Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9134 2025-08-19 MEDIUM 5.3 A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of…
CVE-2025-54336 2025-08-19 CRITICAL 9.8 In Plesk Obsidian 18.0.70, _isAdminPasswordValid uses an == comparison. Thus, if the correct password is "0e" followed by any digit string, then an attacker can login with any…
CVE-2025-50567 2025-08-19 CRITICAL 10.0 Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This…
CVE-2025-4690 2025-08-19 MEDIUM 4.3 A regular expression used by AngularJS'  linky https://docs.angularjs.org/api/ngSanitize/filter/linky  filter to detect URLs in input text is vulnerable to super-linear runtime due to backtracking. With a large carefully-crafted input,…
CVE-2025-4046 2025-08-19 HIGH 8.5 A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization
CVE-2025-4044 2025-08-19 HIGH 8.2 Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.
CVE-2025-43739 2025-08-19 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update…
CVE-2024-45062 2025-08-19 MEDIUM 6.4 A stack based buffer overflow vulnerability is present in OpenPrinting ippusbxd 1.34. A specially configured printer that supports IPP-over-USB can cause a buffer overflow which can lead to…
CVE-2025-52584 2025-08-18 HIGH 7.8 In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could…
CVE-2025-46269 2025-08-18 HIGH 7.8 In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could…
CVE-2025-9119 2025-08-18 LOW 2.4 A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument…
CVE-2025-53705 2025-08-18 HIGH 7.8 In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could…
CVE-2025-41392 2025-08-18 HIGH 7.8 In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could…
CVE-2025-9138 2025-08-19 LOW 3.5 A vulnerability was found in Scada-LTS 2.7.8.1. Affected is an unknown function of the file pointHierarchy/new/. Performing manipulation of the argument Title results in cross site scripting. The…
CVE-2025-9137 2025-08-19 LOW 3.5 A vulnerability has been found in Scada-LTS 2.7.8.1. This impacts an unknown function of the file scheduled_events.shtm. Such manipulation of the argument alias leads to cross site scripting.…
CVE-2025-43740 2025-08-19 N/A 0.0 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1…
CVE-2025-8783 2025-08-19 MEDIUM 4.4 The Contact Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title’ parameter in all versions up to, and including, 8.6.5 due to insufficient input…
CVE-2025-8567 2025-08-19 MEDIUM 6.4 The Nexter Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 4.5.4 due to insufficient input sanitization…
CVE-2025-41689 2025-08-19 MEDIUM 5.3 An unauthenticated remote attacker can grant access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data.
CVE-2025-41685 2025-08-19 MEDIUM 6.5 A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
CVE-2025-8723 2025-08-19 CRITICAL 9.8 The Cloudflare Image Resizing plugin for WordPress is vulnerable to Remote Code Execution due to missing authentication and insufficient sanitization within its hook_rest_pre_dispatch() method in all versions up…
CVE-2025-8622 2025-08-19 MEDIUM 6.4 The Flexible Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flexible Maps shortcode in all versions up to, and including, 1.18.0 due to…
CVE-2025-7670 2025-08-19 HIGH 7.5 The JS Archive List plugin for WordPress is vulnerable to time-based SQL Injection via the build_sql_where() function in all versions up to, and including, 6.1.5 due to insufficient…
CVE-2025-7654 2025-08-19 HIGH 8.8 Multiple FunnelKit plugins are vulnerable to Sensitive Information Exposure via the wf_get_cookie shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive…
CVE-2025-8218 2025-08-19 HIGH 8.8 The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'change_role_member' parameter in all versions up to, and including, 3.5.…
CVE-2025-6758 2025-08-19 CRITICAL 9.8 The Real Spaces - WordPress Properties Directory Theme theme for WordPress is vulnerable to privilege escalation via the 'imic_agent_register' function in all versions up to, and including, 3.6.…
CVE-2025-38553 2025-08-19 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem…
CVE-2025-8357 2025-08-19 MEDIUM 4.3 The Media Library Assistant plugin for WordPress is vulnerable to arbitrary file deletion in the /wp-content/uploads directory due to insufficient file path validation and user capability checking in…
CVE-2025-7496 2025-08-19 MEDIUM 6.4 The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to…
CVE-2025-54862 2025-08-18 MEDIUM 5.4 Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the…
CVE-2025-54759 2025-08-18 MEDIUM 6.1 Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
CVE-2025-54156 2025-08-18 HIGH 7.4 The Sante PACS Server Web Portal sends credential information without encryption.
CVE-2025-53948 2025-08-18 HIGH 7.5 The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a…
CVE-2025-57725 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57724 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57723 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57722 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57721 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57720 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57719 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57718 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-57717 2025-08-19 N/A 0.0 Rejected reason: Not used
CVE-2025-55586 2025-08-18 HIGH 7.5 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via…
CVE-2025-55585 2025-08-18 MEDIUM 6.5 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
CVE-2025-55584 2025-08-18 MEDIUM 5.3 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVE-2025-53192 2025-08-18 HIGH 8.8 ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​,…
CVE-2025-32992 2025-08-18 HIGH 8.5 Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.
CVE-2025-8098 2025-08-18 HIGH 7.8 An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
CVE-2025-55591 2025-08-18 CRITICAL 9.8 TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
CVE-2025-55590 2025-08-18 MEDIUM 6.5 TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
« Anterior Página 564 de 3962 Siguiente »