Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8870 2025-11-14 MEDIUM 4.9 On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
CVE-2025-13170 2025-11-14 HIGH 7.3 A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/edit_account.php. Performing manipulation of the argument admin_id…
CVE-2025-9982 2025-11-14 N/A 0.0 A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to…
CVE-2025-11918 2025-11-14 N/A 0.0 Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue…
CVE-2025-10018 2025-11-14 N/A 0.0 QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-8855 2025-11-14 HIGH 8.1 Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client,…
CVE-2025-11981 2025-11-14 MEDIUM 4.9 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to…
CVE-2025-11794 2025-11-14 MEDIUM 4.9 Mattermost versions 10.11.x
CVE-2025-55073 2025-11-14 MEDIUM 5.4 Mattermost versions 10.11.x
CVE-2025-55070 2025-11-14 MEDIUM 6.5 Mattermost versions
CVE-2025-41436 2025-11-14 LOW 3.1 Mattermost versions
CVE-2025-11776 2025-11-14 MEDIUM 4.3 Mattermost versions
CVE-2025-64444 2025-11-14 HIGH 7.2 Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained…
CVE-2025-10686 2025-11-14 HIGH 7.2 The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include…
CVE-2025-13161 2025-11-14 HIGH 7.5 IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
CVE-2025-13160 2025-11-14 MEDIUM 5.3 IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal…
CVE-2025-9479 2025-11-14 MEDIUM 4.3 Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security…
CVE-2025-13107 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-13102 2025-11-14 MEDIUM 4.3 Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security…
CVE-2025-13097 2025-11-14 MEDIUM 5.4 Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2025-12904 2025-11-14 HIGH 7.2 The SNORDIAN's H5PxAPIkatchu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'insert_data' AJAX endpoint in all versions up to, and including, 0.4.17 due to insufficient…
CVE-2024-9126 2025-11-14 HIGH 7.5 Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to…
CVE-2024-7021 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2024-7017 2025-11-14 HIGH 7.5 Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
CVE-2024-13983 2025-11-14 MEDIUM 6.3 Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity:…
CVE-2024-13178 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVE-2024-11920 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.…
CVE-2024-11919 2025-11-14 MEDIUM 4.3 Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2025-64530 2025-11-13 HIGH 7.5 Apollo Federation is an architecture for declaratively composing APIs into a unified graph. A vulnerability in versions of Apollo Federation's composition logic prior to 2.9.5, 2.10.4, 2.11.5, and…
CVE-2025-64754 2025-11-13 N/A 0.0 Jitsi Meet is an open source video conferencing application. A vulnerability present in versions prior to 2.0.10532 allows attackers to hijack the OAuth authentication window for Microsoft accounts.…
CVE-2025-64753 2025-11-13 MEDIUM 5.3 grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with only partial read access to a document could still access endpoints listing hashes for versions…
CVE-2025-64752 2025-11-13 MEDIUM 6.8 grist-core is a spreadsheet hosting server. Prior to version 1.7.7, a user with access to any document on a Grist installation can use a feature for fetching from…
CVE-2025-64749 2025-11-13 MEDIUM 4.3 Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions…
CVE-2025-64748 2025-11-13 MEDIUM 6.5 Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when…
CVE-2025-64747 2025-11-13 MEDIUM 5.5 Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 11.13.0 that allows users…
CVE-2025-47913 2025-11-13 HIGH 7.5 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
CVE-2025-36251 2025-11-13 CRITICAL 9.6 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process…
CVE-2025-36250 2025-11-13 CRITICAL 10.0 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary…
CVE-2025-36236 2025-11-13 HIGH 8.2 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to traverse directories…
CVE-2025-36096 2025-11-13 CRITICAL 9.0 IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized…
CVE-2025-13131 2025-11-13 HIGH 7.8 A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default…
CVE-2025-13130 2025-11-13 HIGH 7.8 A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect…
CVE-2025-64746 2025-11-13 MEDIUM 4.6 Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field…
CVE-2025-64745 2025-11-13 LOW 2.7 Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting (XSS) vulnerability exists in Astro's development server error pages when…
CVE-2025-64744 2025-11-13 LOW 3.5 OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered…
CVE-2025-4619 2025-11-13 N/A 0.0 A denial-of-service (DoS) vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to reboot a firewall by sending a specially crafted packet through the dataplane. Repeated…
CVE-2025-64726 2025-11-13 N/A 0.0 Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions (separate from installers) prior…
CVE-2025-64709 2025-11-13 CRITICAL 9.6 Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated…
CVE-2025-59840 2025-11-13 HIGH 8.1 Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at…
CVE-2025-46370 2025-11-13 LOW 3.3 Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Process Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…
« Anterior Página 653 de 4295 Siguiente »