Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-12287	2025-10-27	MEDIUM	4.7	A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admin_dashboard/edit_profile. Such…
CVE-2025-9164	2025-10-27	N/A	0.0	Docker Desktop Installer.exe is vulnerable to DLL hijacking due to insecure DLL search order. The installer searches for required DLLs in the user's Downloads folder before checking system…
CVE-2025-62984	2025-10-27	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPeka WP AdCenter wpadcenter allows Stored XSS.This issue affects WP AdCenter: from n/a through
CVE-2025-62983	2025-10-27	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sudar Muthu Posts By Tag posts-by-tag allows Stored XSS.This issue affects Posts By Tag: from n/a…
CVE-2025-62982	2025-10-27	MEDIUM	5.4	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sarah Giles Dynamic User Directory dynamic-user-directory allows Stored XSS.This issue affects Dynamic User Directory: from n/a…
CVE-2025-62981	2025-10-27	MEDIUM	4.7	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Phishing.This issue affects WP Gravity Forms Zoho CRM…
CVE-2025-62979	2025-10-27	MEDIUM	5.3	Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a…
CVE-2025-62959	2025-10-27	CRITICAL	9.1	Improper Control of Generation of Code ('Code Injection') vulnerability in videowhisper Paid Videochat Turnkey Site ppv-live-webcams allows Remote Code Inclusion.This issue affects Paid Videochat Turnkey Site: from n/a…
CVE-2025-62921	2025-10-27	MEDIUM	6.5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pagup Bulk Auto Image Title Attribute bulk-image-title-attribute allows DOM-Based XSS.This issue affects Bulk Auto Image Title…
CVE-2025-50055	2025-10-27	N/A	0.0	Cross-site scripting (XSS) vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service (ACS) endpoint servers to…
CVE-2025-12286	2025-10-27	HIGH	7.0	A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes…
CVE-2025-12283	2025-10-27	MEDIUM	4.3	A security flaw has been discovered in code-projects Client Details System 1.0. The impacted element is an unknown function. The manipulation results in authorization bypass. The attack can…
CVE-2025-12282	2025-10-27	LOW	2.4	A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting.…
CVE-2025-12281	2025-10-27	LOW	2.4	A vulnerability was determined in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/clientview.php. Executing manipulation can lead to cross site scripting. It…
CVE-2025-12280	2025-10-27	LOW	2.4	A vulnerability was found in code-projects Client Details System 1.0. This issue affects some unknown processing of the file /update-clients.php. Performing manipulation results in cross site scripting. It…
CVE-2025-12270	2025-10-27	MEDIUM	4.3	A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This…
CVE-2025-12269	2025-10-27	LOW	3.5	A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation…
CVE-2025-12268	2025-10-27	MEDIUM	6.3	A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of…
CVE-2025-12285	2025-10-26	N/A	0.0	Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12284	2025-10-26	N/A	0.0	Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12278	2025-10-26	N/A	0.0	Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12275	2025-10-26	N/A	0.0	Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-41384	2025-10-27	N/A	0.0	Cross-Site Scripting (XSS) vulnerability reflected in SuiteCRM v7.14.1. This vulnerability allows an attacker to execute JavaScript code by modifying the HTTP Referer header to include an arbitrary domain…
CVE-2025-41068	2025-10-27	N/A	0.0	Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the…
CVE-2025-41067	2025-10-27	N/A	0.0	Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the…
CVE-2025-12277	2025-10-27	HIGH	7.3	A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql…
CVE-2025-12276	2025-10-27	MEDIUM	4.3	A vulnerability was detected in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation results in information disclosure.…
CVE-2025-11248	2025-10-27	LOW	3.2	ZohoCorp ManageEngine Endpoint Central versions prior to 11.4.2528.05 are vulnerable to a sensitive information logging issue. An authenticated user with access to the logs could potentially obtain the…
CVE-2025-41009	2025-10-27	N/A	0.0	SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST…
CVE-2025-11955	2025-10-27	N/A	0.0	Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it…
CVE-2025-59463	2025-10-27	MEDIUM	4.3	An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
CVE-2025-59462	2025-10-27	MEDIUM	6.5	An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
CVE-2025-59461	2025-10-27	HIGH	7.6	A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
CVE-2025-59460	2025-10-27	HIGH	7.5	The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of…
CVE-2025-59459	2025-10-27	MEDIUM	5.5	An attacker that gains SSH access to an unprivileged account may be able to disrupt services (including SSH), causing persistent loss of availability.
CVE-2025-12267	2025-10-27	MEDIUM	4.3	A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to…
CVE-2025-12266	2025-10-27	MEDIUM	6.3	A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of…
CVE-2025-12264	2025-10-27	LOW	3.5	A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support…
CVE-2025-8432	2025-10-27	HIGH	8.4	Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from…
CVE-2025-46583	2025-10-27	MEDIUM	5.3	There is a Denial of Service（DoS）vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an…
CVE-2025-10561	2025-10-27	CRITICAL	9.3	The device is running an outdated operating system, which may be susceptible to known vulnerabilities.
CVE-2025-46582	2025-10-27	HIGH	7.7	A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key…
CVE-2025-12251	2025-10-27	LOW	3.5	A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The…
CVE-2025-12250	2025-10-27	MEDIUM	4.7	A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file WGA.File of the component TMLScript API. Executing manipulation can lead…
CVE-2025-12080	2025-10-27	N/A	0.0	On Wear OS devices, when Google Messages is configured as the default SMS/MMS/RCS application, the handling of ACTION_SENDTO intents utilizing the sms:, smsto:, mms:, and mmsto: Uniform Resource…
CVE-2025-12249	2025-10-27	MEDIUM	6.3	A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the…
CVE-2025-12248	2025-10-27	HIGH	7.3	A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to…
CVE-2025-12247	2025-10-27	HIGH	7.0	A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The…
CVE-2025-11682	2025-10-27	N/A	0.0	Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a…
CVE-2025-12224	2025-10-27	LOW	3.5	A flaw has been found in Iqbolshoh php-business-website up to 10677743a8dfc281f85291a27cf63a0bce043c24. This vulnerability affects unknown code of the file admin/contact.php. This manipulation of the argument twitter causes cross…

« Anterior Página 44 de 3636 Siguiente »