Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57882 2025-09-23 MEDIUM 5.9 An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform…
CVE-2025-55069 2025-09-23 HIGH 8.3 A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the…
CVE-2025-55038 2025-09-23 MEDIUM 6.8 An authorization bypass vulnerability has been discovered in the Click Plus C2-03CPU2 device firmware version 3.60. Through the KOPR protocol utilized by the Remote PLC application, authenticated users…
CVE-2025-59484 2025-09-23 HIGH 8.3 The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the…
CVE-2025-58069 2025-09-23 MEDIUM 5.3 The use of a hard-coded cryptographic key was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software contains…
CVE-2025-54855 2025-09-23 MEDIUM 4.2 Cleartext storage of sensitive information was discovered in Click Programming Software version v3.60. The vulnerability can be exploited by a local user with access to the file system,…
CVE-2024-21935 2025-09-23 MEDIUM 5.0 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially…
CVE-2024-21927 2025-09-23 MEDIUM 5.0 Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfish® API commands, causing service processes like…
CVE-2025-59826 2025-09-23 HIGH 7.6 Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has…
CVE-2025-58354 2025-09-23 N/A 0.0 Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and…
CVE-2025-56311 2025-09-23 N/A 0.0 In Shenzhen C-Data Technology Co. FD602GW-DX-R410 (firmware v2.2.14), the web management interface contains an authenticated CSRF vulnerability on the reboot endpoint (/boaform/admin/formReboot). An attacker can craft a malicious…
CVE-2025-59930 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59929 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59928 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59927 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59926 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59925 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59924 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2023-47538 2025-09-24 N/A 0.0 Rejected reason: Not used
CVE-2025-59825 2025-09-23 N/A 0.0 astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when…
CVE-2025-59822 2025-09-23 N/A 0.0 Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper…
CVE-2025-8282 2025-09-23 MEDIUM 6.1 The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform…
CVE-2025-57636 2025-09-23 N/A 0.0 OS Command injection vulnerability in D-Link C1 2020-02-21. The sub_47F028 function in jhttpd contains a command injection vulnerability via the HTTP parameter "time".
CVE-2025-54081 2025-09-23 MEDIUM 6.7 Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed…
CVE-2025-10548 2025-09-23 MEDIUM 6.5 The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. The installer downloads and executes external components using curl.exe --insecure, enabling a…
CVE-2024-4598 2025-09-23 MEDIUM 6.5 An information disclosure vulnerability exists in multiple WSO2 products due to improper implementation of the enrich mediator. Authenticated users may be able to view unintended business data from…
CVE-2025-9900 2025-09-23 HIGH 8.8 A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large…
CVE-2025-59534 2025-09-23 HIGH 7.3 CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System…
CVE-2025-58674 2025-09-23 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Automattic WordPress allows Stored XSS. WordPress core security team is aware of the issue and working…
CVE-2025-57638 2025-09-23 N/A 0.0 Buffer overflow vulnerability in Tenda AC9 1.0 via the user supplied sys.vendor configuration value.
CVE-2025-57637 2025-09-23 N/A 0.0 Buffer overflow vulnerability in D-Link DI-7100G 2020-02-21 in the sub_451754 function of the jhttpd service in the viav4 parameter allowing attackers to cause a denial of service or…
CVE-2025-56146 2025-09-23 N/A 0.0 Indian Bank IndSMART Android App 3.8.1 is vulnerable to Missing SSL Certificate Validation in NuWebViewActivity.
CVE-2025-51005 2025-09-23 N/A 0.0 A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic…
CVE-2025-45326 2025-09-23 N/A 0.0 An issue in PocketVJ CP PocketVJ-CP-v3 pvj 3.9.1 allows remote attackers to execute arbitrary code via the submit_size.php component.
CVE-2025-4582 2025-09-23 N/A 0.0 Buffer Over-read, Off-by-one Error vulnerability in RTI Connext Professional (Core Libraries) allows File Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.8, from 6.1.0…
CVE-2025-9197 2025-09-23 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-8410 2025-09-23 N/A 0.0 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0.
CVE-2025-59821 2025-09-23 MEDIUM 6.5 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially…
CVE-2025-59548 2025-09-23 N/A 0.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to…
CVE-2025-59547 2025-09-23 MEDIUM 5.3 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the CKEditor file upload endpoint has insufficient sanitization for…
CVE-2025-59546 2025-09-23 LOW 2.4 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, administrators and content editors can set html in module…
CVE-2025-59545 2025-09-23 CRITICAL 9.0 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, the Prompt module allows execution of commands that can…
CVE-2025-59539 2025-09-23 MEDIUM 6.3 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, when embedding information in the Biography field, even if…
CVE-2025-58246 2025-09-23 MEDIUM 4.3 Insertion of Sensitive Information Into Sent Data vulnerability in Automattic WordPress allows Retrieve Embedded Sensitive Data. The WordPress Core security team is aware of the issue and is…
CVE-2025-57639 2025-09-23 N/A 0.0 OS Command injection vulnerability in Tenda AC9 1.0 was discovered to contain a command injection vulnerability via the usb.samba.guest.user parameter in the formSetSambaConf function of the httpd file.
CVE-2025-56394 2025-09-23 N/A 0.0 Free5gc 4.0.1 is vulnerable to Buffer Overflow. The AMF incorrectly validates the 5GS mobile identity, resulting in slice reference overflow.
CVE-2025-55780 2025-09-23 N/A 0.0 A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node,…
CVE-2025-52905 2025-09-23 N/A 0.0 Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
CVE-2025-4993 2025-09-23 N/A 0.0 Untrusted Pointer Dereference vulnerability in RTI Connext Professional (Core Libraries) allows Pointer Manipulation.This issue affects Connext Professional: from 7.4.0 before 7.6.0, from 7.0.0 before 7.3.0.10, from 6.1.0 before…
CVE-2025-29084 2025-09-23 N/A 0.0 SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file.
« Anterior Página 429 de 3934 Siguiente »