Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62686 2025-12-03 MEDIUM 6.2 A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened…
CVE-2025-55076 2025-12-03 MEDIUM 6.2 A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input…
CVE-2025-54065 2025-12-03 HIGH 7.9 GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows…
CVE-2025-57202 2025-12-03 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a…
CVE-2025-34319 2025-12-03 N/A 0.0 TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send…
CVE-2025-20389 2025-12-03 MEDIUM 4.3 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and versions below 3.9.10, 3.8.58 and 3.7.28 of the Splunk Secure Gateway app on Splunk Cloud Platform, a…
CVE-2025-20388 2025-12-03 LOW 2.7 In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116, a user who holds a role that contains…
CVE-2025-20387 2025-12-03 HIGH 8.0 In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect…
CVE-2025-20386 2025-12-03 HIGH 8.0 In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions…
CVE-2025-20385 2025-12-03 LOW 2.4 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117, a user who holds a role with a…
CVE-2025-20384 2025-12-03 MEDIUM 5.3 In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125, an unauthenticated attacker can inject American National Standards…
CVE-2025-20383 2025-12-03 MEDIUM 4.3 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user…
CVE-2025-20382 2025-12-03 LOW 3.5 In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120, a low-privileged user that does not hold the…
CVE-2025-20381 2025-12-03 MEDIUM 5.4 In Splunk MCP Server app versions below 0.2.4, a user with access to the "run_splunk_query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in…
CVE-2025-13751 2025-12-03 N/A 0.0 Interactive service agent in OpenVPN version 2.5.0 through 2.7_rc2 on Windows allows a local authenticated user to connect to the service and trigger an error causing a local…
CVE-2025-13492 2025-12-03 N/A 0.0 A potential security vulnerability has been identified in HP Image Assistant for versions prior to 5.3.3. The vulnerability could potentially allow a local attacker to escalate privileges via…
CVE-2024-32643 2025-12-03 HIGH 7.5 Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/…
CVE-2024-32642 2025-12-03 HIGH 8.8 Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via…
CVE-2024-32641 2025-12-03 CRITICAL 9.8 Masa CMS is an open source Enterprise Content Management platform. Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 are vulnerable to remote code execution. The vulnerability exists…
CVE-2025-7044 2025-12-03 HIGH 7.7 An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property…
CVE-2025-65267 2025-12-03 CRITICAL 9.0 In ERPNext v15.83.2 and Frappe Framework v15.86.0, improper validation of uploaded SVG avatar images allows attackers to embed malicious JavaScript. The payload executes when an administrator clicks the…
CVE-2025-57201 2025-12-03 HIGH 8.8 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via…
CVE-2025-58386 2025-12-02 CRITICAL 9.8 In Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorization checks. A Power User can intercept and modify…
CVE-2025-57199 2025-12-03 HIGH 8.8 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a…
CVE-2025-57198 2025-12-03 HIGH 8.8 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a…
CVE-2025-57200 2025-12-03 MEDIUM 6.5 AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a…
CVE-2025-65896 2025-12-02 CRITICAL 9.8 SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary SQL commands via crafted dict keys.
CVE-2025-65844 2025-12-02 HIGH 7.5 EverShop 2.0.1 allows an unauthenticated user to upload files and create directories within the /api/images endpoint.
CVE-2025-60736 2025-12-02 CRITICAL 9.8 code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter.
CVE-2025-60854 2025-12-02 CRITICAL 9.8 A vulnerability has been found in D-Link R15 (AX1500) 1.20.01 and below. By manipulating the model name parameter during a password change request in the web administrator page,…
CVE-2025-53841 2025-12-03 HIGH 7.8 Akamai Guardicore Platform Agent before 52.1.1 allows an unprivileged user to fully elevate privileges to SYSTEM. This affects versions before 50.15.0, 51.12.0, and 52.1.1.
CVE-2025-13949 2025-12-03 MEDIUM 6.3 A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The…
CVE-2025-13948 2025-12-03 MEDIUM 5.6 A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of…
CVE-2025-12954 2025-12-03 LOW 2.7 The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event…
CVE-2025-13756 2025-12-03 MEDIUM 4.3 The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up…
CVE-2025-13401 2025-12-03 MEDIUM 6.4 The Autoptimize plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LCP Image to preload metabox in all versions up to, and including, 3.1.13 due to…
CVE-2025-13359 2025-12-03 MEDIUM 6.5 The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up…
CVE-2025-13354 2025-12-03 MEDIUM 4.3 The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This…
CVE-2025-13342 2025-12-03 CRITICAL 9.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due…
CVE-2025-13109 2025-12-03 MEDIUM 4.3 The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the…
CVE-2025-12887 2025-12-03 MEDIUM 5.4 The Post SMTP plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.6.1. This is due to the plugin not properly verifying…
CVE-2025-12358 2025-12-03 MEDIUM 4.3 The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing…
CVE-2025-39665 2025-12-03 N/A 0.0 User enumeration in Nagvis' Checkmk MultisiteAuth before version 1.9.48 allows an unauthenticated attacker to enumerate Checkmk usernames.
CVE-2025-13947 2025-12-03 HIGH 7.4 A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file…
CVE-2025-29864 2025-12-03 N/A 0.0 Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.
CVE-2025-13472 2025-12-03 N/A 0.0 A fix was made in BlazeMeter Jenkins Plugin version 4.27 to allow users only with certain permissions to see the list of available resources like credential IDs, bzm…
CVE-2025-12744 2025-12-03 HIGH 8.8 A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a…
CVE-2025-13946 2025-12-03 MEDIUM 5.5 MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service
CVE-2025-13945 2025-12-03 MEDIUM 5.5 HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service
CVE-2025-13486 2025-12-03 CRITICAL 9.8 The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the…
« Anterior Página 610 de 4288 Siguiente »