Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62250 2025-10-21 N/A 0.0 Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update…
CVE-2025-60280 2025-10-21 MEDIUM 6.1 Cross-Site Scripting (XSS) vulnerability in Bang Resto v1.0 could allow an attacker to inject malicious JavaScript code into the application's web pages. This vulnerability exists due to insufficient…
CVE-2025-22166 2025-10-21 N/A 0.0 This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center. This DoS (Denial of Service) vulnerability, with a CVSS Score of…
CVE-2025-59438 2025-10-21 MEDIUM 5.3 Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.
CVE-2022-4981 2025-10-21 LOW 3.3 A vulnerability was detected in DCMTK up to 3.6.7. The impacted element is the function DcmQueryRetrieveConfig::readPeerList of the file /dcmqrcnf.cc of the component dcmqrscp. The manipulation results in…
CVE-2020-36855 2025-10-21 MEDIUM 5.3 A security vulnerability has been detected in DCMTK up to 3.6.5. The affected element is the function parseQuota of the component dcmqrscp. The manipulation of the argument StorageQuota…
CVE-2025-9339 2025-10-21 N/A 0.0 SQL injection vulnerability in the fields of warehouse document filtering form in SIMPLE.ERP software allows logged-in user to send a payload of up to 20 characters. Identified use…
CVE-2025-11625 2025-10-21 N/A 0.0 Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials.
CVE-2025-11624 2025-10-21 N/A 0.0 Potential stack buffer overwrite on the SFTP server side when receiving a malicious packet that has a handle size larger than the system handle or file descriptor size,…
CVE-2025-11151 2025-10-21 HIGH 8.2 Exposure of Sensitive Information to an Unauthorized Actor, Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Beyaz Bilgisayar Software Design Industry and Trade Ltd.…
CVE-2025-6239 2025-10-21 MEDIUM 6.5 Zohocorp ManageEngine Applications Manager versions 176800 and below are vulnerable to information disclosure in File/Directory monitor.
CVE-2025-10020 2025-10-21 CRITICAL 9.9 Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component.
CVE-2025-9428 2025-10-21 HIGH 8.3 Zohocorp ManageEngine Analytics Plus versions 6171 and prior are vulnerable to authenticated SQL Injection via the key update api.
CVE-2025-10641 2025-10-21 N/A 0.0 All WorkExaminer Professional traffic between monitoring client, console and server is transmitted as plain text. This allows an attacker with access to the network to read the transmitted…
CVE-2025-10640 2025-10-21 N/A 0.0 An unauthenticated attacker with access to TCP port 12306 of the WorkExaminer server can exploit missing server-side authentication checks to bypass the login prompt in the WorkExaminer Professional…
CVE-2025-10639 2025-10-21 N/A 0.0 The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this…
CVE-2025-7473 2025-10-21 MEDIUM 5.2 Zohocorp ManageEngine EndPoint Central versions 11.4.2516.1 and prior are vulnerable to XML Injection.
CVE-2025-5496 2025-10-21 LOW 3.3 ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
CVE-2025-10612 2025-10-21 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in giSoft Information Technologies City Guide allows Reflected XSS.This issue affects City Guide: before 1.4.45.
CVE-2025-26392 2025-10-21 MEDIUM 5.4 SolarWinds Observability Self-Hosted is susceptible to SQL injection vulnerability that may display sensitive data using a low-level account. This vulnerability requires authentication from a low-privilege account.
CVE-2025-12004 2025-10-21 N/A 0.0 Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki -…
CVE-2025-11949 2025-10-21 HIGH 7.5 EasyFlow .NET and EasyFlow AiNet, developed by Digiwin, has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to obtain database administrator credentials via a specific functionality.
CVE-2025-10916 2025-10-21 CRITICAL 9.1 The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary…
CVE-2025-62702 2025-10-21 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - PageTriage Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-62701 2025-10-21 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - Wikistories allows Stored XSS.This issue affects Mediawiki - Wikistories:…
CVE-2025-62696 2025-10-21 N/A 0.0 Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in The Wikimedia Foundation Mediawiki Foundation - Springboard Extension allows Command Injection.This issue affects Mediawiki Foundation…
CVE-2025-62695 2025-10-21 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation Mediawiki - WikiLambda Extension allows Stored XSS.This issue affects Mediawiki -…
CVE-2025-9133 2025-10-21 HIGH 8.1 A missing authorization vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series firmware…
CVE-2025-8078 2025-10-21 HIGH 7.2 A post-authentication command injection vulnerability in Zyxel ATP series firmware versions from V4.32 through V5.40, USG FLEX series firmware versions from V4.50 through V5.40, USG FLEX 50(W) series…
CVE-2025-7851 2025-10-21 N/A 0.0 An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
CVE-2025-7850 2025-10-21 N/A 0.0 A command injection vulnerability may be exploited after the admin's authentication on the web portal on Omada gateways.
CVE-2025-6542 2025-10-21 N/A 0.0 An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
CVE-2025-6541 2025-10-21 N/A 0.0 An arbitrary OS command may be executed on the product by the user who can log in to the web management interface.
CVE-2025-54764 2025-10-20 MEDIUM 6.2 Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.
CVE-2025-12001 2025-10-20 N/A 0.0 Lack of application manifest sanitation could lead to potential stored XSS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-11536 2025-10-20 MEDIUM 5.0 The Element Pack Addons for Elementor plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 8.2.5 via the wp_ajax_import_elementor_template action.…
CVE-2018-25118 2025-10-20 N/A 0.0 GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. VulnCheck has observed…
CVE-2025-62658 2025-10-20 N/A 0.0 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in The Wikimedia Foundation MediaWiki WatchAnalytics extension allows SQL Injection.This issue affects MediaWiki WatchAnalytics extension:…
CVE-2025-62657 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki PageForms extension allows Stored XSS.This issue affects MediaWiki PageForms extension:…
CVE-2025-62656 2025-10-20 N/A 0.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Wikimedia Foundation MediaWiki GlobalBlocking extension allows Stored XSS.This issue affects MediaWiki GlobalBlocking extension:…
CVE-2025-61303 2025-10-20 CRITICAL 9.8 Hatching Triage Sandbox Windows 10 build 2004 (2025-08-14) and Windows 10 LTSC 2021(2025-08-14) contains a vulnerability in its Windows behavioral analysis engine that allows a submitted malware sample…
CVE-2025-61301 2025-10-20 HIGH 7.5 Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 (commit 52e4b43, on 2025-05-17) allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply…
CVE-2025-60783 2025-10-20 MEDIUM 6.5 There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL…
CVE-2025-60781 2025-10-20 MEDIUM 6.1 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) in the worksheet.php file via the participant_name parameter.
CVE-2025-12024 2025-10-21 N/A 0.0 Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been…
CVE-2025-60856 2025-10-20 MEDIUM 6.8 Reolink Video Doorbell WiFi DB_566128M5MP_W allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary…
CVE-2025-62684 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62683 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62682 2025-10-21 N/A 0.0 Rejected reason: Not used
CVE-2025-62681 2025-10-21 N/A 0.0 Rejected reason: Not used
« Anterior Página 67 de 3641 Siguiente »