Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-36230 2025-12-26 MEDIUM 5.4 IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the…
CVE-2025-36229 2025-12-26 LOW 3.1 IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
CVE-2025-36228 2025-12-26 LOW 3.8 IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading…
CVE-2025-15099 2025-12-26 HIGH 7.3 A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of…
CVE-2025-15093 2025-12-26 MEDIUM 4.3 A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login.…
CVE-2025-15092 2025-12-26 HIGH 8.8 A vulnerability was identified in UTT 进取 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to…
CVE-2025-15091 2025-12-26 HIGH 8.8 A vulnerability was determined in UTT 进取 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes…
CVE-2025-36192 2025-12-26 MEDIUM 6.7 IBM DS8A00( R10.1) 10.10.106.0 and IBM DS8A00 ( R10.0) 10.1.3.010.2.45.0 and IBM DS8900F ( R9.4) 89.40.83.089.42.18.089.44.5.0 IBM System Storage DS8000 could allow a local user with authorized CCW…
CVE-2025-14687 2025-12-26 MEDIUM 4.3 IBM Db2 Intelligence Center 1.1.0, 1.1.1, 1.1.2 could allow an authenticated user to perform unauthorized actions due to client-side enforcement of sever side security mechanisms.
CVE-2025-13915 2025-12-26 CRITICAL 9.8 IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application.
CVE-2025-1721 2025-12-26 MEDIUM 5.9 IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
CVE-2025-12771 2025-12-26 HIGH 7.8 IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code…
CVE-2025-67450 2025-12-26 HIGH 7.8 Due to insecure library loading in the Eaton UPS Companion software executable, an attacker with access to the software package could perform arbitrary code execution . This security issue has…
CVE-2025-59888 2025-12-26 MEDIUM 6.7 Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system.…
CVE-2025-59887 2025-12-26 HIGH 8.6 Improper authentication of library files in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the software package.…
CVE-2025-62578 2025-12-26 N/A 0.0 DVP-12SE - Modbus/TCP Cleartext Transmission of Sensitive Information
CVE-2025-8075 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered that validation of incoming XML format request messages is…
CVE-2025-68946 2025-12-26 MEDIUM 5.4 In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
CVE-2025-52601 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption…
CVE-2025-52600 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input…
CVE-2025-52599 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The…
CVE-2025-52598 2025-12-26 N/A 0.0 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform…
CVE-2025-68945 2025-12-26 MEDIUM 5.8 In Gitea before 1.21.2, an anonymous user can visit a private user's project.
CVE-2025-68944 2025-12-26 MEDIUM 5.0 Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
CVE-2025-68943 2025-12-26 MEDIUM 5.3 Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
CVE-2025-68942 2025-12-26 MEDIUM 5.4 Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
CVE-2025-68941 2025-12-26 MEDIUM 4.9 Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
CVE-2025-68940 2025-12-26 LOW 3.1 In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
CVE-2025-68939 2025-12-26 HIGH 8.2 Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
CVE-2025-15098 2025-12-26 MEDIUM 6.3 A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can…
CVE-2025-15097 2025-12-26 HIGH 7.3 A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is…
CVE-2025-15095 2025-12-26 LOW 3.5 A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting.…
CVE-2025-68938 2025-12-26 MEDIUM 4.3 Gitea before 1.25.2 mishandles authorization for deletion of releases.
CVE-2025-15094 2025-12-26 MEDIUM 4.3 A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing…
CVE-2025-68937 2025-12-26 N/A 0.0 Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is…
CVE-2025-14913 2025-12-26 MEDIUM 5.3 The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on…
CVE-2025-15090 2025-12-25 HIGH 8.8 A vulnerability was found in UTT 进取 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results…
CVE-2025-15089 2025-12-25 HIGH 8.8 A vulnerability has been found in UTT 进取 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads…
CVE-2025-14820 2025-12-25 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-14715 2025-12-25 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-15088 2025-12-25 MEDIUM 6.3 A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing manipulation of the argument keyWord…
CVE-2025-15087 2025-12-25 MEDIUM 4.3 A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper…
CVE-2025-15086 2025-12-25 MEDIUM 4.3 A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be…
CVE-2025-68936 2025-12-25 MEDIUM 6.4 ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
CVE-2025-68935 2025-12-25 MEDIUM 6.4 ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
CVE-2025-15085 2025-12-25 MEDIUM 4.3 A security flaw has been discovered in youlaitech youlai-mall 1.0.0/2.0.0. This affects the function deductBalance of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java of the component Balance Handler. The manipulation results in…
CVE-2025-15084 2025-12-25 LOW 3.1 A vulnerability was identified in youlaitech youlai-mall 1.0.0/2.0.0. The impacted element is the function orderService.payOrder of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java of the component Order Payment Handler. The manipulation leads…
CVE-2025-15083 2025-12-25 LOW 2.0 A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to…
CVE-2025-15082 2025-12-25 MEDIUM 5.3 A vulnerability was found in TOZED ZLT M30s up to 1.47. Impacted is an unknown function of the file /reqproc/proc_post of the component Web Management Interface. Performing manipulation…
CVE-2025-15081 2025-12-25 MEDIUM 6.3 A vulnerability has been found in JD Cloud BE6500 4.4.1.r4308. This issue affects the function sub_4780 of the file /jdcapi. Such manipulation of the argument ddns_name leads to…
« Anterior Página 511 de 4276 Siguiente »