Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8268 2025-09-03 MEDIUM 6.5 The AI Engine plugin for WordPress is vulnerable to unauthorized access and loss of data due to a missing capability check on the rest_list and delete_files functions in…
CVE-2025-58056 2025-09-03 N/A 0.0 Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts…
CVE-2025-57833 2025-09-03 HIGH 7.1 An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably…
CVE-2025-55748 2025-09-03 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx…
CVE-2025-55747 2025-09-03 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the…
CVE-2025-9926 2025-09-03 HIGH 7.3 A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection.…
CVE-2025-9925 2025-09-03 HIGH 7.3 A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in…
CVE-2025-9365 2025-09-03 HIGH 7.8 Fuji Electric FRENIC-Loader 4 is vulnerable to a deserialization of untrusted data when importing a file through a specified window, which may allow an attacker to execute arbitrary…
CVE-2025-56139 2025-09-03 MEDIUM 5.3 LinkedIn Mobile Application for Android version 4.1.1087.2 fails to update link preview metadata (image, title, description) when a user replaces the original URL in a post or comment…
CVE-2025-55162 2025-09-03 MEDIUM 6.3 Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4…
CVE-2025-53690 2025-09-03 CRITICAL 9.0 Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through…
CVE-2025-9924 2025-09-03 HIGH 7.3 A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to…
CVE-2025-9923 2025-09-03 MEDIUM 4.3 A flaw has been found in Campcodes Sales and Inventory System 1.0. This affects an unknown part of the file /index.php. Executing manipulation of the argument page can…
CVE-2025-36193 2025-09-03 HIGH 8.4 IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor…
CVE-2025-56803 2025-09-03 HIGH 8.4 Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build…
CVE-2025-56752 2025-09-03 CRITICAL 9.4 A vulnerability in the Ruijie RG-ES series switch firmware ESW_1.0(1)B1P39 enables remote attackers to fully bypass authentication mechanisms, providing them with unrestricted access to alter administrative settings and…
CVE-2025-52494 2025-09-03 HIGH 7.5 Adacore Ada Web Server (AWS) before 25.2 is vulnerable to a denial-of-service (DoS) condition due to improper handling of SSL handshakes during connection initialization. When a client initiates…
CVE-2025-45805 2025-09-03 HIGH 7.6 In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization,…
CVE-2025-20336 2025-09-03 MEDIUM 5.3 A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated,…
CVE-2025-20335 2025-09-03 MEDIUM 5.3 A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated,…
CVE-2025-20330 2025-09-03 MEDIUM 6.1 A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to conduct a…
CVE-2025-20328 2025-09-03 MEDIUM 5.4 A vulnerability in the user profile component of Cisco Webex Meetings could have allowed an authenticated, remote attacker with low privileges to conduct a cross-site scripting (XSS) attack…
CVE-2025-20326 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an unauthenticated,…
CVE-2025-20291 2025-09-03 MEDIUM 4.3 A vulnerability in Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to redirect a targeted Webex Meetings user to an untrusted website. Cisco has addressed this…
CVE-2025-20287 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.…
CVE-2025-20280 2025-09-03 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored…
CVE-2025-20270 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information…
CVE-2025-9959 2025-09-03 HIGH 7.6 Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order…
CVE-2025-9922 2025-09-03 MEDIUM 4.3 A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of…
CVE-2025-9921 2025-09-03 LOW 2.4 A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross…
CVE-2025-9867 2025-09-03 MEDIUM 5.4 Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2025-9866 2025-09-03 HIGH 8.8 Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-9865 2025-09-03 MEDIUM 5.4 Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform…
CVE-2025-9864 2025-09-03 HIGH 8.8 Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-56761 2025-09-03 MEDIUM 5.4 Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the…
CVE-2025-56760 2025-09-03 MEDIUM 4.3 When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing…
CVE-2025-56689 2025-09-03 MEDIUM 4.6 An issue was discovered in Quest One Identity 7.5.1.20903. A crafted response manipulation can bypass the OTP on MFA page which leads to access the PAM portal without…
CVE-2025-9920 2025-09-03 MEDIUM 4.7 A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results…
CVE-2025-9919 2025-09-03 HIGH 7.3 A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to…
CVE-2025-56498 2025-09-03 MEDIUM 5.3 An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via…
CVE-2025-56435 2025-09-03 MEDIUM 5.3 SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id.
CVE-2025-55944 2025-09-03 MEDIUM 6.1 Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The…
CVE-2025-55852 2025-09-03 HIGH 7.5 Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2025-0280 2025-09-03 HIGH 7.5 A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
CVE-2025-58701 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58700 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58699 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58698 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58697 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58696 2025-09-04 N/A 0.0 Rejected reason: Not used
« Anterior Página 500 de 3939 Siguiente »