Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62263 2025-10-27 N/A 0.0 Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 service pack 3 through update…
CVE-2025-61105 2025-10-27 N/A 0.0 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of…
CVE-2025-61101 2025-10-27 N/A 0.0 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of…
CVE-2025-61247 2025-10-27 HIGH 8.2 indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php.
CVE-2025-59151 2025-10-27 HIGH 8.2 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return…
CVE-2025-58356 2025-10-27 N/A 0.0 Constellation is the first Confidential Kubernetes. The Constellation CVM image uses LUKS2-encrypted volumes for persistent storage. When opening an encrypted storage device, the CVM uses the libcryptsetup function…
CVE-2025-60791 2025-10-27 MEDIUM 6.2 Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt.…
CVE-2025-60425 2025-10-27 HIGH 8.6 Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the two-factor authentication mechanism is enabled, allowing attackers to perform a session hijacking attack.
CVE-2025-52268 2025-10-27 HIGH 7.5 StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens.
CVE-2025-12315 2025-10-27 MEDIUM 4.7 A vulnerability was determined in code-projects Food Ordering System 1.0. This affects an unknown function of the file /admin/menu.php. Executing manipulation of the argument itemPrice can lead to…
CVE-2025-12314 2025-10-27 MEDIUM 4.7 A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results…
CVE-2025-12313 2025-10-27 MEDIUM 6.3 A vulnerability has been found in D-Link DI-7001 MINI 19.09.19A1/24.04.18B1. The affected element is an unknown function of the file /msp_info.htm. Such manipulation of the argument cmd leads…
CVE-2025-12312 2025-10-27 LOW 2.4 A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. Impacted is an unknown function of the file view-pass-detail.php. This manipulation of the argument Fullname/Category causes…
CVE-2025-12311 2025-10-27 LOW 2.4 A vulnerability was detected in PHPGurukul Curfew e-Pass Management System 1.0. This issue affects some unknown processing of the file edit-category-detail.php. The manipulation of the argument catname results…
CVE-2025-12310 2025-10-27 MEDIUM 5.3 A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation…
CVE-2023-49440 2025-10-27 MEDIUM 6.5 AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."
CVE-2023-37749 2025-10-27 MEDIUM 5.3 Incorrect access control in the REST API endpoint of HubSpot v1.29441 allows unauthenticated attackers to view users' data without proper authorization.
CVE-2025-62253 2025-10-27 N/A 0.0 Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92,…
CVE-2025-61100 2025-10-27 N/A 0.0 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of…
CVE-2025-61795 2025-10-27 MEDIUM 5.3 Improper Resource Shutdown or Release vulnerability in Apache Tomcat. If an error occurred (including exceeding limits) during the processing of a multipart upload, temporary copies of the uploaded…
CVE-2025-61099 2025-10-27 N/A 0.0 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of…
CVE-2025-53533 2025-10-27 N/A 0.0 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions 6.2.1 and earlier are vulnerable to…
CVE-2025-60983 2025-10-27 MEDIUM 5.4 Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For Customers Information" endpoints.
CVE-2025-60982 2025-10-27 MEDIUM 5.4 IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via manipulated object references. Affected endpoints do not enforce proper authorization checks, allowing authenticated users…
CVE-2025-54965 2025-10-27 MEDIUM 6.1 An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not properly sanitize the job ID parameter before using it…
CVE-2025-54969 2025-10-27 MEDIUM 6.1 An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not implement CSRF protections. An attacker who social engineers a valid…
CVE-2025-46602 2025-10-27 MEDIUM 4.4 Dell SupportAssist OS Recovery, versions prior to 5.5.15.0, contain an Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability. A low privileged attacker with local access could…
CVE-2025-36170 2025-10-27 MEDIUM 6.4 IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript…
CVE-2025-36138 2025-10-27 MEDIUM 6.4 IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript…
CVE-2025-36007 2025-10-27 HIGH 7.8 IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.
CVE-2025-32785 2025-10-27 N/A 0.0 Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface versions prior to 6.3 are vulnerable to…
CVE-2025-12365 2025-10-27 N/A 0.0 Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12309 2025-10-27 HIGH 7.3 A weakness has been identified in code-projects Nero Social Networking Site 1.0. This affects an unknown part of the file /friendprofile.php. Executing manipulation of the argument ID can…
CVE-2025-12308 2025-10-27 HIGH 7.3 A security flaw has been discovered in code-projects Nero Social Networking Site 1.0. Affected by this issue is some unknown functionality of the file /deletemessage.php. Performing manipulation of…
CVE-2025-12307 2025-10-27 HIGH 7.3 A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument…
CVE-2025-27225 2025-10-27 HIGH 7.5 TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers.
CVE-2025-12306 2025-10-27 HIGH 7.3 A vulnerability was determined in code-projects Nero Social Networking Site 1.0. Affected is an unknown function of the file /acceptoffres.php. This manipulation of the argument ID causes sql…
CVE-2025-12305 2025-10-27 MEDIUM 6.3 A vulnerability was found in quequnlong shiyi-blog up to 1.2.1. This impacts an unknown function of the file src/main/java/com/mojian/controller/SysJobController.java of the component Job Handler. The manipulation results in…
CVE-2025-12304 2025-10-27 MEDIUM 4.3 A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation…
CVE-2025-12055 2025-10-27 HIGH 7.5 HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8…
CVE-2025-12233 2025-10-27 HIGH 8.8 A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing manipulation of the argument page can…
CVE-2025-12234 2025-10-27 HIGH 8.8 A vulnerability has been found in Tenda CH22 1.0.0.1. This affects the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page leads to buffer overflow.…
CVE-2025-12235 2025-10-27 HIGH 8.0 A vulnerability was found in Tenda CH22 1.0.0.1. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page results in buffer overflow.…
CVE-2025-12236 2025-10-27 HIGH 8.8 A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote…
CVE-2025-12237 2025-10-27 HIGH 7.3 A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to…
CVE-2025-12238 2025-10-27 MEDIUM 6.3 A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument…
CVE-2025-61482 2025-10-27 HIGH 7.2 Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app…
CVE-2025-55752 2025-10-27 HIGH 7.5 Relative Path Traversal vulnerability in Apache Tomcat. The fix for bug 60013 introduced a regression where the rewritten URL was normalized before it was decoded. This introduced the…
CVE-2025-12364 2025-10-27 N/A 0.0 Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12363 2025-10-27 N/A 0.0 Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
« Anterior Página 709 de 4303 Siguiente »