Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55885 2025-09-22 MEDIUM 6.3 SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php
CVE-2025-43953 2025-09-22 HIGH 8.8 In 2wcom IP-4c 2.16, the web interface allows admin and manager users to execute arbitrary code as root via a ping or traceroute field on the TCP/IP screen.
CVE-2025-10809 2025-09-22 HIGH 7.3 A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. The affected element is an unknown function of the file /admin/department.php. Such manipulation of the…
CVE-2025-10808 2025-09-22 HIGH 7.3 A weakness has been identified in Campcodes Farm Management System 1.0. Impacted is an unknown function of the file /uploadProduct.php. This manipulation of the argument Type causes sql…
CVE-2025-59413 2025-09-22 MEDIUM 6.5 CubeCart is an ecommerce software solution. Prior to version 6.5.11, a logic flaw exists in the newsletter subscription endpoint that allows an attacker to unsubscribe any user without…
CVE-2025-59412 2025-09-22 MEDIUM 5.4 CubeCart is an ecommerce software solution. Prior to version 6.5.11, a vulnerability exists in the product reviews feature where user-supplied input is not properly sanitized before being displayed.…
CVE-2025-59411 2025-09-22 MEDIUM 5.4 CubeCart is an ecommerce software solution. Prior to version 6.5.11, the contact form’s Enquiry field accepts raw HTML and that HTML is included verbatim in the email sent…
CVE-2025-59335 2025-09-22 HIGH 7.1 CubeCart is an ecommerce software solution. Prior to version 6.5.11, there is an absence of automatic session expiration following a user's password change. This oversight poses a security…
CVE-2025-57434 2025-09-22 HIGH 8.8 Creacast Creabox Manager contains a critical authentication flaw that allows an attacker to bypass login validation. The system grants access when the username is creabox and the password…
CVE-2025-57431 2025-09-22 HIGH 8.8 The Sound4 PULSE-ECO AES67 1.22 web-based management interface is vulnerable to Remote Code Execution (RCE) via a malicious firmware update package. The update mechanism fails to validate the…
CVE-2025-43807 2025-09-22 N/A 0.0 Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through…
CVE-2025-57682 2025-09-22 MEDIUM 6.5 Directory Traversal vulnerability in Papermark 0.20.0 and prior allows authenticated attackers to retrieve arbitrary files from an S3 bucket through its CloudFront distribution via the "POST /api/file/s3/get-presigned-get-url-proxy" API
CVE-2025-57605 2025-09-22 N/A 0.0 Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments.…
CVE-2025-57602 2025-09-22 N/A 0.0 Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate…
CVE-2025-57601 2025-09-22 N/A 0.0 AiKaan Cloud Controller uses a single hardcoded SSH private key and the username `proxyuser` for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open…
CVE-2025-57433 2025-09-22 N/A 0.0 The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with…
CVE-2025-57432 2025-09-22 N/A 0.0 Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video…
CVE-2025-57430 2025-09-22 N/A 0.0 Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext…
CVE-2025-36202 2025-09-22 HIGH 7.5 IBM webMethods Integration 10.15 and 11.1 could allow an authenticated user with required execute Services to execute commands on the system due to the improper validation of format…
CVE-2025-36037 2025-09-22 MEDIUM 5.4 IBM webMethods Integration 10.15 and 11.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading…
CVE-2025-35042 2025-09-22 CRITICAL 9.8 Airship AI Acropolis includes a default administrative account that uses the same credentials on every installation. Instances of Airship AI that do not change this account password are…
CVE-2025-35041 2025-09-22 HIGH 7.5 Airship AI Acropolis allows unlimited MFA attempts for 15 minutes after a user has logged in with valid credentials. A remote attacker with valid credentials could brute-force the…
CVE-2025-10805 2025-09-22 MEDIUM 6.3 A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. This affects an unknown part of the file /admin/add-services.php. Executing manipulation of the argument sername can…
CVE-2025-10804 2025-09-22 MEDIUM 6.3 A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the…
CVE-2025-9038 2025-09-22 N/A 0.0 Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.
CVE-2025-10803 2025-09-22 HIGH 8.8 A vulnerability has been found in Tenda AC23 up to 16.03.07.52. Affected by this vulnerability is the function sscanf of the file /goform/SetPptpServerCfg of the component HTTP POST…
CVE-2025-10802 2025-09-22 HIGH 7.3 A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql…
CVE-2025-56075 2025-09-22 MEDIUM 5.4 A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via…
CVE-2025-56074 2025-09-22 CRITICAL 9.8 A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via…
CVE-2025-51006 2025-09-22 HIGH 7.8 Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple…
CVE-2025-10801 2025-09-22 HIGH 7.3 A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown function of the file /admin/edit_tax.php. The manipulation of the argument ID…
CVE-2025-10800 2025-09-22 HIGH 7.3 A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password…
CVE-2025-59797 2025-09-22 MEDIUM 5.8 Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/{id} and also URLs for eversports, the user-management page, and the plane page.
CVE-2025-10854 2025-09-22 HIGH 8.1 The txtai framework allows the loading of compressed tar files as embedding indices. While the validate function is intended to prevent path traversal vulnerabilities by ensuring safe filenames,…
CVE-2025-10799 2025-09-22 HIGH 7.3 A security flaw has been discovered in code-projects Hostel Management System 1.0. The affected element is an unknown function of the file /justines/admin/mod_reservation/index.php?view=view. Performing manipulation of the argument…
CVE-2025-10798 2025-09-22 HIGH 7.3 A vulnerability was identified in code-projects Hostel Management System 1.0. Impacted is an unknown function of the file /justines/admin/mod_roomtype/index.php?view=view. Such manipulation of the argument ID leads to sql…
CVE-2025-10797 2025-09-22 HIGH 7.3 A vulnerability was determined in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /justines/index.php. This manipulation of the argument log_email causes sql…
CVE-2025-10796 2025-09-22 HIGH 7.3 A vulnerability was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /justines/admin/login.php. The manipulation of the argument email results in sql…
CVE-2025-9983 2025-09-22 N/A 0.0 GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the…
CVE-2025-46711 2025-09-22 MEDIUM 5.5 Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger NULL pointer dereference kernel exceptions.
CVE-2025-10795 2025-09-22 HIGH 7.3 A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to…
CVE-2025-10794 2025-09-22 MEDIUM 4.3 A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument…
CVE-2025-9035 2025-09-22 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Horato Internet Technologies Ind. And Trade Inc. Virtual Library Platform allows Reflected XSS.This issue…
CVE-2025-25177 2025-09-22 MEDIUM 5.1 Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions.
CVE-2025-10793 2025-09-22 HIGH 7.3 A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/admin_account_delete.php. Performing manipulation of the argument user_id results…
CVE-2025-10792 2025-09-22 HIGH 8.8 A security vulnerability has been detected in D-Link DIR-513 A1FW110. Affected is an unknown function of the file /goform/formWPS. Such manipulation of the argument webpage leads to buffer…
CVE-2025-10009 2025-09-22 N/A 0.0 Incorrect handling of uploaded files in the admin "Restore" function in Invoice Ninja
CVE-2025-8079 2025-09-22 MEDIUM 4.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Akıllı Ticaret Software Technologies Ltd. Co. Smart Trade E-Commerce allows Reflected XSS.This issue affects…
CVE-2025-10791 2025-09-22 HIGH 7.3 A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql…
CVE-2025-10790 2025-09-22 MEDIUM 6.3 A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=save_category. The manipulation of the argument Description…
« Anterior Página 435 de 3934 Siguiente »