Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55751 2025-08-20 N/A 0.0 OnboardLite is the result of the Influx Initiative, our vision for an improved student organization lifecycle at the University of Central Florida. An attacker can craft a link…
CVE-2025-55732 2025-08-20 N/A 0.0 Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive…
CVE-2025-7777 2025-08-20 MEDIUM 6.5 The mirror-registry doesn't properly sanitize the host header HTTP header in HTTP request received, allowing an attacker to perform malicious redirects to attacker-controlled domains or phishing campaigns.
CVE-2025-55731 2025-08-20 N/A 0.0 Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability…
CVE-2025-55498 2025-08-20 HIGH 7.5 Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function.
CVE-2025-55033 2025-08-19 MEDIUM 6.1 Dragging JavaScript links to the URL bar in Focus for iOS could be utilized to run malicious scripts, potentially resulting in XSS attacks This vulnerability affects Focus for…
CVE-2025-55032 2025-08-19 MEDIUM 6.1 Focus for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline, potentially allowing for XSS attacks This vulnerability affects Focus…
CVE-2025-55031 2025-08-19 CRITICAL 9.8 Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used…
CVE-2025-55030 2025-08-19 MEDIUM 6.1 Firefox for iOS would not respect a Content-Disposition header of type Attachment and would incorrectly display the content inline rather than downloading, potentially allowing for XSS attacks This…
CVE-2025-55029 2025-08-19 HIGH 7.5 Malicious scripts could bypass the popup blocker to spam new tabs, potentially resulting in denial of service attacks This vulnerability affects Firefox for iOS < 142.
CVE-2025-55028 2025-08-19 MEDIUM 6.5 Malicious scripts utilizing repetitive JavaScript alerts could prevent client user interaction in some scenarios and allow for denial of service attacks This vulnerability affects Firefox for iOS <…
CVE-2025-54145 2025-08-19 CRITICAL 9.1 The QR scanner could allow arbitrary websites to be opened if a user was tricked into scanning a malicious link that leveraged Firefox's open-text URL scheme This vulnerability…
CVE-2025-54144 2025-08-19 MEDIUM 5.4 The URL scheme used by Firefox to facilitate searching of text queries could incorrectly allow attackers to open arbitrary website URLs or internal pages if a user was…
CVE-2025-54143 2025-08-19 CRITICAL 9.8 Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS <…
CVE-2025-51991 2025-08-20 HIGH 8.8 XWiki through version 17.3.0 is vulnerable to Server-Side Template Injection (SSTI) in the Administration interface, specifically within the HTTP Meta Info field of the Global Preferences Presentation section.…
CVE-2025-51990 2025-08-20 MEDIUM 4.8 XWiki through version 17.3.0 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities in the Administration interface, specifically under the Presentation section of the Global Preferences panel. An…
CVE-2012-10061 2025-08-20 N/A 0.0 Sockso Music Host Server versions
CVE-2011-10030 2025-08-20 N/A 0.0 Foxit PDF Reader
CVE-2024-57491 2025-08-20 HIGH 8.8 Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function.
CVE-2011-10029 2025-08-20 N/A 0.0 Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due…
CVE-2011-10028 2025-08-20 N/A 0.0 The RealNetworks RealArcade platform includes an ActiveX control (InstallerDlg.dll, version 2.6.0.445) that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to…
CVE-2011-10027 2025-08-20 N/A 0.0 AOL Desktop 9.6 contains a buffer overflow vulnerability in its Tool\rich.rct component when parsing .rtx files. By embedding an overly long string in a hyperlink tag, an attacker…
CVE-2011-10026 2025-08-20 N/A 0.0 Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the…
CVE-2011-10025 2025-08-20 N/A 0.0 Subtitle Processor 7.7.1 contains a buffer overflow vulnerability in its .m3u file parser. When a crafted playlist file is opened, the application converts input to Unicode and copies…
CVE-2011-10024 2025-08-20 N/A 0.0 MJM Core Player (likely now referred to as MJM Player) 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises…
CVE-2011-10023 2025-08-20 N/A 0.0 MJM QuickPlayer (likely now referred to as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs…
CVE-2011-10022 2025-08-20 N/A 0.0 SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper…
CVE-2011-10021 2025-08-20 N/A 0.0 Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that…
CVE-2011-10020 2025-08-20 N/A 0.0 Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83…
CVE-2010-20103 2025-08-20 N/A 0.0 A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger…
CVE-2010-20059 2025-08-20 N/A 0.0 FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the…
CVE-2010-20049 2025-08-20 N/A 0.0 LeapFTP
CVE-2010-20045 2025-08-20 N/A 0.0 FileWrangler
CVE-2010-20042 2025-08-20 N/A 0.0 Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an…
CVE-2010-10014 2025-08-20 N/A 0.0 Odin Secure FTP
CVE-2009-10005 2025-08-20 N/A 0.0 ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from…
CVE-2025-55499 2025-08-20 MEDIUM 6.5 Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the ntpServer parameter in the fromSetSysTime function.
CVE-2025-57788 2025-08-20 N/A 0.0 An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps…
CVE-2025-55482 2025-08-20 HIGH 7.5 Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function.
CVE-2025-55483 2025-08-20 HIGH 7.5 Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList.
CVE-2025-50864 2025-08-20 N/A 0.0 An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking…
CVE-2025-43748 2025-08-20 N/A 0.0 Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update…
CVE-2025-36114 2025-08-20 MEDIUM 6.5 IBM QRadar SOAR Plugin App 1.0.0 through 5.6.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request…
CVE-2025-1142 2025-08-20 MEDIUM 5.4 IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to…
CVE-2025-1139 2025-08-20 MEDIUM 6.1 IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment.
CVE-2025-9165 2025-08-19 LOW 3.3 A flaw has been found in LibTIFF 4.7.0. This affects the function _TIFFmallocExt/_TIFFCheckRealloc/TIFFHashSetNew/InitCCITTFax3 of the file tools/tiffcmp.c of the component tiffcmp. Executing manipulation can lead to memory leak.…
CVE-2025-9157 2025-08-19 MEDIUM 5.3 A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2. The impacted element is the function untrunc_packet of the file src/tcpedit/edit_packet.c of the component tcprewrite. Executing manipulation can…
CVE-2025-9156 2025-08-19 HIGH 7.3 A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results…
CVE-2025-9155 2025-08-19 HIGH 7.3 A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forget_password.php. Such manipulation of the argument…
CVE-2025-55740 2025-08-19 MEDIUM 6.5 nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration…
« Anterior Página 550 de 3955 Siguiente »