Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2010-20113 2025-08-21 N/A 0.0 EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate…
CVE-2010-20108 2025-08-21 N/A 0.0 FTPPad
CVE-2010-20107 2025-08-21 N/A 0.0 A stack-based buffer overflow exists in FTP Synchronizer Professional
CVE-2010-20034 2025-08-21 N/A 0.0 Gekko Manager FTP Client
CVE-2010-20007 2025-08-21 N/A 0.0 Seagull FTP Client
CVE-2009-20004 2025-08-21 N/A 0.0 gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length…
CVE-2009-20003 2025-08-21 N/A 0.0 Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly…
CVE-2009-20002 2025-08-21 N/A 0.0 Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the…
CVE-2025-55231 2025-08-21 HIGH 7.5 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
CVE-2025-55230 2025-08-21 HIGH 7.8 Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-55229 2025-08-21 MEDIUM 5.3 Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55107 2025-08-21 MEDIUM 4.8 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious…
CVE-2025-55106 2025-08-21 MEDIUM 4.8 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious…
CVE-2025-55105 2025-08-21 MEDIUM 4.8 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious…
CVE-2025-55104 2025-08-21 MEDIUM 4.8 A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user with the ability to create or edit a site to…
CVE-2025-55103 2025-08-21 MEDIUM 4.8 There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious…
CVE-2025-54460 2025-08-21 HIGH 7.1 The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to create or access publication targets of type Text File or HDFS) to upload and persist files…
CVE-2025-53795 2025-08-21 CRITICAL 9.1 Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-53763 2025-08-21 CRITICAL 9.8 Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-51989 2025-08-21 HIGH 7.0 HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will…
CVE-2025-41415 2025-08-21 MEDIUM 6.5 The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access…
CVE-2025-3128 2025-08-21 CRITICAL 9.8 A remote unauthenticated attacker who has bypassed authentication could execute arbitrary OS commands to disclose, tamper with, destroy or delete information in Mitsubishi Electric smartRTU, or cause a…
CVE-2025-27721 2025-08-21 HIGH 7.5 Unauthorized users can access INFINITT PACS System Manager without proper authorization, which could lead to unauthorized access to system resources.
CVE-2025-27714 2025-08-21 MEDIUM 6.3 An attacker could exploit this vulnerability by uploading arbitrary files via the a specific endpoint, leading to unauthorized remote code execution or system compromise.
CVE-2025-24489 2025-08-21 MEDIUM 6.3 An attacker could exploit this vulnerability by uploading arbitrary files via a specific service, which could lead to system compromise.
CVE-2010-20121 2025-08-21 N/A 0.0 EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails…
CVE-2010-20119 2025-08-21 N/A 0.0 CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method…
CVE-2010-20112 2025-08-21 N/A 0.0 Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to…
CVE-2010-20111 2025-08-21 N/A 0.0 Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1…
CVE-2010-20109 2025-08-21 N/A 0.0 Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint.…
CVE-2010-10015 2025-08-21 N/A 0.0 AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to…
CVE-2025-57751 2025-08-21 N/A 0.0 pyLoad is the free and open-source Download Manager written in pure Python. The jk parameter is received in pyLoad CNL Blueprint. Due to the lack of jk parameter…
CVE-2025-38743 2025-08-21 HIGH 7.8 Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2025-38742 2025-08-21 MEDIUM 5.3 Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit…
CVE-2025-53251 2025-08-21 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in An-Themes Pin WP allows Upload a Web Shell to a Web Server.This issue affects Pin WP: from n/a before…
CVE-2023-4143 2025-08-21 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-4131 2025-08-21 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-3948 2025-08-21 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-55523 2025-08-21 LOW 3.5 An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
CVE-2025-55371 2025-08-21 MEDIUM 5.3 Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method.
CVE-2025-55367 2025-08-21 MEDIUM 5.3 Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account.
CVE-2025-55366 2025-08-21 MEDIUM 5.3 Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack.
CVE-2025-52352 2025-08-21 CRITICAL 9.8 Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up…
CVE-2025-52351 2025-08-21 HIGH 8.8 Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the…
CVE-2025-52194 2025-08-21 HIGH 7.5 A buffer overflow vulnerability exists in libsndfile version 1.2.2 and potentially earlier versions when processing malformed IRCAM audio files. The vulnerability occurs in the ircam_read_header function at src/ircam.c:164…
CVE-2025-50860 2025-08-21 MEDIUM 6.5 SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter.
CVE-2025-55524 2025-08-21 HIGH 7.3 Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
CVE-2025-55522 2025-08-21 MEDIUM 6.5 Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name…
CVE-2025-55521 2025-08-21 MEDIUM 6.5 An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2024-50641 2025-08-21 HIGH 8.1 An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.
« Anterior Página 537 de 3946 Siguiente »