Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-64655 2025-11-20 HIGH 8.8 Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-62459 2025-11-20 HIGH 8.3 Microsoft Defender Portal Spoofing Vulnerability
CVE-2025-62207 2025-11-20 HIGH 8.6 Azure Monitor Elevation of Privilege Vulnerability
CVE-2025-36072 2025-11-20 HIGH 8.8 IBM webMethods Integration 10.11 through 10.11_Core_Fix22, 10.15 through 10.15_Core_Fix22, and 11.1 through 11.1_Core_Fix6 IBM webMethods Integration allow an authenticated user to execute arbitrary code on the system, caused…
CVE-2025-13087 2025-11-20 MEDIUM 6.2 A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request…
CVE-2025-64770 2025-11-20 MEDIUM 6.8 The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-62674 2025-11-20 MEDIUM 6.8 The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information.
CVE-2025-55124 2025-11-20 MEDIUM 6.1 Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script.
CVE-2025-55123 2025-11-20 LOW 3.5 Improper neutralization of input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes manager accounts to be able to craft XSS attacks to their own advertiser users.
CVE-2025-52671 2025-11-20 MEDIUM 4.3 Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP…
CVE-2025-52670 2025-11-20 HIGH 7.1 Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts
CVE-2025-52669 2025-11-20 MEDIUM 4.3 Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and…
CVE-2025-52668 2025-11-20 HIGH 8.7 Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack.
CVE-2025-52667 2025-11-20 LOW 3.5 Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in…
CVE-2025-52666 2025-11-20 LOW 2.7 Improper neutralisation of format characters in the settings of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an administrator user to disable the admin user console due…
CVE-2025-48987 2025-11-20 MEDIUM 6.3 Improper Neutralization of Input in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes a potential reflected XSS attack.
CVE-2025-48986 2025-11-20 HIGH 8.8 Authorization bypass in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes an logged in attacker to change other users' email address and potentialy take over their accounts…
CVE-2025-35029 2025-11-20 LOW 3.5 Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content…
CVE-2025-63700 2025-11-20 HIGH 7.5 An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
CVE-2025-55128 2025-11-20 MEDIUM 6.5 HackerOne community member Dao Hoang Anh (yoyomiski) has reported an uncontrolled resource consumption vulnerability in the “userlog-index.php”. An attacker with access to the admin interface could request an…
CVE-2025-55127 2025-11-20 MEDIUM 5.4 HackerOne community member Dao Hoang Anh (yoyomiski) has reported an improper neutralization of whitespace in the username when adding new users. A username with leading or trailing whitespace…
CVE-2025-55126 2025-11-20 MEDIUM 6.5 HackerOne community member Dang Hung Vi (vidang04) has reported a stored XSS vulnerability involving the navigation box at the top of advertiser-related pages, with campaign names being the…
CVE-2025-10571 2025-11-20 CRITICAL 9.6 Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1.
CVE-2025-63889 2025-11-20 HIGH 7.5 The fetch function in file thinkphp\library\think\Template.php in ThinkPHP 5.0.24 allows attackers to read arbitrary files via crafted file path in a template value.
CVE-2025-64027 2025-11-20 MEDIUM 6.1 Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message…
CVE-2025-63848 2025-11-20 MEDIUM 6.1 Stored cross site scripting (xss) vulnerability in SWISH prolog thru 2.2.0 allowing attackers to execute arbitrary code via crafted web IDE notebook.
CVE-2025-60799 2025-11-20 MEDIUM 6.1 phpPgAdmin 7.13.0 and earlier contains an incorrect access control vulnerability in sql.php at lines 68-76. The application allows unauthorized manipulation of session variables by accepting user-controlled parameters ('subject',…
CVE-2025-60798 2025-11-20 MEDIUM 6.5 phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper…
CVE-2025-60797 2025-11-20 MEDIUM 6.5 phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization…
CVE-2025-60738 2025-11-20 HIGH 7.5 An issue in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before Logic Version v6.00 - 2025_07_21 and before allows a remote attacker to execute arbitrary code via…
CVE-2025-60794 2025-11-20 MEDIUM 6.5 Session tokens and passwords in couch-auth 0.21.2 are stored in JavaScript objects and remain in memory without explicit clearing in src/user.ts lines 700-707. This creates a window of…
CVE-2025-52410 2025-11-20 MEDIUM 6.5 Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used in SQL queries.
CVE-2025-13451 2025-11-20 HIGH 7.3 A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads…
CVE-2025-13450 2025-11-20 LOW 3.5 A vulnerability was determined in SourceCodester Online Shop Project 1.0. Impacted is an unknown function of the file /shop/register.php. This manipulation of the argument f_name causes cross site…
CVE-2025-13449 2025-11-20 HIGH 7.3 A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in…
CVE-2025-40605 2025-11-20 MEDIUM 5.3 A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../)…
CVE-2025-40604 2025-11-20 MEDIUM 6.5 Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to…
CVE-2025-40601 2025-11-20 HIGH 7.5 A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to…
CVE-2025-13424 2025-11-20 MEDIUM 4.7 A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads to…
CVE-2025-13423 2025-11-20 MEDIUM 4.7 A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/admin_product.php. Executing manipulation of the…
CVE-2025-12121 2025-11-20 HIGH 7.3 Lite XL versions 2.1.8 and prior contain a vulnerability in the system.exec function, which allowed arbitrary command execution through unsanitized shell command construction. This function was used in…
CVE-2025-12120 2025-11-20 HIGH 7.3 Lite XL versions 2.1.8 and prior automatically execute the .lite_project.lua file when opening a project directory, without prompting the user for confirmation. The .lite_project.lua file is intended for…
CVE-2025-64428 2025-11-20 N/A 0.0 Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14.…
CVE-2025-64185 2025-11-20 N/A 0.0 Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, Open OnDemand packages create world writable locations in the GEM_PATH. Open OnDemand versions 4.0.8 and…
CVE-2025-63207 2025-11-19 CRITICAL 9.8 The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN-000400) is vulnerable to broken access control due to improper authentication checks on the /_Passwd.html endpoint. An attacker can…
CVE-2025-62724 2025-11-20 MEDIUM 4.3 Open OnDemand is an open-source HPC portal. Prior to versions 4.0.8 and 3.1.16, users can craft a "Time of Check to Time of Use" (TOCTOU) attack when downloading…
CVE-2025-62709 2025-11-20 MEDIUM 6.8 ClipBucket v5 is an open source video sharing platform. In ClipBucket version 5.5.2, a change to network.class.php causes the application to dynamically build the server URL from the…
CVE-2025-62875 2025-11-20 N/A 0.0 An Improper Check for Unusual or Exceptional Conditions vulnerability in OpenSMTPD allows local users to crash OpenSMTPD. This issue affects openSUSE Tumbleweed: from ? before 7.8.0p0-1.1.
CVE-2025-63206 2025-11-19 CRITICAL 9.8 An authentication bypass issue was discovered in Dasan Switch DS2924 web based interface, firmware versions 1.01.18 and 1.02.00, allowing attackers to gain escalated privileges via storing crafted cookies…
CVE-2025-63205 2025-11-19 HIGH 7.5 An issue was discovered in bridgetech probes VB220 IP Network Probe,VB120 Embedded IP + RF Probe, VB330 High-Capacity Probe, VB440 ST 2110 Production Analytics Probe, and NOMAD, firmware…
« Anterior Página 638 de 4294 Siguiente »