Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2023-53776 2025-12-10 N/A 0.0 Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to exploit weak session management by reusing IP-bound session identifiers. Attackers can issue unauthorized requests to…
CVE-2023-53775 2025-12-10 N/A 0.0 Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change user passwords by exploiting weak session management controls. Attackers can reuse IP-bound session identifiers…
CVE-2023-53741 2025-12-10 N/A 0.0 Screen SFT DAB 1.9.3 contains a weak session management vulnerability that allows attackers to bypass authentication controls by reusing IP address-bound session identifiers. Attackers can exploit the vulnerable…
CVE-2023-53740 2025-12-10 N/A 0.0 Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint…
CVE-2020-36902 2025-12-10 N/A 0.0 UBICOD Medivision Digital Signage 1.5.1 contains an authorization bypass vulnerability that allows normal users to escalate privileges by manipulating the 'ft[grp]' parameter. Attackers can send a GET request…
CVE-2020-36901 2025-12-10 N/A 0.0 UBICOD Medivision Digital Signage 1.5.1 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious…
CVE-2020-36900 2025-12-10 N/A 0.0 All-Dynamics Digital Signage System 2.0.2 contains a cross-site request forgery vulnerability that allows attackers to create administrative users without proper request validation. Attackers can craft a malicious web…
CVE-2020-36899 2025-12-10 N/A 0.0 QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive files through unverified 'filename' and 'path' parameters. Attackers can…
CVE-2020-36898 2025-12-10 N/A 0.0 QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit…
CVE-2020-36897 2025-12-10 N/A 0.0 QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated remote code execution vulnerability in the QH.aspx file that allows attackers to upload malicious ASPX scripts. Attackers can exploit…
CVE-2020-36896 2025-12-10 N/A 0.0 QiHang Media Web Digital Signage 3.0.9 contains a cleartext credentials vulnerability that allows unauthenticated attackers to access administrative login information through an unprotected XML file. Attackers can retrieve…
CVE-2020-36895 2025-12-10 N/A 0.0 EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve…
CVE-2020-36894 2025-12-10 N/A 0.0 Eibiz i-Media Server Digital Signage 3.8.0 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through AMF-encoded object manipulation. Attackers can send crafted serialized…
CVE-2020-36893 2025-12-10 N/A 0.0 Eibiz i-Media Server Digital Signage 3.8.0 contains a directory traversal vulnerability that allows unauthenticated remote attackers to access files outside the server's root directory. Attackers can exploit the…
CVE-2020-36892 2025-12-10 N/A 0.0 Eibiz i-Media Server Digital Signage 3.8.0 contains an unauthenticated privilege escalation vulnerability in the updateUser object that allows attackers to modify user roles. Attackers can exploit the /messagebroker/amf…
CVE-2020-36888 2025-12-10 N/A 0.0 SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests…
CVE-2020-36887 2025-12-10 N/A 0.0 SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing…
CVE-2020-36886 2025-12-10 N/A 0.0 SpinetiX Fusion Digital Signage 3.4.8 contains a cross-site request forgery vulnerability that allows attackers to create administrative user accounts without proper request validation. Attackers can craft a malicious…
CVE-2020-36885 2025-12-10 N/A 0.0 Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability…
CVE-2020-36884 2025-12-10 N/A 0.0 BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers…
CVE-2020-36883 2025-12-10 N/A 0.0 SpinetiX Fusion Digital Signage 3.4.8 and lower contains an authenticated path traversal vulnerability that allows attackers to manipulate file backup and deletion operations through unverified input parameters. Attackers…
CVE-2025-67511 2025-12-11 CRITICAL 9.6 Cybersecurity AI (CAI) is an open-source framework for building and deploying AI-powered offensive and defensive automation. Versions 0.5.9 and below are vulnerable to Command Injection through the run_ssh_command_with_credentials()…
CVE-2025-65474 2025-12-11 N/A 0.0 An arbitrary file rename vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via renaming a PHP file to a…
CVE-2025-65473 2025-12-11 CRITICAL 9.1 An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted…
CVE-2025-65472 2025-12-11 N/A 0.0 A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious…
CVE-2025-65471 2025-12-11 N/A 0.0 An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2025-65292 2025-12-10 HIGH 7.3 Command injection vulnerability in Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 allows attackers to execute arbitrary commands with root privileges…
CVE-2025-65290 2025-12-10 HIGH 7.4 Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to…
CVE-2025-55311 2025-12-11 MEDIUM 6.5 An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. A crafted PDF can use JavaScript to alter annotation…
CVE-2025-14526 2025-12-11 HIGH 8.8 A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer…
CVE-2024-8273 2025-12-11 N/A 0.0 Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
CVE-2025-67742 2025-12-11 LOW 3.8 In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVE-2025-67741 2025-12-11 MEDIUM 4.6 In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVE-2025-67740 2025-12-11 LOW 2.7 In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVE-2025-67739 2025-12-11 LOW 3.1 In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
CVE-2025-66474 2025-12-10 N/A 0.0 XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Versions 16.10.9 and below,…
CVE-2025-66473 2025-12-10 N/A 0.0 XWiki is an open-source wiki software platform. Versions 16.10.10 and below, 17.0.0-rc-1 through 17.4.3 and 17.5.0-rc-1 through 17.6.0 contain a REST API which doesn't enforce any limits for…
CVE-2025-65297 2025-12-10 HIGH 7.5 Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure…
CVE-2025-65296 2025-12-10 MEDIUM 6.5 NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, and Camera Hub G3 4.1.9_0027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs.
CVE-2025-65294 2025-12-10 CRITICAL 9.8 Aqara Hub devices including Camera Hub G3 4.1.9_0027, Hub M2 4.3.6_0027, and Hub M3 4.3.6_0025 contain an undocumented remote access mechanism enabling unrestricted remote command execution.
CVE-2025-65831 2025-12-10 HIGH 7.5 The application uses an insecure hashing algorithm (MD5) to hash passwords. If an attacker obtained a copy of these hashes, either through exploiting cloud services, performing TLS downgrade…
CVE-2025-65293 2025-12-10 MEDIUM 6.6 Command injection vulnerabilities in Aqara Camera Hub G3 4.1.9_0027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset.
CVE-2025-59803 2025-12-11 MEDIUM 5.3 Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing…
CVE-2025-59802 2025-12-11 HIGH 7.5 Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and…
CVE-2025-55314 2025-12-11 HIGH 7.8 An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript,…
CVE-2025-55313 2025-12-11 HIGH 7.8 An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted…
CVE-2025-55312 2025-12-11 HIGH 7.8 An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application…
CVE-2025-14522 2025-12-11 MEDIUM 6.3 A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results…
CVE-2025-14521 2025-12-11 MEDIUM 4.3 A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument…
CVE-2025-14520 2025-12-11 MEDIUM 5.4 A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path…
« Anterior Página 574 de 4286 Siguiente »