Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55575 2025-08-25 CRITICAL 9.8 SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail.
CVE-2025-50753 2025-08-26 N/A 0.0 Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show…
CVE-2025-29992 2025-08-26 N/A 0.0 Mahara before 24.04.9 exposes database connection information if the database becomes unreachable, e.g., due to the database server being temporarily down or too busy.
CVE-2025-29420 2025-08-25 HIGH 7.5 PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
CVE-2024-47853 2025-08-26 N/A 0.0 An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
CVE-2025-9190 2025-08-26 N/A 0.0 The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent,…
CVE-2025-8700 2025-08-26 N/A 0.0 Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or…
CVE-2025-8597 2025-08-26 N/A 0.0 MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access (e.g. via a malicious application) to attach a debugger, read or modify…
CVE-2025-7776 2025-08-26 N/A 0.0 Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy,…
CVE-2025-53813 2025-08-26 N/A 0.0 The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and…
CVE-2025-53811 2025-08-26 N/A 0.0 The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and…
CVE-2025-38676 2025-08-26 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most…
CVE-2025-44002 2025-08-26 MEDIUM 6.1 Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files…
CVE-2025-1501 2025-08-26 MEDIUM 4.3 An access control vulnerability was discovered in the Request Trace and Download Trace functionalities of CMC before 25.1.0 due to a specific access restriction not being properly enforced…
CVE-2025-48108 2025-08-26 MEDIUM 6.5 Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
CVE-2025-29901 2025-08-26 N/A 0.0 A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to…
CVE-2025-6247 2025-08-26 MEDIUM 4.7 The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect…
CVE-2025-57704 2025-08-26 MEDIUM 5.5 Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.
CVE-2025-53419 2025-08-26 HIGH 7.8 Delta Electronics COMMGR has Code Injection vulnerability.
CVE-2025-53418 2025-08-26 HIGH 8.6 Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.
CVE-2024-8860 2025-08-26 MEDIUM 4.3 The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields…
CVE-2025-9476 2025-08-26 HIGH 7.3 A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the…
CVE-2025-9475 2025-08-26 HIGH 7.3 A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the…
CVE-2025-41702 2025-08-26 CRITICAL 9.8 The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and…
CVE-2025-9474 2025-08-26 MEDIUM 4.5 A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation…
CVE-2025-9473 2025-08-26 HIGH 7.3 A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg…
CVE-2025-9472 2025-08-26 HIGH 7.3 A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in…
CVE-2025-5931 2025-08-26 HIGH 8.8 The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin…
CVE-2025-9172 2025-08-26 HIGH 7.5 The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on…
CVE-2025-9439 2025-08-26 MEDIUM 4.3 A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This…
CVE-2025-9438 2025-08-26 MEDIUM 4.3 A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of…
CVE-2025-9434 2025-08-26 MEDIUM 4.3 A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument…
CVE-2025-9433 2025-08-26 MEDIUM 4.3 A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation…
CVE-2025-8447 2025-08-26 N/A 0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by…
CVE-2025-9432 2025-08-26 MEDIUM 4.3 A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such…
CVE-2025-9431 2025-08-26 MEDIUM 4.3 A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross…
CVE-2025-9430 2025-08-26 LOW 2.4 A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in…
CVE-2025-9429 2025-08-26 LOW 3.5 A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation…
CVE-2025-9426 2025-08-25 HIGH 7.3 A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument…
CVE-2025-8627 2025-08-25 N/A 0.0 The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
CVE-2025-57814 2025-08-25 N/A 0.0 request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering,…
CVE-2025-57809 2025-08-25 N/A 0.0 XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has…
CVE-2025-57805 2025-08-25 N/A 0.0 The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an…
CVE-2025-9419 2025-08-25 HIGH 7.3 A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results…
CVE-2025-9418 2025-08-25 HIGH 7.3 A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads…
CVE-2025-6188 2025-08-25 HIGH 7.5 On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply.…
CVE-2025-57804 2025-08-25 N/A 0.0 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting…
CVE-2024-39923 2025-08-25 MEDIUM 6.1 An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to…
CVE-2023-47799 2025-08-25 HIGH 7.5 Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the…
CVE-2025-9417 2025-08-25 MEDIUM 6.3 A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes…
« Anterior Página 529 de 3946 Siguiente »