDIUM	6.3	A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument…
CVE-2025-0609	2025-10-06	MEDIUM	4.7	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before…
CVE-2025-0608	2025-10-06	MEDIUM	5.5	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6.
CVE-2025-11329	2025-10-06	HIGH	7.3	A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql…
CVE-2025-11328	2025-10-06	HIGH	8.8	A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer…
CVE-2025-0606	2025-10-06	MEDIUM	6.0	Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.This issue affects Logo Cloud: before 0.67.
CVE-2025-59734	2025-10-06	N/A	0.0	It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion stored_frame. Stored frames can later be referenced by FTCH chunks. For…
CVE-2025-59733	2025-10-06	N/A	0.0	When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that…
CVE-2025-59732	2025-10-06	N/A	0.0	When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or…
CVE-2025-59731	2025-10-06	N/A	0.0	When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output…
CVE-2025-59730	2025-10-06	N/A	0.0	When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48…
CVE-2025-59729	2025-10-06	N/A	0.0	When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated…
CVE-2025-59728	2025-10-06	N/A	0.0	When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it…
CVE-2025-11327	2025-10-06	HIGH	8.8	A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based…
CVE-2025-11326	2025-10-06	HIGH	8.8	A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing manipulation of the argument wifi_chkHz can lead to stack-based…
CVE-2025-9914	2025-10-06	MEDIUM	4.3	The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access.…
CVE-2025-9913	2025-10-06	MEDIUM	4.5	JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
CVE-2025-58591	2025-10-06	MEDIUM	6.5	A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.
CVE-2025-58590	2025-10-06	MEDIUM	6.5	It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
CVE-2025-58589	2025-10-06	LOW	2.7	When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58587	2025-10-06	MEDIUM	6.5	The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.
CVE-2025-58586	2025-10-06	MEDIUM	5.3	For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an…
CVE-2025-58585	2025-10-06	MEDIUM	5.3	Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
CVE-2025-58584	2025-10-06	MEDIUM	5.3	In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs,…
CVE-2025-58583	2025-10-06	MEDIUM	5.3	The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-58582	2025-10-06	MEDIUM	5.3	If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible…
CVE-2025-58581	2025-10-06	MEDIUM	4.3	When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58580	2025-10-06	MEDIUM	6.5	An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and…
CVE-2025-58579	2025-10-06	MEDIUM	5.3	Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
CVE-2025-58578	2025-10-06	LOW	3.8	A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or…
CVE-2025-11325	2025-10-06	HIGH	8.8	A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing manipulation of the argument Username…
CVE-2025-11324	2025-10-06	HIGH	8.8	A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to…
CVE-2025-57781	2025-10-06	HIGH	7.8	The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-11323	2025-10-06	HIGH	8.8	A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow.…
CVE-2025-11322	2025-10-06	LOW	3.7	A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page.…
CVE-2025-11321	2025-10-06	MEDIUM	4.3	A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results…
CVE-2025-11320	2025-10-06	MEDIUM	6.3	A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads…
CVE-2025-11319	2025-10-06	MEDIUM	6.3	A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes…
CVE-2025-11318	2025-10-06	HIGH	7.3	A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the…
CVE-2025-11317	2025-10-06	HIGH	7.3	A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort…
CVE-2025-11316	2025-10-06	HIGH	7.3	A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of…
CVE-2025-50538	2025-10-06	HIGH	8.2	Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
CVE-2025-29192	2025-10-06	HIGH	8.2	Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.

« Anterior Página 397 de 3933 Siguiente »