Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-2313 2025-08-27 N/A 0.0 In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter.
CVE-2021-4459 2025-08-27 MEDIUM 6.5 An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
CVE-2025-9514 2025-08-27 LOW 3.7 A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The…
CVE-2025-9513 2025-08-27 LOW 3.7 A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument priv_key causes inadequate…
CVE-2025-9511 2025-08-27 HIGH 7.3 A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql…
CVE-2025-57846 2025-08-27 HIGH 7.8 Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where…
CVE-2025-57797 2025-08-27 HIGH 7.8 Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an…
CVE-2025-48081 2025-08-27 MEDIUM 5.3 Path Traversal: '.../...//' vulnerability in Printeers Printeers Print & Ship allows Path Traversal.This issue affects Printeers Print & Ship: from n/a through 1.17.0.
CVE-2025-9507 2025-08-27 HIGH 7.3 A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead…
CVE-2025-9506 2025-08-27 HIGH 7.3 A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads…
CVE-2025-9505 2025-08-27 HIGH 7.3 A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the…
CVE-2025-9504 2025-08-27 HIGH 7.3 A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument…
CVE-2025-49040 2025-08-27 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1.
CVE-2025-49039 2025-08-27 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View allows Stored XSS.This issue affects Link View: from n/a through 0.8.0.
CVE-2025-49035 2025-08-27 MEDIUM 5.9 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.
CVE-2025-7732 2025-08-27 MEDIUM 6.4 The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazy‑loading handlers in all versions up to, and including, 2.18.7 due to…
CVE-2025-7775 2025-08-26 N/A 0.0 Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy,…
CVE-2025-8490 2025-08-27 MEDIUM 4.4 The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to…
CVE-2025-9277 2025-08-26 MEDIUM 6.4 The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due…
CVE-2025-57820 2025-08-26 N/A 0.0 Svelte devalue is a utility library. Prior to version 5.3.2, a string passed to devalue.parse could represent an object with a __proto__ property and devalue.parse does not check…
CVE-2025-35115 2025-08-26 HIGH 8.1 Agiloft Release 28 downloads critical system packages over an insecure HTTP connection. An attacker in a Man-In-the-Middle position could replace or modify the contents of the download URL.…
CVE-2025-35114 2025-08-26 HIGH 7.5 Agiloft Release 28 contains several accounts with default credentials that could allow local privilege escalation. The password hash is known for at least one of the accounts and…
CVE-2025-35113 2025-08-26 MEDIUM 5.9 Agiloft Release 28 does not properly neutralize special elements used in an EUI template engine, allowing an authenticated attacker to achieve remote code execution by loading a specially…
CVE-2025-35112 2025-08-26 MEDIUM 4.1 Agiloft Release 28 contains an XML External Entities vulnerability in any table that allows 'import/export', allowing an authenticated attacker to import the template file and perform path traversal…
CVE-2025-9492 2025-08-26 HIGH 7.3 A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead…
CVE-2025-57803 2025-08-26 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2 for ImageMagick's 32-bit build, a 32-bit integer overflow in…
CVE-2025-55298 2025-08-26 HIGH 7.5 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to ImageMagick versions 6.9.13-28 and 7.1.2-2, a format string bug vulnerability exists in InterpretImageFilename…
CVE-2025-50971 2025-08-26 N/A 0.0 Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
CVE-2025-55212 2025-08-26 LOW 3.7 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-28 and 7.1.2-2, passing a geometry string containing only a colon (":")…
CVE-2025-23315 2025-08-26 HIGH 7.8 NVIDIA NeMo Framework for all platforms contains a vulnerability in the export and deploy component, where malicious data created by an attacker could cause a code injection issue.…
CVE-2025-23314 2025-08-26 HIGH 7.8 NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful…
CVE-2025-23313 2025-08-26 HIGH 7.8 NVIDIA NeMo Framework for all platforms contains a vulnerability in the NLP component, where malicious data created by an attacker could cause a code injection issue. A successful…
CVE-2025-23312 2025-08-26 HIGH 7.8 NVIDIA NeMo Framework for all platforms contains a vulnerability in the retrieval services component, where malicious data created by an attacker could cause a code injection. A successful…
CVE-2025-23307 2025-08-26 HIGH 7.8 NVIDIA NeMo Curator for all platforms contains a vulnerability where a malicious file created by an attacker could allow code injection. A successful exploit of this vulnerability might…
CVE-2025-57818 2025-08-26 MEDIUM 6.3 Firecrawl turns entire websites into LLM-ready markdown or structured data. Prior to version 2.0.1, a server-side request forgery (SSRF) vulnerability was discovered in Firecrawl's webhook functionality. Authenticated users…
CVE-2025-50976 2025-08-26 N/A 0.0 IPFire 2.29 DNS management interface (dns.cgi) fails to properly sanitize user-supplied input in the NAMESERVER, REMARK, and TLS_HOSTNAME query parameters, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2025-9491 2025-08-26 HIGH 7.0 Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is…
CVE-2025-57425 2025-08-26 N/A 0.0 A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the…
CVE-2025-52184 2025-08-26 N/A 0.0 Cross Site Scripting vulnerability in Helpy.io v.2.8.0 allows a remote attacker to escalate privileges via the New Topic Ticket funtion.
CVE-2025-50974 2025-08-26 N/A 0.0 The Calamaris log exporter CGI (/cgi-bin/logs.cgi/calamaris.dat) in IPFire 2.29 does not properly sanitize user-supplied input before incorporating parameter values into a shell command. An unauthenticated remote attacker can…
CVE-2025-36729 2025-08-26 HIGH 7.2 A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This…
CVE-2025-2697 2025-08-26 HIGH 7.4 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a…
CVE-2025-25733 2025-08-26 MEDIUM 5.3 Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify…
CVE-2025-1994 2025-08-26 HIGH 7.8 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a local user to execute arbitrary code on the system due to the use of unsafe use of the…
CVE-2025-1494 2025-08-26 MEDIUM 6.1 IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious…
CVE-2025-57813 2025-08-26 MEDIUM 5.9 traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in…
CVE-2025-57810 2025-08-26 N/A 0.0 jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial…
CVE-2025-56432 2025-08-26 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability exists in Nagios XI 2024R2. The vulnerability allows remote attackers to execute arbitrary JavaScript in the context of a logged-in user's session via…
CVE-2025-52219 2025-08-26 MEDIUM 6.5 SelectZero SelectZero Data Observability Platform before 2025.5.2 contains an Open Redirect vulnerability. Legacy UI fields can be used to create arbitrary external links via HTML Injection.
CVE-2025-52037 2025-08-26 MEDIUM 6.1 A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions…
« Anterior Página 526 de 3944 Siguiente »