Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-60730 2025-10-24 HIGH 7.6 PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
CVE-2025-60554 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEnableWizard.
CVE-2025-60803 2025-10-24 CRITICAL 9.8 Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
CVE-2025-60553 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
CVE-2025-60548 2025-10-24 CRITICAL 9.8 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
CVE-2025-61430 2025-10-24 MEDIUM 6.5 Improper handling of DNS over TCP in Simple DNS Plus v9 allows a remote attacker with querying access to the DNS server to cause the server to return…
CVE-2025-60936 2025-10-24 MEDIUM 6.1 Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when…
CVE-2025-60572 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
CVE-2025-60571 2025-10-24 HIGH 7.5 D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
CVE-2025-60570 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
CVE-2025-60569 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
CVE-2025-60568 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
CVE-2025-60566 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter.
CVE-2025-60565 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule.
CVE-2025-46185 2025-10-24 MEDIUM 6.2 An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames.
CVE-2025-46183 2025-10-24 HIGH 8.2 The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution…
CVE-2021-43768 2025-10-24 MEDIUM 5.3 In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.
CVE-2025-62714 2025-10-24 N/A 0.0 Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the…
CVE-2025-61413 2025-10-23 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in the /manager/pages component of Piranha CMS v12.0 allows attackers to execute arbitrary web scripts or HTML via creating a page and…
CVE-2025-60938 2025-10-24 HIGH 7.5 Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems…
CVE-2025-60801 2025-10-24 HIGH 8.2 jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function.
CVE-2025-60564 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog.
CVE-2025-60563 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr.
CVE-2025-60562 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey.
CVE-2025-60561 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetEmail.
CVE-2025-60559 2025-10-24 HIGH 7.5 D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetDomainFilter.
CVE-2025-56438 2025-10-24 MEDIUM 6.8 An issue in the firmware update mechanism of Nous W3 Smart WiFi Camera v1.33.50.82 allows unauthenticated and physically proximate attackers to escalate privileges to root via supplying a…
CVE-2025-12176 2025-10-24 N/A 0.0 Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-8536 2025-10-24 N/A 0.0 A SQL injection vulnerability has been identified in DobryCMS. Improper neutralization of input provided by user into language functionality allows for SQL Injection attacks. This issue affects older…
CVE-2025-43995 2025-10-24 CRITICAL 9.8 Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection…
CVE-2025-43994 2025-10-24 HIGH 8.6 Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this…
CVE-2025-54966 2025-10-23 MEDIUM 4.3 An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local…
CVE-2025-54964 2025-10-23 HIGH 8.4 An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may inject arbitrary executables. If the…
CVE-2025-54963 2025-10-23 MEDIUM 6.5 An issue was discovered in BAE SOCET GXP before 4.6.0.2. An attacker with the ability to interact with the GXP Job Service may submit a crafted job request…
CVE-2025-11145 2025-10-24 HIGH 7.5 Observable Discrepancy, Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Private Personal Information to an Unauthorized Actor vulnerability in CBK Soft Software Hardware Electronic Computer Systems…
CVE-2025-9978 2025-10-24 MEDIUM 6.8 The Jeg Kit for Elementor WordPress plugin before 2.7.0 does not sanitize SVG file contents when uploaded via xmlrpc.php, leading to a cross site scripting vulnerability.
CVE-2025-46425 2025-10-24 MEDIUM 6.5 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially…
CVE-2025-10874 2025-10-24 MEDIUM 5.5 The Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More WordPress plugin before 3.0.2 does not limit URLs which may be used for…
CVE-2025-10723 2025-10-24 LOW 2.7 The PixelYourSite WordPress plugin before 11.1.2 does not validate some URL parameters before using them to generate paths passed to function/s, allowing any admins to perform LFI attacks
CVE-2025-40024 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: vhost: Take a reference on the task in struct vhost_task. vhost_task_create() creates a task and keeps a reference…
CVE-2025-40023 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't expose sysfs attributes not applicable for VFs VFs can't read BMG_PCIE_CAP(0x138340) register nor access PCODE (already…
CVE-2025-40022 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix incorrect boolean values in af_alg_ctx Commit 1b34cbbf4f01 ("crypto: af_alg - Disallow concurrent writes in…
CVE-2025-40021 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tracing: dynevent: Add a missing lockdown check on dynevent Since dynamic_events interface on tracefs is compatible with kprobe_events…
CVE-2025-40020 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its…
CVE-2025-50951 2025-10-23 MEDIUM 6.5 FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
CVE-2025-50949 2025-10-23 MEDIUM 6.5 FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
CVE-2025-11576 2025-10-24 MEDIUM 4.3 The AI Chatbot Free Models – Customer Support, Live Chat, Virtual Assistant plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.6.5.…
CVE-2025-10680 2025-10-24 HIGH 8.8 OpenVPN 2.7_alpha1 through 2.7_beta1 on POSIX based platforms allows a remote authenticated server to inject shell commands via DNS variables when --dns-updown is in use
CVE-2025-40019 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in…
CVE-2025-40018 2025-10-24 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections…
« Anterior Página 48 de 3636 Siguiente »