Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-10653 2025-10-02 HIGH 8.6 An unauthenticated debug port may allow access to the device file system.
CVE-2025-59738 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59737 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59736 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59735 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59755 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59754 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59753 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59752 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59751 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59750 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59764 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59763 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59762 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59761 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59760 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59759 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59758 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59757 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59756 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59774 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59773 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59772 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59771 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59770 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59769 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59768 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59767 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59766 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59765 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59745 2025-10-02 HIGH 7.5 Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure…
CVE-2025-59746 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59747 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59748 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59749 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59835 2025-10-02 N/A 0.0 LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform…
CVE-2025-54315 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
CVE-2025-49090 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
CVE-2025-56161 2025-10-02 HIGH 7.5 YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php…
CVE-2025-56154 2025-10-02 MEDIUM 6.1 htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in…
CVE-2025-32942 2025-10-02 HIGH 7.2 SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
CVE-2025-34210 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password,…
CVE-2025-34208 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed…
CVE-2025-61096 2025-10-02 MEDIUM 6.5 PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.
CVE-2025-61087 2025-10-02 N/A 0.0 SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
CVE-2025-60782 2025-10-02 N/A 0.0 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads…
CVE-2025-56381 2025-10-02 MEDIUM 6.5 ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.
CVE-2025-56380 2025-10-02 MEDIUM 6.5 Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter
CVE-2025-56379 2025-10-02 N/A 0.0 A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
CVE-2025-53881 2025-10-02 N/A 0.0 A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before…
« Anterior Página 409 de 3936 Siguiente »