Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62001 2025-12-18 HIGH 8.8 BullWall Ransomware Containment contains excluded file paths, such as '$recycle.bin' that are not monitored. An attacker with file write permissions could bypass detection by renaming a directory. Versions…
CVE-2025-62000 2025-12-18 HIGH 7.1 BullWall Ransomware Containment does not entirely inspect a file to determine if it is ransomware. An authenticated attacker could bypass detection by encrypting a file and leaving the…
CVE-2025-59529 2025-12-18 MEDIUM 5.5 Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server…
CVE-2025-53710 2025-12-18 HIGH 7.5 Due to a product misconfiguration in certain deployment types, it was possible from different pods in the same namespace to communicate with each other. This issue resulted in…
CVE-2025-46268 2025-12-18 MEDIUM 6.3 Advantech WebAccess/SCADA  is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
CVE-2025-14850 2025-12-18 HIGH 8.1 Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to delete arbitrary files.
CVE-2025-14849 2025-12-18 HIGH 8.8 Advantech WebAccess/SCADA  is vulnerable to unrestricted file upload, which may allow an attacker to remotely execute arbitrary code.
CVE-2025-14848 2025-12-18 MEDIUM 4.3 Advantech WebAccess/SCADA is vulnerable to absolute directory traversal, which may allow an attacker to determine the existence of arbitrary files.
CVE-2025-13911 2025-12-18 MEDIUM 6.4 The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python…
CVE-2025-67048 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67039. Reason: This record is a reservation duplicate of CVE-2025-67039. Notes: All CVE users should reference CVE-2025-67039 instead of…
CVE-2025-67047 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67036. Reason: This record is a reservation duplicate of CVE-2025-67036. Notes: All CVE users should reference CVE-2025-67036 instead of…
CVE-2025-67046 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67037. Reason: This record is a reservation duplicate of CVE-2025-67037. Notes: All CVE users should reference CVE-2025-67037 instead of…
CVE-2025-67045 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67041. Reason: This record is a reservation duplicate of CVE-2025-67041. Notes: All CVE users should reference CVE-2025-67041 instead of…
CVE-2025-67044 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67035. Reason: This record is a reservation duplicate of CVE-2025-67035. Notes: All CVE users should reference CVE-2025-67035 instead of…
CVE-2025-67043 2025-12-19 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2025-67038. Reason: This record is a reservation duplicate of CVE-2025-67038. Notes: All CVE users should reference CVE-2025-67038 instead of…
CVE-2025-68491 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68490 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68489 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68488 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68487 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68486 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68485 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68484 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2025-68483 2025-12-19 N/A 0.0 Rejected reason: Not used
CVE-2023-53944 2025-12-18 MEDIUM 6.5 EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can…
CVE-2023-53943 2025-12-18 MEDIUM 5.3 GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting…
CVE-2023-53942 2025-12-18 HIGH 8.8 File Thingie 2.5.7 contains an authenticated file upload vulnerability that allows remote attackers to upload malicious PHP zip archives to the web server. Attackers can create a custom…
CVE-2023-53939 2025-12-18 MEDIUM 5.4 TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with…
CVE-2023-53938 2025-12-18 MEDIUM 5.4 RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted…
CVE-2025-67163 2025-12-18 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum…
CVE-2025-64375 2025-12-18 MEDIUM 6.5 Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through
CVE-2025-64374 2025-12-18 CRITICAL 9.9 Unrestricted Upload of File with Dangerous Type vulnerability in StylemixThemes Motors motors allows Using Malicious Files.This issue affects Motors: from n/a through
CVE-2025-64270 2025-12-18 MEDIUM 6.5 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Retrieve Embedded Sensitive Data.This issue affects Masteriyo - LMS: from…
CVE-2025-64268 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in Arraytics Timetics timetics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Timetics: from n/a through
CVE-2025-64258 2025-12-18 HIGH 7.5 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog…
CVE-2025-64222 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in FantasticPlugins WooCommerce Recover Abandoned Cart rac allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Recover Abandoned Cart: from n/a through
CVE-2025-64218 2025-12-18 HIGH 7.5 Insertion of Sensitive Information Into Sent Data vulnerability in WP Chill Passster content-protector allows Retrieve Embedded Sensitive Data.This issue affects Passster: from n/a through
CVE-2025-64214 2025-12-18 HIGH 7.5 Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-64192 2025-12-18 MEDIUM 6.3 Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
CVE-2023-53737 2025-12-18 MEDIUM 4.6 A stored cross-site scripting vulnerability in Kentico Xperience allows global administrators to inject malicious payloads via the Localization application. Attackers can execute scripts that could affect multiple parts…
CVE-2025-43428 2025-12-17 CRITICAL 9.8 A configuration issue was addressed with additional restrictions. This issue is fixed in visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Photos in the Hidden Photos…
CVE-2025-43475 2025-12-17 MEDIUM 5.5 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26.2 and iPadOS 26.2. An app may be able to access user-sensitive data.
CVE-2025-43514 2025-12-17 MEDIUM 5.5 The issue was addressed with improved handling of caches. This issue is fixed in macOS Tahoe 26.2. An app may be able to access protected user data.
CVE-2025-43526 2025-12-17 CRITICAL 9.8 This issue was addressed with improved URL validation. This issue is fixed in macOS Tahoe 26.2, Safari 26.2. On a Mac with Lockdown Mode enabled, web content opened…
CVE-2025-6326 2025-12-18 HIGH 8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Inset inset allows PHP Local File Inclusion.This issue affects Inset: from…
CVE-2025-67794 2025-12-17 MEDIUM 6.1 An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive…
CVE-2025-67791 2025-12-17 CRITICAL 9.8 An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 through 25.1.*. An incomplete configuration (agent authentication) in DriveLock tenant allows attackers to impersonate…
CVE-2025-67793 2025-12-17 CRITICAL 9.8 An issue was discovered in DriveLock 24.1 through 24.1.*, 24.2 through 24.2.*, and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or…
CVE-2025-67792 2025-12-17 HIGH 7.8 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands…
CVE-2025-67790 2025-12-17 HIGH 7.5 An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. An unprivileged user could cause occasionally a Blue Screen Of Death (BSOD)…
« Anterior Página 542 de 4286 Siguiente »