Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-48106 2025-10-22 MEDIUM 6.5 Unrestricted Upload of File with Dangerous Type vulnerability in CMSSuperHeroes Clanora clanora allows Using Malicious Files.This issue affects Clanora: from n/a through < 1.3.1.
CVE-2025-48099 2025-10-22 MEDIUM 5.4 Cross-Site Request Forgery (CSRF) vulnerability in Code Amp Search & Filter search-filter allows Cross Site Request Forgery.This issue affects Search & Filter: from n/a through
CVE-2025-48098 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through
CVE-2025-48097 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiva WSAnalytics wsanalytics-google-analytics-and-dashboards allows Reflected XSS.This issue affects WSAnalytics: from n/a through
CVE-2025-48096 2025-10-22 MEDIUM 6.5 Missing Authorization vulnerability in FRESHFACE Custom CSS custom-css-editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom CSS: from n/a through
CVE-2025-48095 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through
CVE-2025-48093 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calvaweb Password only login password-only-login allows Reflected XSS.This issue affects Password only login: from n/a through
CVE-2025-48092 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jurajpuchky Fix Multiple Redirects fix-multiple-redirects allows Reflected XSS.This issue affects Fix Multiple Redirects: from n/a through
CVE-2025-48091 2025-10-22 MEDIUM 6.5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through
CVE-2025-48082 2025-10-22 HIGH 7.5 Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through
CVE-2025-39534 2025-10-22 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Somonator Terms Dictionary terms-dictionary allows Reflected XSS.This issue affects Terms Dictionary: from n/a through
CVE-2025-32657 2025-10-22 MEDIUM 5.3 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Testimonial Slider And Showcase Pro testimonial-slider-showcase-pro allows PHP Local File Inclusion.This…
CVE-2025-32283 2025-10-22 MEDIUM 6.5 Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through
CVE-2025-31634 2025-10-22 MEDIUM 6.5 Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through
CVE-2025-30944 2025-10-22 MEDIUM 5.3 Missing Authorization vulnerability in Essekia Tablesome Table Premium tablesome-premium allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Tablesome Table Premium: from n/a through
CVE-2025-11966 2025-10-22 N/A 0.0 In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the…
CVE-2025-11965 2025-10-22 N/A 0.0 In Eclipse Vert.x versions [4.0.0, 4.5.21] and [5.0.0, 5.0.4], a StaticHandler configuration for restricting access to hidden files fails to restrict access to hidden directories, allowing unauthorized users…
CVE-2016-15048 2025-10-22 N/A 0.0 AMTT Hotel Broadband Operation System (HiBOS) contains an unauthenticated command injection vulnerability in the /manager/radius/server_ping.php endpoint. The application constructs a shell command that includes the user-supplied ip parameter…
CVE-2025-8848 2025-10-22 MEDIUM 4.8 A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in user sends an HTTP GET request with a crafted Accept-Language header,…
CVE-2025-61035 2025-10-22 N/A 0.0 The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777…
CVE-2025-56447 2025-10-22 CRITICAL 9.8 TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
CVE-2025-11844 2025-10-22 MEDIUM 5.4 Hugging Face Smolagents version 1.20.0 contains an XPath injection vulnerability in the search_item_ctrl_f function located in src/smolagents/vision_web_browser.py. The function constructs an XPath query by directly concatenating user-supplied input…
CVE-2025-11750 2025-10-22 MEDIUM 4.3 In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or…
CVE-2023-53732 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in ni_write_inode Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode,…
CVE-2023-53731 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netlink: fix potential deadlock in netlink_set_err() syzbot reported a possible deadlock in netlink_set_err() [1] A similar issue was…
CVE-2023-53730 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled when unlock. DEADLOCK might happen…
CVE-2023-53729 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: soc: qcom: qmi_encdec: Restrict string length in decode The QMI TLV value for strings in a lot of…
CVE-2023-53728 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid posix_timer_add() tries to allocate a posix timer ID by starting…
CVE-2023-53727 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: avoid stalls in fq_pie_timer() When setting a high number of flows (limit being 65536), fq_pie_timer() is…
CVE-2023-53726 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix…
CVE-2023-53725 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe() warn: 'timer_baseaddr' from of_iomap() not released on lines:…
CVE-2023-53724 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() `req` is allocated in pcf50633_adc_async_read(), but adc_enqueue_request() could fail to insert…
CVE-2023-53723 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdma_v4_0_ip is shared on a…
CVE-2023-53722 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds…
CVE-2023-53721 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan() In ath12k_mac_op_hw_scan(), the return value of kzalloc() is directly…
CVE-2023-53720 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Release the label when replacing existing ct entry Cited commit doesn't release the label mapping when replacing…
CVE-2023-53719 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on…
CVE-2023-53718 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buffer…
CVE-2023-53717 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response…
CVE-2023-53716 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: net: fix skb leak in __skb_tstamp_tx() Commit 50749f2dd685 ("tcp/udp: Fix memleaks of sk and zerocopy skbs with TX…
CVE-2023-53715 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not…
CVE-2023-53714 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a container_of() before the pointer…
CVE-2023-53713 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: arm64: sme: Use STR P to clear FFR context field in streaming SVE mode The FFR is a…
CVE-2023-53712 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all…
CVE-2023-53711 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head…
CVE-2023-53710 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix error code of return in mt7921_acpi_read Kernel NULL pointer dereference when ACPI SAR table…
CVE-2023-53709 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rb_move_tail and rb_check_pages It seems a data race between ring_buffer writing and integrity check.…
CVE-2023-53708 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating…
CVE-2023-53707 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 The type of size is unsigned int, if size is 0x40000000, there…
CVE-2023-53706 2025-10-22 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/vmemmap/devdax: fix kernel crash when probing devdax devices commit 4917f55b4ef9 ("mm/sparse-vmemmap: improve memory savings for compound devmaps") added…
« Anterior Página 57 de 3639 Siguiente »