Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-68656 2026-01-12 MEDIUM 6.8 Espressif ESP-IDF USB Host HID (Human Interface Device) Driver allows access to HID devices. Prior to 1.1.0, usb_class_request_get_descriptor() frees and reallocates hid_device->ctrl_xfer when an oversized descriptor is requested…
CVE-2025-68471 2026-01-12 MEDIUM 6.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2…
CVE-2025-68468 2026-01-12 MEDIUM 6.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited…
CVE-2025-68276 2026-01-12 MEDIUM 5.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon…
CVE-2025-68622 2026-01-12 MEDIUM 6.8 Espressif ESP-IDF USB Host UVC Class Driver allows video streaming from USB cameras. Prior to 2.4.0, a vulnerability in the esp-usb UVC host implementation allows a malicious USB…
CVE-2025-68472 2026-01-12 HIGH 8.1 MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read…
CVE-2025-66689 2026-01-12 MEDIUM 6.5 A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed…
CVE-2025-63314 2026-01-12 CRITICAL 10.0 A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full…
CVE-2025-46070 2026-01-12 CRITICAL 9.8 An issue in Automai BotManager v.25.2.0 allows a remote attacker to execute arbitrary code via the BotManager.exe component
CVE-2025-46068 2026-01-12 HIGH 8.8 An issue in Automai Director v.25.2.0 allows a remote attacker to execute arbitrary code via the update mechanism
CVE-2025-46067 2026-01-12 HIGH 8.2 An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges and obtain sensitive information via a crafted js file
CVE-2025-46066 2026-01-12 CRITICAL 9.9 An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
CVE-2025-71063 2026-01-12 HIGH 8.2 Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
CVE-2025-67813 2026-01-12 MEDIUM 5.3 Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
CVE-2025-66939 2026-01-12 MEDIUM 5.4 Cross Site Scripting vulnerability in 66biolinks by AltumCode v.61.0.1 allows an attacker to execute arbitrary code via a crafted favicon file
CVE-2025-65553 2026-01-12 N/A 0.0 D3D Wi-Fi Home Security System ZX-G12 v2.1.17 is susceptible to RF jamming on the 433 MHz alarm sensor channel. An attacker within RF range can transmit continuous interference…
CVE-2025-65552 2026-01-12 N/A 0.0 D3D Wi-Fi Home Security System ZX-G12 v2.1.1 is vulnerable to RF replay attacks on the 433 MHz sensor communication channel. The system does not implement rolling codes, message…
CVE-2025-41078 2026-01-12 N/A 0.0 Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion…
CVE-2025-41077 2026-01-12 N/A 0.0 IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data.…
CVE-2025-41006 2026-01-12 N/A 0.0 Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’.
CVE-2025-41005 2026-01-12 N/A 0.0 Imaster's MEMS Events CRM contains an SQL injection vulnerability in‘keyword’ parameter in ‘/memsdemo/exchange_offers.php’.
CVE-2026-22837 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22836 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22835 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22834 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22833 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22832 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22831 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22830 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2026-22829 2026-01-13 N/A 0.0 Rejected reason: Not used
CVE-2025-14470 2026-01-12 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-14579 2026-01-12 MEDIUM 4.8 The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored…
CVE-2025-52694 2026-01-12 CRITICAL 10.0 Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the…
CVE-2025-41004 2026-01-12 N/A 0.0 Imaster's Patient Records Management System is vulnerable to SQL Injection in the endpoint ‘/projects/hospital/admin/complaints.php’ through the ‘id’ parameter.
CVE-2025-41003 2026-01-12 N/A 0.0 Imaster's Patient Record Management System contains a stored Cross-Site Scripting (XSS) vulnerability in the endpoint ‘/projects/hospital/admin/edit_patient.php’. By injecting a malicious script into the ‘firstname’ parameter, the JavaScript code…
CVE-2025-40978 2026-01-12 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST…
CVE-2025-40977 2026-01-12 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to ‘/store-ticket’, using the…
CVE-2025-40976 2026-01-12 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/ticketgo-saas/home’, using the ‘description’…
CVE-2025-40975 2026-01-12 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to ‘/hrmgo/ticket/changereply’, using the ‘description’…
CVE-2025-14279 2026-01-12 HIGH 8.1 MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability…
CVE-2026-0855 2026-01-12 HIGH 8.8 Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the…
CVE-2026-0854 2026-01-12 HIGH 8.8 Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
CVE-2025-69276 2026-01-12 N/A 0.0 Deserialization of Untrusted Data vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Object Injection.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
CVE-2025-69275 2026-01-12 N/A 0.0 Dependency on Vulnerable Third-Party Component vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows DOM-Based XSS.This issue affects DX NetOps Spectrum: 24.3.9 and earlier.
CVE-2025-69274 2026-01-12 N/A 0.0 Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
CVE-2025-69273 2026-01-12 N/A 0.0 Improper Authentication vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Authentication Bypass.This issue affects DX NetOps Spectrum: 24.3.10 and earlier.
CVE-2025-69272 2026-01-12 N/A 0.0 Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
CVE-2025-69271 2026-01-12 N/A 0.0 Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
CVE-2025-69270 2026-01-12 N/A 0.0 Information Exposure Through Query Strings in GET Request vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Session Hijacking.This issue affects DX NetOps Spectrum: 24.3.8 and earlier.
CVE-2025-69269 2026-01-12 N/A 0.0 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows OS Command Injection.This issue affects…
« Anterior Página 446 de 4266 Siguiente »