Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-45286	2026-01-02	N/A	0.0	A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2025-44013	2026-01-02	N/A	0.0	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the…
CVE-2025-15438	2026-01-02	MEDIUM	4.7	A vulnerability was determined in PluXml up to 5.8.22. Affected is the function FileCookieJar::__destruct of the file core/admin/medias.php of the component Media Management Module. Executing manipulation of the…
CVE-2024-55374	2026-01-02	N/A	0.0	REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.
CVE-2026-0565	2026-01-02	HIGH	7.3	A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can…
CVE-2026-0547	2026-01-02	MEDIUM	6.3	A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page.…
CVE-2026-0546	2026-01-02	HIGH	7.3	A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection.…
CVE-2025-15437	2026-01-02	LOW	3.5	A vulnerability was found in LigeroSmart up to 6.1.24. This affects an unknown part of the component Environment Variable Handler. Performing manipulation of the argument REQUEST_URI results in…
CVE-2025-15436	2026-01-02	HIGH	7.3	A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. Such manipulation of the argument Report leads…
CVE-2025-15435	2026-01-02	HIGH	7.3	A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. This manipulation of the argument Report causes…
CVE-2025-15434	2026-01-02	HIGH	7.3	A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It…
CVE-2025-15432	2026-01-02	MEDIUM	5.3	A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of…
CVE-2025-15431	2026-01-02	HIGH	8.8	A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing manipulation of the argument filename can lead to…
CVE-2025-15430	2026-01-02	HIGH	8.8	A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing manipulation of the argument oldfilename results…
CVE-2025-15429	2026-01-02	HIGH	8.8	A security vulnerability has been detected in UTT 进取 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument…
CVE-2025-15428	2026-01-02	HIGH	8.8	A weakness has been identified in UTT 进取 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow.…
CVE-2025-15427	2026-01-02	HIGH	7.3	A security flaw has been discovered in Seeyon Zhiyuan OA Web Application System up to 20251222. This impacts an unknown function of the file /carManager/carUseDetailList.j%73p. The manipulation of…
CVE-2025-15426	2026-01-02	HIGH	7.3	A vulnerability was identified in jackying H-ui.admin up to 3.1. This affects an unknown function in the library /lib/webuploader/0.1.5/server/preview.php. The manipulation leads to unrestricted upload. The attack is…
CVE-2025-15425	2026-01-02	HIGH	7.3	A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing manipulation…
CVE-2025-15424	2026-01-02	HIGH	7.3	A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing manipulation…
CVE-2025-15423	2026-01-02	MEDIUM	6.3	A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack…
CVE-2025-14998	2026-01-02	CRITICAL	9.8	The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not…
CVE-2025-14047	2026-01-02	MEDIUM	5.3	The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission – WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due…
CVE-2025-15422	2026-01-02	MEDIUM	5.3	A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This…
CVE-2025-15421	2026-01-02	HIGH	7.3	A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the…
CVE-2025-15420	2026-01-02	HIGH	7.3	A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql…
CVE-2025-15419	2026-01-02	LOW	3.3	A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler.…
CVE-2025-15418	2026-01-02	LOW	3.3	A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS…
CVE-2025-15417	2026-01-01	LOW	3.3	A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to…
CVE-2025-15416	2026-01-01	LOW	2.4	A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation…
CVE-2025-15415	2026-01-01	MEDIUM	4.7	A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler.…
CVE-2025-15414	2026-01-01	MEDIUM	4.7	A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API.…
CVE-2025-15413	2026-01-01	MEDIUM	5.3	A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing manipulation results in memory corruption. The attack needs to…
CVE-2025-15412	2026-01-01	MEDIUM	5.3	A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation…
CVE-2025-15411	2026-01-01	MEDIUM	5.3	A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes…
CVE-2025-69203	2026-01-01	MEDIUM	6.3	Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related…
CVE-2025-68620	2026-01-01	CRITICAL	9.1	Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 expose two features that can be chained together…
CVE-2025-68619	2026-01-01	N/A	0.0	Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install…
CVE-2025-68273	2026-01-01	MEDIUM	5.3	Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any…
CVE-2025-55065	2026-01-01	HIGH	7.5	CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-15410	2026-01-01	HIGH	7.3	A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email…
CVE-2025-15409	2026-01-01	HIGH	7.3	A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing manipulation of the argument del_pro…
CVE-2026-21437	2026-01-01	N/A	0.0	eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could include files that are not tracked by `eopkg`. This requires…
CVE-2026-21436	2026-01-01	N/A	0.0	eopkg is a Solus package manager implemented in python3. In versions prior to 4.4.0, a malicious package could escape the directory set by `--destdir`. This requires the installation…
CVE-2026-21428	2026-01-01	N/A	0.0	cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to version 0.30.0, the ``write_headers`` function does not check for CR & LF characters in user supplied…
CVE-2025-68272	2026-01-01	HIGH	7.5	Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows…
CVE-2025-66398	2026-01-01	CRITICAL	9.6	Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state…
CVE-2025-15408	2026-01-01	HIGH	7.3	A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql…
CVE-2025-15407	2026-01-01	HIGH	7.3	A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to…
CVE-2026-0544	2026-01-01	HIGH	7.3	A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results…

« Anterior Página 484 de 4269 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte