Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-56643 2025-11-18 CRITICAL 9.1 Requarks Wiki.js 2.5.307 does not properly revoke or invalidate active JWT tokens when a user logs out. As a result, previously issued tokens remain valid and can be…
CVE-2025-63228 2025-11-18 CRITICAL 9.8 The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /upload_file.php endpoint. An attacker can exploit this by sending a…
CVE-2025-63227 2025-11-18 HIGH 7.2 The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary…
CVE-2025-63693 2025-11-18 MEDIUM 5.4 The comment editing template (dzz/comment/template/edit_form.htm) in DzzOffice 2.3.x lacks adequate security escaping for user-controllable data in multiple contexts, including HTML and JavaScript strings. This allows low-privilege attackers to…
CVE-2025-37162 2025-11-18 MEDIUM 6.5 A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker…
CVE-2025-37161 2025-11-18 HIGH 7.5 A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker…
CVE-2025-64076 2025-11-18 HIGH 7.5 Multiple vulnerabilities exist in cbor2 through version 5.7.0 in the decode_definite_long_string() function of the C extension decoder (source/decoder.c): (1) Integer Underflow Leading to Out-of-Bounds Read (CWE-191, CWE-125): An…
CVE-2025-63258 2025-11-18 MEDIUM 6.5 A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262,…
CVE-2025-56499 2025-11-18 MEDIUM 6.5 Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config…
CVE-2025-54320 2025-11-18 MEDIUM 4.3 In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the invite user function, leading to an email bombing vulnerability. An authenticated attacker can exploit…
CVE-2025-58034 2025-11-18 HIGH 7.2 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0…
CVE-2025-0351 2025-11-19 N/A 0.0 Rejected reason: Voluntarily withdrawn
CVE-2025-65941 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65940 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65939 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65938 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65937 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65936 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65935 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65934 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-65933 2025-11-19 N/A 0.0 Rejected reason: Not used
CVE-2025-63955 2025-11-18 HIGH 7.5 A Cross-Site Request Forgery (CSRF) vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged…
CVE-2025-63749 2025-11-18 MEDIUM 6.5 pnetlab 5.3.11 is vulnerable to Command Injection via the qemu_options parameter.
CVE-2025-63514 2025-11-18 MEDIUM 6.1 kishan0725 Hospital Management System has a Cross-Site Scripting (XSS) vulnerability in appsearch.php via the email parameter.
CVE-2025-61662 2025-11-18 MEDIUM 4.9 A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module…
CVE-2025-61661 2025-11-18 MEDIUM 4.8 A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device,…
CVE-2025-54771 2025-11-18 MEDIUM 4.9 A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid…
CVE-2025-54770 2025-11-18 MEDIUM 4.9 A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because…
CVE-2025-37160 2025-11-18 MEDIUM 5.3 A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this…
CVE-2025-37155 2025-11-18 HIGH 7.8 A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow…
CVE-2025-13083 2025-11-18 LOW 3.7 Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before…
CVE-2025-13082 2025-11-18 MEDIUM 4.3 User Interface (UI) Misrepresentation of Critical Information vulnerability in Drupal Drupal core allows Content Spoofing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from…
CVE-2025-13080 2025-11-18 MEDIUM 5.3 Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal Drupal core allows Forceful Browsing.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from…
CVE-2025-12761 2025-11-18 LOW 3.5 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Simple multi step form allows Cross-Site Scripting (XSS).This issue affects Simple multi step form: from…
CVE-2025-12760 2025-11-18 MEDIUM 5.4 Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
CVE-2025-63226 2025-11-18 N/A 0.0 The Sencore SMP100 SMP Media Platform (firmware versions V4.2.160, V60.1.4, V60.1.29) is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are…
CVE-2025-37159 2025-11-18 MEDIUM 5.8 A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation…
CVE-2025-37158 2025-11-18 MEDIUM 6.7 A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected…
CVE-2025-63225 2025-11-18 N/A 0.0 The Eurolab ELTS100_UBX device (firmware version ELTS100v1.UBX) is vulnerable to Broken Access Control due to missing authentication on critical administrative endpoints. Attackers can directly access and modify sensitive…
CVE-2025-61664 2025-11-18 MEDIUM 4.9 A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not…
CVE-2025-61663 2025-11-18 MEDIUM 4.9 A vulnerability has been identified in the GRUB2 bootloader's normal command that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because…
CVE-2025-60455 2025-11-18 N/A 0.0 Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
CVE-2025-52639 2025-11-18 LOW 3.5 HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering…
CVE-2025-37163 2025-11-18 HIGH 7.2 A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute…
CVE-2025-37157 2025-11-18 MEDIUM 6.7 A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected…
CVE-2025-37156 2025-11-18 MEDIUM 6.8 A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the…
CVE-2025-34324 2025-11-18 N/A 0.0 GoSign Desktop versions 2.4.0 and earlier use an unsigned update manifest for distributing application updates. The manifest contains package URLs and SHA-256 hashes but is not digitally signed,…
CVE-2025-63994 2025-11-18 N/A 0.0 An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
CVE-2025-63829 2025-11-18 MEDIUM 5.3 eProsima Fast-DDS v3.3 and before has an infinite loop vulnerability caused by integer overflow in the Time_t:: fraction() function.
CVE-2025-55796 2025-11-18 HIGH 7.5 The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These…
« Anterior Página 643 de 4294 Siguiente »