Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2021-4461 2025-10-30 N/A 0.0 Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session…
CVE-2025-6075 2025-10-31 N/A 0.0 If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
CVE-2025-64362 2025-10-31 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen K Elements k-elements allows DOM-Based XSS.This issue affects K Elements: from n/a through < 5.5.0.
CVE-2025-64361 2025-10-31 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows DOM-Based XSS.This issue affects Consulting Elementor Widgets: from n/a through
CVE-2025-64360 2025-10-31 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting Elementor Widgets consulting-elementor-widgets allows PHP Local File Inclusion.This issue affects…
CVE-2025-64359 2025-10-31 HIGH 7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in StylemixThemes Consulting consulting allows PHP Local File Inclusion.This issue affects Consulting: from…
CVE-2025-64358 2025-10-31 MEDIUM 4.3 Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Coupons for WooCommerce: from n/a through
CVE-2025-64357 2025-10-31 MEDIUM 4.3 Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-database-cleaner allows Cross Site Request Forgery.This issue affects Advanced Database Cleaner: from n/a through
CVE-2025-64356 2025-10-31 MEDIUM 4.3 Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Insert PHP Code Snippet: from n/a through
CVE-2025-64354 2025-10-31 MEDIUM 6.5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matias Ventura Gutenberg gutenberg allows Stored XSS.This issue affects Gutenberg: from n/a through
CVE-2025-63459 2025-10-31 N/A 0.0 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-62264 2025-10-31 N/A 0.0 Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through…
CVE-2025-64350 2025-10-31 LOW 3.8 Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rank Math SEO: from n/a through
CVE-2025-58149 2025-10-31 HIGH 7.5 When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain…
CVE-2025-58148 2025-10-31 HIGH 7.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as…
CVE-2025-58147 2025-10-31 HIGH 7.5 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as…
CVE-2025-63675 2025-10-31 MEDIUM 6.9 cryptidy through 1.2.4 allows code execution via untrusted data because pickle.loads is used. This occurs in aes_decrypt_message in symmetric_encryption.py.
CVE-2025-64116 2025-10-30 N/A 0.0 Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers…
CVE-2025-63463 2025-10-31 N/A 0.0 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63462 2025-10-31 N/A 0.0 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63461 2025-10-31 N/A 0.0 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63460 2025-10-31 N/A 0.0 Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-59501 2025-10-31 MEDIUM 4.8 Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker to perform spoofing over an adjacent network.
CVE-2025-63467 2025-10-31 N/A 0.0 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-63466 2025-10-31 N/A 0.0 Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-12554 2025-10-31 N/A 0.0 Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12553 2025-10-31 N/A 0.0 Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-60749 2025-10-31 HIGH 7.8 DLL Hijacking vulnerability in Trimble SketchUp desktop 2025 via crafted libcef.dll used by sketchup_webhelper.exe.
CVE-2025-12552 2025-10-31 N/A 0.0 Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12509 2025-10-31 HIGH 8.4 On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
CVE-2025-12508 2025-10-31 HIGH 8.4 When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
CVE-2025-12507 2025-10-31 HIGH 8.8 The service Bizerba Communication Server (BCS) has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed.
CVE-2025-12357 2025-10-31 HIGH 8.3 By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with…
CVE-2025-64389 2025-10-31 N/A 0.0 The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
CVE-2025-64388 2025-10-31 N/A 0.0 Denial of service of the web server through specific requests to this protocol
CVE-2025-64387 2025-10-31 N/A 0.0 The web application is vulnerable to a so-called ‘clickjacking’ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in…
CVE-2025-64385 2025-10-31 N/A 0.0 The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturer’s software. Using the manufacturer's software, the device can…
CVE-2025-64168 2025-10-31 HIGH 7.1 Agno is a multi-agent framework, runtime and control plane. From 2.0.0 to before 2.2.2, under high concurrency, when session_state is passed to Agent or Team during run or…
CVE-2025-12501 2025-10-31 HIGH 7.5 Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in…
CVE-2025-64386 2025-10-31 N/A 0.0 The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will…
CVE-2025-62232 2025-10-31 HIGH 7.5 Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This…
CVE-2025-52665 2025-10-31 CRITICAL 10.0 A malicious actor with access to the management network could exploit a misconfiguration in UniFi’s door access application, UniFi Access, that exposed a management API without proper authentication.…
CVE-2025-12521 2025-10-31 MEDIUM 5.3 The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes…
CVE-2025-12460 2025-10-31 N/A 0.0 An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img…
CVE-2025-11191 2025-10-31 MEDIUM 5.3 The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission checks, allowing the creation of pages and sending of emails from the site.
CVE-2021-47692 2025-10-30 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. It has been identified as a duplicate of  https://www.cve.org/CVERecord?id=CVE-2021-33179 .
CVE-2025-4952 2025-10-31 N/A 0.0 Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the…
CVE-2025-36249 2025-10-31 LOW 3.7 IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie…
CVE-2025-33003 2025-10-31 HIGH 7.8 IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.
CVE-2024-13992 2025-10-31 N/A 0.0 Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user visits the "missing page" (404) page after following a link from…
« Anterior Página 694 de 4302 Siguiente »