Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59731 2025-10-06 N/A 0.0 When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output…
CVE-2025-59730 2025-10-06 N/A 0.0 When decoding a frame for a SANM file (ANIM v0 variant), the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48…
CVE-2025-59729 2025-10-06 N/A 0.0 When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated…
CVE-2025-59728 2025-10-06 N/A 0.0 When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below [0], it…
CVE-2025-11327 2025-10-06 HIGH 8.8 A security vulnerability has been detected in Tenda AC18 15.03.05.19(6318). This vulnerability affects unknown code of the file /goform/SetUpnpCfg. The manipulation of the argument upnpEn leads to stack-based…
CVE-2025-11326 2025-10-06 HIGH 8.8 A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing manipulation of the argument wifi_chkHz can lead to stack-based…
CVE-2025-9914 2025-10-06 MEDIUM 4.3 The credentials of the users stored in the system's local database can be used for the log in, making it possible for an attacker to gain unauthorized access.…
CVE-2025-9913 2025-10-06 MEDIUM 4.5 JavaScript can be ran inside the address bar via the dashboard "Open in new Tab" Button, making the application vulnerable to session hijacking.
CVE-2025-58591 2025-10-06 MEDIUM 6.5 A remote, unauthorized attacker can brute force folders and files and read them like private keys or configurations, making the application vulnerable for gathering sensitive information.
CVE-2025-58590 2025-10-06 MEDIUM 6.5 It's possible to brute force folders and files, what can be used by an attacker to steal sensitve information.
CVE-2025-58589 2025-10-06 LOW 2.7 When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58587 2025-10-06 MEDIUM 6.5 The application does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it possible for an attacker to guess user credentials.
CVE-2025-58586 2025-10-06 MEDIUM 5.3 For failed login attempts, the application returns different error messages depending on whether the login failed due to an incorrect password or a non-existing username. This allows an…
CVE-2025-58585 2025-10-06 MEDIUM 5.3 Multiple endpoints with sensitive information do not require authentication, making the application susceptible to information gathering.
CVE-2025-58584 2025-10-06 MEDIUM 5.3 In the HTTP request, the username and password are transferred directly in the URL as parameters. However, URLs can be stored in various systems such as server logs,…
CVE-2025-58583 2025-10-06 MEDIUM 5.3 The application provides access to a login protected H2 database for caching purposes. The username is prefilled.
CVE-2025-58582 2025-10-06 MEDIUM 5.3 If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible…
CVE-2025-58581 2025-10-06 MEDIUM 4.3 When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information.…
CVE-2025-58580 2025-10-06 MEDIUM 6.5 An API endpoint allows arbitrary log entries to be created via POST request. Without sufficient validation of the input data, an attacker can create manipulated log entries and…
CVE-2025-58579 2025-10-06 MEDIUM 5.3 Due to a lack of authentication, it is possible for an unauthenticated user to request data from this endpoint, making the application vulnerable for user enumeration.
CVE-2025-58578 2025-10-06 LOW 3.8 A user with the appropriate authorization can create any number of user accounts via an API endpoint using a POST request. There are no quotas, checking mechanisms or…
CVE-2025-11325 2025-10-06 HIGH 8.8 A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing manipulation of the argument Username…
CVE-2025-11324 2025-10-06 HIGH 8.8 A vulnerability was identified in Tenda AC18 15.03.05.19(6318). Affected by this vulnerability is an unknown functionality of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to…
CVE-2025-57781 2025-10-06 HIGH 7.8 The installers of DENSO TEN drive recorder viewer contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result,…
CVE-2025-11323 2025-10-06 HIGH 8.8 A vulnerability was determined in UTT 1250GW up to v2v3.2.2-200710. Affected is the function strcpy of the file /goform/formUserStatusRemark. This manipulation of the argument Username causes buffer overflow.…
CVE-2025-11322 2025-10-06 LOW 3.7 A flaw has been found in Mangati NovoSGA up to 2.2.12. The impacted element is an unknown function of the file /novosga.users/new of the component User Creation Page.…
CVE-2025-11321 2025-10-06 MEDIUM 4.3 A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results…
CVE-2025-11320 2025-10-06 MEDIUM 6.3 A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. Impacted is the function uploadFile of the file src/main/java/com/education/core/controller/UploadController.java. Such manipulation of the argument File leads…
CVE-2025-11319 2025-10-06 MEDIUM 6.3 A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes…
CVE-2025-11318 2025-10-06 HIGH 7.3 A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the…
CVE-2025-11317 2025-10-06 HIGH 7.3 A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort…
CVE-2025-11316 2025-10-06 HIGH 7.3 A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of…
CVE-2025-50538 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
CVE-2025-29192 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
CVE-2025-11315 2025-10-06 HIGH 7.3 A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of…
CVE-2025-11314 2025-10-06 HIGH 7.3 A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument…
CVE-2025-11313 2025-10-06 HIGH 7.3 A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument…
CVE-2025-11312 2025-10-06 HIGH 7.3 A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort…
CVE-2025-11311 2025-10-06 HIGH 7.3 A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation…
CVE-2025-11310 2025-10-06 HIGH 7.3 A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of…
CVE-2025-11300 2025-10-05 HIGH 8.8 A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results…
CVE-2025-11299 2025-10-05 HIGH 8.8 A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer…
CVE-2025-11298 2025-10-05 MEDIUM 6.3 A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection.…
CVE-2025-11297 2025-10-05 HIGH 8.8 A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing manipulation of the argument webpage results in buffer overflow.…
CVE-2025-11296 2025-10-05 HIGH 8.8 A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow.…
CVE-2025-11295 2025-10-05 HIGH 8.8 A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote…
CVE-2025-11294 2025-10-05 HIGH 8.8 A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in…
CVE-2025-11293 2025-10-05 HIGH 8.8 A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn…
CVE-2025-11292 2025-10-05 MEDIUM 6.3 A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing manipulation of the argument wan_ipaddr can lead to command…
CVE-2025-11291 2025-10-05 MEDIUM 4.3 A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handler.…
« Anterior Página 398 de 3934 Siguiente »