Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55061 2025-12-29 HIGH 8.8 CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-55060 2025-12-29 MEDIUM 6.1 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-15198 2025-12-29 HIGH 7.3 A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User…
CVE-2025-69206 2025-12-29 MEDIUM 4.3 Hemmelig is a messing app with with client-side encryption and self-destructing messages. Prior to version 7.3.3, a Server-Side Request Forgery (SSRF) filter bypass vulnerability exists in the webhook…
CVE-2025-68870 2025-12-29 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in reDim GmbH CookieHint WP allows PHP Local File Inclusion.This issue affects CookieHint…
CVE-2025-68868 2025-12-29 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeaffairs Wp Text Slider Widget allows Stored XSS.This issue affects Wp Text Slider Widget: from n/a…
CVE-2025-66869 2025-12-29 N/A 0.0 Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
CVE-2025-66866 2025-12-29 N/A 0.0 An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66865 2025-12-29 N/A 0.0 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66864 2025-12-29 N/A 0.0 An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66863 2025-12-29 N/A 0.0 An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66862 2025-12-29 N/A 0.0 A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
CVE-2025-66861 2025-12-29 N/A 0.0 An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.
CVE-2025-53627 2025-12-29 MEDIUM 5.3 Meshtastic is an open source mesh networking solution. The Meshtastic firmware (starting from version 2.5) introduces asymmetric encryption (PKI) for direct messages, but when the `pki_encrypted` flag is…
CVE-2025-65442 2025-12-29 MEDIUM 6.1 DOM-based Cross-Site Scripting (XSS) vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information (e.g., user session cookies) via a crafted…
CVE-2025-60458 2025-12-29 MEDIUM 6.5 UxPlay 1.72 contains a double free vulnerability in its RTSP request handling. A specially crafted RTSP TEARDOWN request can trigger multiple calls to free() on the same memory…
CVE-2025-57462 2025-12-29 MEDIUM 6.1 Reflected Cross site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
CVE-2025-52691 2025-12-29 CRITICAL 10.0 Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.
CVE-2025-15197 2025-12-29 MEDIUM 4.7 A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument…
CVE-2025-15196 2025-12-29 HIGH 7.3 A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection.…
CVE-2025-15195 2025-12-29 HIGH 7.3 A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes…
CVE-2025-15168 2025-12-29 HIGH 7.3 A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql…
CVE-2025-15150 2025-12-28 MEDIUM 5.3 A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer…
CVE-2025-69211 2025-12-29 N/A 0.0 Nest is a framework for building scalable Node.js server-side applications. Versions prior to 11.1.11 have a Fastify URL encoding middleware bypass. A NestJS application is vulnerable if it…
CVE-2025-69201 2025-12-29 N/A 0.0 Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent `POST api/command/run`. Version 1.15.1 fixes…
CVE-2025-69200 2025-12-29 HIGH 7.5 phpMyFAQ is an open source FAQ web application. In versions prior to 4.0.16, an unauthenticated remote attacker can trigger generation of a configuration backup ZIP via `POST /api/setup/backup`…
CVE-2025-68951 2025-12-29 MEDIUM 5.4 phpMyFAQ is an open source FAQ web application. Versions 4.0.14 and 4.0.15 have a stored cross-site scripting (XSS) vulnerability that allows an attacker to execute arbitrary JavaScript in…
CVE-2025-68897 2025-12-29 CRITICAL 9.9 Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS Shortcode allows Code Injection.This issue affects IF AS Shortcode: from n/a through 1.2.
CVE-2025-68893 2025-12-29 MEDIUM 4.9 Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server Side Request Forgery.This issue affects WordPress Image shrinker: from n/a through 1.1.0.
CVE-2025-68879 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Councilsoft Content Grid Slider allows Reflected XSS.This issue affects Content Grid Slider: from n/a through 1.5.
CVE-2025-68878 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasadkirpekar Advanced Custom CSS allows Reflected XSS.This issue affects Advanced Custom CSS: from n/a through 1.1.0.
CVE-2025-68877 2025-12-29 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CedCommerce CedCommerce Integration for Good Market allows PHP Local File Inclusion.This issue…
CVE-2025-68876 2025-12-29 HIGH 7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in INVELITY Invelity SPS connect allows Reflected XSS.This issue affects Invelity SPS connect: from n/a through 1.0.8.
CVE-2025-56333 2025-12-29 N/A 0.0 An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component
CVE-2025-15194 2025-12-29 CRITICAL 9.8 A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler.…
CVE-2025-68929 2025-12-29 CRITICAL 9.0 Frappe is a full-stack web application framework. Prior to versions 14.99.6 and 15.88.1, an authenticated user with specific permissions could be tricked into accessing a specially crafted link.…
CVE-2025-68928 2025-12-29 MEDIUM 5.4 Frappe CRM is an open-source customer relationship management tool. Prior to version 1.56.2, authenticated users could set crafted URLs in a website field, which were not sanitized, causing…
CVE-2025-65570 2025-12-29 N/A 0.0 A type confusion in jsish 2.0 allows incorrect control flow during execution of the OP_NEXT opcode. When an “instanceof” expression uses an array element access as the left-hand…
CVE-2025-15193 2025-12-29 HIGH 8.8 A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer…
CVE-2025-15192 2025-12-29 MEDIUM 6.3 A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument…
CVE-2025-57460 2025-12-29 N/A 0.0 File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
CVE-2025-15191 2025-12-29 MEDIUM 6.3 A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url…
CVE-2025-15190 2025-12-29 HIGH 8.8 A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results…
CVE-2025-15189 2025-12-29 HIGH 8.8 A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to…
CVE-2025-15188 2025-12-29 LOW 2.4 A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata…
CVE-2025-15187 2025-12-29 LOW 3.8 A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument…
CVE-2025-15186 2025-12-29 HIGH 7.3 A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the…
CVE-2025-15185 2025-12-29 HIGH 7.3 A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the…
CVE-2025-15184 2025-12-29 HIGH 7.3 A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in…
CVE-2025-15183 2025-12-29 HIGH 7.3 A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid…
« Anterior Página 507 de 4276 Siguiente »