Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-60019 2025-09-25 LOW 3.7 glib-networking's OpenSSL backend fails to properly check the return value of memory allocation routines. An out of memory condition could potentially result in writing to an invalid memory…
CVE-2025-60018 2025-09-25 MEDIUM 4.8 glib-networking's OpenSSL backend fails to properly check the return value of a call to BIO_write(), resulting in an out of bounds read.
CVE-2025-59841 2025-09-25 CRITICAL 9.8 Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.2.0 to before 2.3.1, the FlagForge web application improperly handles session invalidation. Authenticated users can continue…
CVE-2025-57446 2025-09-25 N/A 0.0 An issue in O-RAN Near Realtime RIC ric-plt-submgr in the J-Release environment, allows remote attackers to cause a denial of service (DoS) via a crafted request to the…
CVE-2025-20362 2025-09-25 MEDIUM 6.5 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated,…
CVE-2025-20333 2025-09-25 CRITICAL 9.9 A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated,…
CVE-2025-20363 2025-09-25 CRITICAL 9.0 A vulnerability in the web services of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software, Cisco Secure Firewall Threat Defense (FTD) Software, Cisco IOS Software, Cisco IOS XE…
CVE-2025-60033 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60032 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60031 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60030 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60029 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60028 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60027 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-60026 2025-09-26 N/A 0.0 Rejected reason: Not used
CVE-2025-57317 2025-09-25 HIGH 7.5 apidoc-core is the core parser library to generate apidoc result following the apidoc-spec. A Prototype Pollution vulnerability in the preProcess function of apidoc-core versions thru 0.15.0 allows attackers…
CVE-2025-57320 2025-09-24 MEDIUM 6.5 json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or…
CVE-2025-26278 2025-09-25 HIGH 7.5 A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.
CVE-2025-10540 2025-09-25 MEDIUM 6.5 iMonitor EAM 9.6394 transmits communication between the EAM client agent and the EAM server, as well as between the EAM monitor management software and the server, in plaintext…
CVE-2025-20352 2025-09-24 HIGH 7.7 A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow the following: An authenticated, remote attacker with…
CVE-2025-59305 2025-09-24 HIGH 7.6 Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or…
CVE-2025-59422 2025-09-25 N/A 0.0 Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversation_id=&limit=10 endpoint allows users in the same workspace to read…
CVE-2025-57318 2025-09-24 HIGH 7.5 A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of…
CVE-2025-59839 2025-09-25 HIGH 8.6 The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In…
CVE-2025-59834 2025-09-25 CRITICAL 9.8 ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in…
CVE-2025-59831 2025-09-25 N/A 0.0 git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests…
CVE-2025-59426 2025-09-25 MEDIUM 4.3 Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect…
CVE-2025-57324 2025-09-24 MEDIUM 6.5 parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties…
CVE-2025-10948 2025-09-25 HIGH 8.8 A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow.…
CVE-2025-5494 2025-09-25 LOW 3.9 ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
CVE-2025-27261 2025-09-25 N/A 0.0 Ericsson Indoor Connect 8855 contains a SQL injection vulnerability which if exploited can lead to unauthorized disclosure and modification of user and configuration data.
CVE-2025-10947 2025-09-25 MEDIUM 5.3 A flaw has been found in Sistemas Pleno Gestão de Locação up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component…
CVE-2025-10894 2025-09-24 CRITICAL 9.6 Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack.…
CVE-2025-10467 2025-09-25 HIGH 8.9 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows…
CVE-2025-10946 2025-09-25 LOW 3.5 A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results…
CVE-2025-10945 2025-09-25 LOW 3.5 A security vulnerability has been detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. Impacted is an unknown function of the file d.php. Such manipulation of the argument hm leads…
CVE-2025-10944 2025-09-25 LOW 3.5 A weakness has been identified in yi-ge get-header-ip up to 589b23d0eb0043c310a6a13ce4bbe2505d0d0b15. This issue affects the function ip of the file ip.php. This manipulation of the argument callback causes…
CVE-2025-10449 2025-09-25 HIGH 8.6 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Saysis Computer Systems Trade Ltd. Co. Saysis Web Portal allows Path Traversal.This issue affects Saysis…
CVE-2025-40698 2025-09-25 N/A 0.0 SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the…
CVE-2025-10957 2025-09-25 N/A 0.0 This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP…
CVE-2025-10943 2025-09-25 LOW 3.5 A security flaw has been discovered in MikeCen WeChat-Face-Recognition up to 6e3f72bf8547d80b59e330f1137e4aa505f492c1. This vulnerability affects the function valid of the file wx.php. The manipulation of the argument echostr…
CVE-2025-10438 2025-09-25 HIGH 8.6 Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.
CVE-2025-10942 2025-09-25 HIGH 8.8 A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to…
CVE-2025-10941 2025-09-25 HIGH 7.8 A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can…
CVE-2025-10940 2025-09-25 LOW 2.4 A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of…
CVE-2025-21056 2025-09-25 MEDIUM 6.6 Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.
CVE-2025-10585 2025-09-24 HIGH 8.8 Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2025-54520 2025-09-24 N/A 0.0 Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.
CVE-2025-59833 2025-09-24 HIGH 7.5 Flag Forge is a Capture The Flag (CTF) platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the…
CVE-2025-59827 2025-09-24 HIGH 8.2 Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g.,…
« Anterior Página 425 de 3933 Siguiente »