Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9500 2025-08-30 MEDIUM 6.4 The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode_debug’ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization…
CVE-2025-9499 2025-08-30 MEDIUM 6.4 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient…
CVE-2025-54946 2025-08-30 N/A 0.0 A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands.
CVE-2025-54945 2025-08-30 N/A 0.0 An external control of file name or path vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary system commands via a malicious…
CVE-2025-54944 2025-08-30 N/A 0.0 An unrestricted upload of file with dangerous type vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to write malicious code in a specific file,…
CVE-2025-54943 2025-08-30 N/A 0.0 A missing authorization vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to perform unauthorized application deployment due to the absence of proper access control…
CVE-2025-54942 2025-08-30 N/A 0.0 A missing authentication for critical function vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to access deployment functionality without prior authentication.
CVE-2025-9618 2025-08-30 MEDIUM 4.3 The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect…
CVE-2025-4956 2025-08-30 MEDIUM 4.3 Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
CVE-2025-58159 2025-08-29 CRITICAL 9.9 WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application…
CVE-2025-9678 2025-08-29 HIGH 7.3 A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument…
CVE-2025-58160 2025-08-29 N/A 0.0 tracing is a framework for instrumenting Rust programs to collect structured, event-based diagnostic information. Prior to version 0.3.20, tracing-subscriber was vulnerable to ANSI escape sequence injection attacks. Untrusted…
CVE-2025-58157 2025-08-29 HIGH 7.5 gnark is a zero-knowledge proof system framework. In version 0.12.0, there is a potential denial of service vulnerability when computing scalar multiplication is using the fake-GLV algorithm. This…
CVE-2025-58156 2025-08-29 LOW 1.9 Centurion ERP is an ERP with a focus on ITSM and automation. In versions starting from 1.12.0 to before 1.21.0, an authenticated user can view all authentication token…
CVE-2025-58068 2025-08-29 N/A 0.0 Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP…
CVE-2025-57822 2025-08-29 MEDIUM 6.5 Next.js is a React framework for building full-stack web applications. Prior to versions 14.2.32 and 15.4.7, when next() was used without explicitly passing the request object, it could…
CVE-2025-57752 2025-08-29 MEDIUM 6.2 Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by…
CVE-2025-55173 2025-08-29 MEDIUM 4.3 Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection.…
CVE-2025-9677 2025-08-29 MEDIUM 5.3 A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the…
CVE-2025-9676 2025-08-29 MEDIUM 5.3 A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to…
CVE-2025-9675 2025-08-29 MEDIUM 5.3 A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can…
CVE-2025-9674 2025-08-29 MEDIUM 5.3 A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of…
CVE-2025-58067 2025-08-29 MEDIUM 4.2 Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in…
CVE-2025-58066 2025-08-29 MEDIUM 5.3 nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are…
CVE-2025-56577 2025-08-29 HIGH 8.4 An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
CVE-2025-9673 2025-08-29 MEDIUM 5.3 A vulnerability was detected in Kakao 헤이카카오 Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of…
CVE-2025-9672 2025-08-29 MEDIUM 5.3 A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads…
CVE-2025-9671 2025-08-29 MEDIUM 5.3 A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing…
CVE-2024-46484 2025-08-29 CRITICAL 9.8 TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
CVE-2025-43773 2025-08-29 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through…
CVE-2023-41471 2025-08-29 HIGH 7.8 Cross Site Scripting vulnerability in copyparty v.1.9.1 allows a local attacker to execute arbitrary code via a crafted payload to the WEEKEND-PLANS function.
CVE-2025-9670 2025-08-29 MEDIUM 5.3 A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression…
CVE-2025-9669 2025-08-29 HIGH 7.3 A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql…
CVE-2025-9667 2025-08-29 MEDIUM 6.3 A vulnerability was detected in code-projects Simple Grading System 1.0. This affects an unknown part of the file /delete_account.php of the component Admin Panel. Performing manipulation of the…
CVE-2025-9666 2025-08-29 MEDIUM 6.3 A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin…
CVE-2025-47909 2025-08-29 HIGH 7.3 Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places…
CVE-2025-9665 2025-08-29 MEDIUM 6.3 A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel.…
CVE-2025-9377 2025-08-29 N/A 0.0 The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9. This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS)…
CVE-2025-58158 2025-08-29 HIGH 8.8 Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git…
CVE-2025-52861 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents…
CVE-2025-52856 2025-08-29 N/A 0.0 An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system. We…
CVE-2025-44033 2025-08-29 CRITICAL 9.8 SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
CVE-2025-44015 2025-08-29 N/A 0.0 A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.…
CVE-2025-33038 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-33037 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-33036 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-33033 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the…
CVE-2025-33032 2025-08-29 N/A 0.0 A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability…
CVE-2025-30278 2025-08-29 N/A 0.0 An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise…
CVE-2025-30277 2025-08-29 N/A 0.0 An improper certificate validation vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to compromise…
« Anterior Página 512 de 3941 Siguiente »