Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9086 2025-09-12 HIGH 7.5 1. A cookie is set using the `secure` keyword for `https://target` 2. curl is redirected to or otherwise made to speak with `http://target` (same hostname, but using clear…
CVE-2025-58434 2025-09-12 CRITICAL 9.8 Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive…
CVE-2025-4235 2025-09-12 N/A 0.0 An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent (Windows-based) can expose the service account password under specific non-default configurations. This allows an unprivileged Domain…
CVE-2025-4234 2025-09-12 N/A 0.0 A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are…
CVE-2025-56467 2025-09-12 MEDIUM 6.5 An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 allowing attackers to gain sensitive information without UPI PIN such as account information, balances, transaction history,…
CVE-2025-52074 2025-09-12 MEDIUM 6.1 PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the…
CVE-2025-10322 2025-09-12 MEDIUM 5.3 A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to…
CVE-2025-10321 2025-09-12 MEDIUM 5.3 A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is an unknown function of the file /live_online.shtml. Executing manipulation can lead to information disclosure. The attack can…
CVE-2024-45434 2025-09-12 CRITICAL 9.8 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has a Use-After-Free. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of validating the…
CVE-2025-10148 2025-09-12 MEDIUM 5.3 curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted…
CVE-2024-45433 2025-09-12 MEDIUM 6.5 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of…
CVE-2024-45432 2025-09-12 HIGH 7.5 OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used…
CVE-2024-45431 2025-09-12 MEDIUM 5.3 OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper…
CVE-2025-43787 2025-09-12 N/A 0.0 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13,…
CVE-2025-8280 2025-09-12 MEDIUM 5.8 The Contact Form 7 reCAPTCHA WordPress plugin through 1.2.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site…
CVE-2025-3650 2025-09-12 LOW 3.5 The jQuery Colorbox WordPress plugin through 4.6.3 uses the colorbox library, which does not sanitize title attributes on links before using them, allowing users with at least the…
CVE-2025-57579 2025-09-12 HIGH 8.0 An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
CVE-2025-57578 2025-09-12 HIGH 8.0 An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password
CVE-2025-57577 2025-09-12 HIGH 8.0 An issue in H3C Device R365V300R004 allows a remote attacker to execute arbitrary code via the default password
CVE-2025-55835 2025-09-12 CRITICAL 9.8 File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.
CVE-2025-39799 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: perflib: Move problematic pr->performance check Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added…
CVE-2025-39798 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross…
CVE-2025-39797 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel…
CVE-2025-55996 2025-09-12 MEDIUM 6.3 Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface
CVE-2025-39796 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsk_notify via register_netdevice. As discussed in…
CVE-2025-39795 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: block: avoid possible overflow for chunk_sectors check in blk_stack_limits() In blk_stack_limits(), we check that the t->chunk_sectors value is…
CVE-2025-39794 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when…
CVE-2025-39793 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: io_uring/memmap: cast nr_pages to size_t before shifting If the allocated size exceeds UINT_MAX, then it's necessary to cast…
CVE-2025-39792 2025-09-12 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: dm: Always split write BIOs to zoned device limits Any zoned DM target that requires zone append emulation…
CVE-2025-10320 2025-09-12 LOW 3.1 A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements.…
CVE-2025-10319 2025-09-12 MEDIUM 4.3 A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log…
CVE-2025-10274 2025-09-12 MEDIUM 4.3 A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name…
CVE-2025-10273 2025-09-12 LOW 3.5 A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to…
CVE-2025-9556 2025-09-12 CRITICAL 9.8 Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read…
CVE-2025-59139 2025-09-12 MEDIUM 5.3 Hono is a Web application framework that provides support for any JavaScript runtime. In versions prior to 4.9.7, a flaw in the `bodyLimit` middleware could allow bypassing the…
CVE-2025-59058 2025-09-12 MEDIUM 5.9 httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses…
CVE-2025-58754 2025-09-12 HIGH 7.5 Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to version 1.11.0 runs on Node.js and is given a URL with the…
CVE-2025-55319 2025-09-12 HIGH 8.8 Ai command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.
CVE-2025-10365 2025-09-12 N/A 0.0 The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can…
CVE-2025-10364 2025-09-12 N/A 0.0 The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface…
CVE-2025-10288 2025-09-12 MEDIUM 5.3 A vulnerability was found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The impacted element is an unknown function of the file /user/info/list. Performing manipulation results in improper authentication. It…
CVE-2025-10275 2025-09-12 MEDIUM 6.3 A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead…
CVE-2025-10272 2025-09-11 MEDIUM 4.3 A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The…
CVE-2025-10271 2025-09-11 MEDIUM 4.3 A vulnerability was found in erjinzhi 10OA 1.0. This impacts an unknown function of the file /trial/mvc/finder. The manipulation of the argument Name results in cross site scripting.…
CVE-2025-59054 2025-09-12 N/A 0.0 dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious…
CVE-2025-10318 2025-09-12 MEDIUM 6.3 A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The…
CVE-2025-8699 2025-09-12 N/A 0.0 Some "Stored Value" Unattended Payment Solutions of KioSoft use vulnerable NFC cards. Attackers could potentially use this vulnerability to change the balance on the cards and generate money.…
CVE-2025-6638 2025-09-12 MEDIUM 5.3 A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically affecting the MarianTokenizer's `remove_language_code()` method. This vulnerability is present in version…
CVE-2025-27240 2025-09-12 N/A 0.0 A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field.
CVE-2025-27238 2025-09-12 N/A 0.0 Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.
« Anterior Página 470 de 3936 Siguiente »