Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-22956	2025-09-08	N/A	0.0	OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only…
CVE-2025-40642	2025-09-08	N/A	0.0	Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
CVE-2025-40641	2025-09-08	N/A	0.0	Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST…
CVE-2025-10093	2025-09-08	MEDIUM	5.3	A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration…
CVE-2025-10092	2025-09-08	HIGH	7.3	A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in…
CVE-2025-5993	2025-09-08	N/A	0.0	ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow…
CVE-2025-10091	2025-09-08	HIGH	7.3	A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads…
CVE-2014-125128	2025-09-08	MEDIUM	6.1	'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (``), allowing bypasses that…
CVE-2025-10090	2025-09-08	HIGH	7.3	A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID…
CVE-2019-25225	2025-09-08	MEDIUM	6.1	`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is…
CVE-2025-41708	2025-09-08	HIGH	7.4	Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn…
CVE-2025-41682	2025-09-08	HIGH	8.8	An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
CVE-2025-41664	2025-09-08	HIGH	7.5	A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP).…
CVE-2025-10086	2025-09-08	MEDIUM	6.3	A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization.…
CVE-2025-58422	2025-09-08	LOW	3.1	RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of…
CVE-2025-10084	2025-09-08	MEDIUM	4.3	A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper…
CVE-2025-10082	2025-09-08	HIGH	7.3	A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to…
CVE-2025-10081	2025-09-08	MEDIUM	4.7	A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted…
CVE-2025-10080	2025-09-08	LOW	3.1	A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The…
CVE-2025-10079	2025-09-08	HIGH	7.3	A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact…
CVE-2025-10078	2025-09-08	HIGH	7.3	A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql…
CVE-2025-10077	2025-09-08	HIGH	7.3	A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads…
CVE-2025-10076	2025-09-08	HIGH	7.3	A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql…
CVE-2025-10075	2025-09-08	LOW	3.5	A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument…
CVE-2025-10074	2025-09-08	LOW	3.5	A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de…
CVE-2025-10073	2025-09-08	MEDIUM	4.3	A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is…
CVE-2025-10072	2025-09-07	MEDIUM	6.3	A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It…
CVE-2025-10071	2025-09-07	MEDIUM	6.3	A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The…
CVE-2025-10070	2025-09-07	MEDIUM	6.3	A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack…
CVE-2025-48042	2025-09-07	N/A	0.0	Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routines 'Elixir.Ash.Actions.Create.Bulk':run/5,…
CVE-2025-39734	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix…
CVE-2025-39733	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: team: replace team lock with rtnl lock syszbot reports various ordering issues for lower instance locks and team…
CVE-2025-39732	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in this case…
CVE-2025-39731	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: f2fs: vm_unmap_ram() may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual…
CVE-2025-39730	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it…
CVE-2025-39729	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix dereferencing uninitialized error pointer Fix below smatch warnings: drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked() error: we previously assumed…
CVE-2025-39727	2025-09-07	N/A	0.0	In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0,…
CVE-2025-10068	2025-09-07	HIGH	7.3	A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead…
CVE-2025-10067	2025-09-07	MEDIUM	4.3	A vulnerability was detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument…
CVE-2025-36100	2025-09-07	MEDIUM	5.1	IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java…
CVE-2025-10066	2025-09-07	MEDIUM	4.3	A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of…
CVE-2025-10065	2025-09-07	MEDIUM	4.3	A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts…
CVE-2025-10064	2025-09-07	MEDIUM	4.3	A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the…
CVE-2025-10063	2025-09-06	MEDIUM	4.3	A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads…
CVE-2025-10062	2025-09-06	HIGH	7.3	A vulnerability was determined in itsourcecode Student Information Management System 1.0. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead…
CVE-2025-58445	2025-09-06	N/A	0.0	Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. All versions of Atlantis publicly expose detailed version information through its /status endpoint.…
CVE-2025-58443	2025-09-06	N/A	0.0	FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated…
CVE-2025-58446	2025-09-06	N/A	0.0	xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and…
CVE-2025-58438	2025-09-06	N/A	0.0	internetarchive is a Python and Command-Line Interface to Archive.org In versions 5.5.0 and below, there is a directory traversal (path traversal) vulnerability in the File.download() method of the…
CVE-2025-0034	2025-09-06	MEDIUM	4.7	Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially…

« Anterior Página 486 de 3937 Siguiente »