Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-57310 2025-11-12 HIGH 8.8 A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
CVE-2025-20355 2025-11-13 MEDIUM 4.7 A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.…
CVE-2025-20353 2025-11-13 MEDIUM 6.1 A vulnerability in the web-based management interface of Cisco Catalyst Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of…
CVE-2025-20349 2025-11-13 MEDIUM 6.3 A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user.…
CVE-2025-20346 2025-11-13 MEDIUM 4.3 A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials.…
CVE-2025-20341 2025-11-13 HIGH 8.8 A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to…
CVE-2025-13121 2025-11-13 HIGH 7.3 A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the…
CVE-2025-64718 2025-11-13 MEDIUM 5.3 js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed…
CVE-2025-64717 2025-11-13 N/A 0.0 ZITADEL is an open source identity management platform. Starting in version 2.50.0 and prior to versions 2.71.19, 3.4.4, and 4.6.6, a vulnerability in ZITADEL's federation process allowed auto-linking…
CVE-2025-64714 2025-11-13 MEDIUM 5.8 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, an unauthenticated Local File Inclusion…
CVE-2025-64703 2025-11-13 MEDIUM 6.3 MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process…
CVE-2025-64525 2025-11-13 MEDIUM 6.5 Astro is a web framework. In Astro versions 2.16.0 up to but excluding 5.15.5 which utilizeon-demand rendering, request headers `x-forwarded-proto` and `x-forwarded-port` are insecurely used, without sanitization, to…
CVE-2025-64511 2025-11-13 HIGH 7.4 MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can access internal network services such as databases through Python code in the…
CVE-2025-64383 2025-11-13 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Qode Qi Blocks qi-blocks allows Stored XSS.This issue affects Qi Blocks: from n/a through
CVE-2025-64382 2025-11-13 MEDIUM 4.3 Missing Authorization vulnerability in WebToffee Order Export & Order Import for WooCommerce order-import-export-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Export & Order Import…
CVE-2025-64380 2025-11-13 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through
CVE-2025-64379 2025-11-13 MEDIUM 4.3 Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through
CVE-2025-64370 2025-11-13 MEDIUM 5.3 Missing Authorization vulnerability in YOP YOP Poll yop-poll allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YOP Poll: from n/a through
CVE-2025-64277 2025-11-13 MEDIUM 5.3 Missing Authorization vulnerability in QuantumCloud ChatBot chatbot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ChatBot: from n/a through
CVE-2025-63929 2025-11-12 HIGH 7.5 A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). When multiple threads enqueue elements concurrently via IEC10X_PrioEnQueue, the function may dereference a null or…
CVE-2025-63927 2025-11-12 MEDIUM 4.0 A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). During multi-threaded client execution, the function Iec10x_Scheduled can access memory that has already been freed, potentially causing…
CVE-2025-63811 2025-11-12 HIGH 7.5 An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally…
CVE-2025-62484 2025-11-13 HIGH 8.1 Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVE-2025-63645 2025-11-12 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server…
CVE-2025-63396 2025-11-12 LOW 3.3 An issue was discovered in PyTorch v2.5 and v2.7.1. Omission of profiler.stop() can cause torch.profiler.profile (PythonTracer) to crash or hang during finalization, leading to a Denial of Service…
CVE-2025-13120 2025-11-13 MEDIUM 5.3 A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An…
CVE-2025-56385 2025-11-12 CRITICAL 9.8 A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized…
CVE-2025-60645 2025-11-12 MEDIUM 6.5 A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request.
CVE-2025-13119 2025-11-13 MEDIUM 4.3 A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated…
CVE-2025-13118 2025-11-13 MEDIUM 6.3 A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID…
CVE-2025-64741 2025-11-13 HIGH 8.1 Improper authorization handling in Zoom Workplace for Android before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVE-2025-64740 2025-11-13 HIGH 7.5 Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local…
CVE-2025-64739 2025-11-13 MEDIUM 4.3 External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-64738 2025-11-13 MEDIUM 5.0 External control of file name or path in Zoom Workplace for macOS before version 6.5.10 may allow an authenticated user to conduct a disclosure of information via local…
CVE-2025-64711 2025-11-13 LOW 3.9 PrivateBin is an online pastebin where the server has zero knowledge of pasted data. Starting in version 1.7.7 and prior to version 2.0.3, dragging a file whose filename…
CVE-2025-64523 2025-11-12 N/A 0.0 File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1…
CVE-2025-62483 2025-11-13 MEDIUM 5.3 Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-62482 2025-11-13 MEDIUM 4.3 Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.
CVE-2025-30669 2025-11-13 MEDIUM 4.8 Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
CVE-2025-30662 2025-11-13 MEDIUM 6.6 Symlink following in the installer for the Zoom Workplace VDI Plugin macOS Universal installer before version 6.3.14, 6.4.14, and 6.5.10 in their respective tracks may allow an authenticated…
CVE-2025-59367 2025-11-13 N/A 0.0 An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. Refer to the 'Security…
CVE-2025-13117 2025-11-13 MEDIUM 5.4 A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the…
CVE-2025-13076 2025-11-12 MEDIUM 4.7 A flaw has been found in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/usersetting.php. Executing manipulation of the argument usname…
CVE-2025-13075 2025-11-12 MEDIUM 4.7 A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Impacted is an unknown function of the file /admin/usersettingdel.php. Performing manipulation of the argument eid results in sql…
CVE-2023-7326 2025-11-12 N/A 0.0 The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed…
CVE-2022-4982 2025-11-12 N/A 0.0 DBLTek GoIP-1 firmware versions up to and including GHSFVT-1.1-67-5 contain a local file inclusion vulnerability. The device's web server exposes handlers (`frame.html` and `frame.A100.html`) that accept a path…
CVE-2011-10034 2025-11-12 N/A 0.0 AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer…
CVE-2025-41069 2025-11-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in DeporSite of T-INNOVA. This vulnerability allows an attacker to access or modify unauthorized resources by manipulating requests using the 'idUsuario' parameter…
CVE-2025-13116 2025-11-13 MEDIUM 5.4 A weakness has been identified in macrozheng mall-swarm up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead…
CVE-2025-13115 2025-11-13 MEDIUM 4.3 A security flaw has been discovered in macrozheng mall-swarm up to 1.0.3. This impacts the function detail of the file /order/detail/ of the component Order Details Handler. Performing…
« Anterior Página 656 de 4296 Siguiente »