Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48769 2026-01-01 N/A 0.0 Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed…
CVE-2025-48768 2026-01-01 N/A 0.0 Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that…
CVE-2025-47411 2026-01-01 N/A 0.0 A user with a legitimate non-administrator account can exploit a vulnerability in the user ID creation mechanism in Apache StreamPipes that allows them to swap the username of…
CVE-2025-15406 2026-01-01 MEDIUM 6.3 A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack…
CVE-2025-14627 2026-01-01 MEDIUM 6.4 The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 7.35. This…
CVE-2025-14428 2026-01-01 MEDIUM 4.3 The All-in-one Sticky Floating Contact Form, Call, Click to Chat, and 50+ Social Icon Tabs - My Sticky Elements plugin for WordPress is vulnerable to unauthorized data loss…
CVE-2025-66023 2026-01-01 N/A 0.0 NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the…
CVE-2025-15405 2026-01-01 MEDIUM 4.3 A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function. The manipulation results in cross-site request forgery. The attack may be launched…
CVE-2025-15404 2026-01-01 MEDIUM 6.3 A security vulnerability has been detected in campcodes School File Management System 1.0. The affected element is an unknown function of the file /save_file.php. The manipulation of the…
CVE-2025-11157 2026-01-01 HIGH 7.8 A high-severity remote code execution vulnerability exists in feast-dev/feast version 0.53.0, specifically in the Kubernetes materializer job located at `feast/sdk/python/feast/infra/compute_engines/kubernetes/main.py`. The vulnerability arises from the use of `yaml.load(...,…
CVE-2025-13820 2026-01-01 N/A 0.0 The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing…
CVE-2025-69413 2026-01-01 MEDIUM 5.3 In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.
CVE-2025-22203 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22202 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22201 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22200 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22199 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22198 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22197 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22196 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22195 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22194 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22193 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22192 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22191 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22190 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22189 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22188 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22187 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22186 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22185 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22184 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22183 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22182 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22181 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22180 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22155 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-22154 2026-01-01 N/A 0.0 Rejected reason: To maintain compliance with CNA rules, we have rejected this CVE record because it has not been used.
CVE-2025-69412 2026-01-01 LOW 3.4 KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this…
CVE-2025-67711 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67710 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67709 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67708 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67707 2025-12-31 MEDIUM 5.6 ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVE-2025-67706 2025-12-31 MEDIUM 5.6 ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
CVE-2025-67705 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67704 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-67703 2025-12-31 MEDIUM 6.1 There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker…
CVE-2025-69288 2025-12-31 CRITICAL 9.1 Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is…
CVE-2025-69286 2025-12-31 N/A 0.0 RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent…
« Anterior Página 485 de 4269 Siguiente »