Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58429 2025-10-23 HIGH 7.5 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-62256 2025-10-23 N/A 0.0 Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions…
CVE-2025-62688 2025-10-23 HIGH 7.1 An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their…
CVE-2025-62498 2025-10-23 HIGH 8.8 A relative path traversal (ZipSlip) vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute…
CVE-2025-61977 2025-10-23 HIGH 7.0 A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by…
CVE-2025-61934 2025-10-23 CRITICAL 10.0 A binding to an unrestricted IP address vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService…
CVE-2025-59503 2025-10-23 CRITICAL 9.9 Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
CVE-2025-59500 2025-10-23 HIGH 7.7 Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2025-59273 2025-10-23 HIGH 7.3 Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-58456 2025-10-23 MEDIUM 6.8 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-58078 2025-10-23 HIGH 7.5 A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and…
CVE-2025-60859 2025-10-23 MEDIUM 6.1 Cross Site Scripting (XSS) vulnerability in Gnuboard 5.6.15 allows authenticated attackers to execute arbitrary code via crafted c_id parameter in bbs/view_comment.php.
CVE-2025-60837 2025-10-23 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability in MCMS v6.0.1 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
CVE-2025-61464 2025-10-23 MEDIUM 6.5 gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the search_table in bbs/search.php.
CVE-2025-57240 2025-10-23 MEDIUM 6.1 Cross site scripting (XSS) vulnerability in 17gz International Student service system 1.0 allows attackers to execute arbitrary code via the registration step.
CVE-2025-12100 2025-10-23 HIGH 7.8 Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6.
CVE-2025-62517 2025-10-23 MEDIUM 5.9 Rollbar.js offers error tracking and logging from Javascript to Rollbar. In versions before 2.26.5 and from 3.0.0-alpha1 to before 3.0.0-beta5, there is a prototype pollution vulnerability in merge().…
CVE-2025-62236 2025-10-23 MEDIUM 5.3 The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email…
CVE-2025-58428 2025-10-23 CRITICAL 9.9 The TLS4B ATG system's SOAP-based interface is vulnerable due to its accessibility through the web services handler. This vulnerability enables remote attackers with valid credentials to execute system-level…
CVE-2025-57848 2025-10-23 MEDIUM 5.2 A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In…
CVE-2025-55067 2025-10-23 HIGH 7.1 The TLS4B ATG system is vulnerable to improper handling of Unix time values that exceed the 2038 epoch rollover. When the system clock reaches January 19, 2038, it…
CVE-2025-12044 2025-10-23 HIGH 7.5 Vault and Vault Enterprise (“Vault”) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for…
CVE-2025-6980 2025-10-23 HIGH 7.5 Captive Portal can expose sensitive information
CVE-2025-6979 2025-10-23 HIGH 8.8 Captive Portal can allow authentication bypass
CVE-2025-6978 2025-10-23 HIGH 7.2 Diagnostics command injection vulnerability
CVE-2025-62255 2025-10-23 N/A 0.0 Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5,…
CVE-2025-54808 2025-10-23 HIGH 7.8 Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 stores authentication tokens in a file located in the system's temporary directory (/tmp) on the host machine.…
CVE-2025-23352 2025-10-23 HIGH 7.8 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead…
CVE-2025-23347 2025-10-23 HIGH 7.8 NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of…
CVE-2025-23345 2025-10-23 MEDIUM 4.4 NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability…
CVE-2025-23332 2025-10-23 MEDIUM 5.0 NVIDIA Display Driver for Linux contains a vulnerability in a kernel module, where an attacker might be able to trigger a null pointer deference. A successful exploit of…
CVE-2025-23330 2025-10-23 MEDIUM 5.5 NVIDIA Display Driver for Linux contains a vulnerability where an attacker might be able to trigger a null pointer dereference. A successful exploit of this vulnerability might lead…
CVE-2025-23300 2025-10-23 MEDIUM 5.5 NVIDIA Display Driver for Linux contains a vulnerability in the kernel driver, where a user could cause a null pointer dereference by allocating a specific memory resource. A…
CVE-2025-11621 2025-10-23 HIGH 8.1 Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or…
CVE-2025-10937 2025-10-23 MEDIUM 5.5 Oxford Nanopore Technologies' MinKNOW software at or prior to version 24.11 creates a temporary file to store the local authentication token during startup, before copying it to its…
CVE-2025-62713 2025-10-23 N/A 0.0 Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode.…
CVE-2025-61136 2025-10-23 HIGH 7.1 A Host Header Injection vulnerability in the password reset component in axewater sharewarez v2.4.3 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of…
CVE-2025-61132 2025-10-23 HIGH 7.1 A Host Header Injection vulnerability in the password reset component in levlaz braindump v0.4.14 allows remote attackers to conduct password reset poisoning and account takeover via manipulation of…
CVE-2025-56009 2025-10-23 MEDIUM 5.3 Cross site request forgery (CSRF) vulnerability in KeeneticOS before 4.3 at "/rci" API endpoint allows attackers to take over the device via adding additional users with full permissions…
CVE-2025-56008 2025-10-23 MEDIUM 6.1 Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users…
CVE-2025-60852 2025-10-23 MEDIUM 6.5 A CSV Injection vulnerability existed in Instant Developer Foundation versions prior to 25.0.9600. Applications built with affected versions of the framework did not properly sanitize user-controlled input before…
CVE-2025-60336 2025-10-22 HIGH 7.5 A NULL pointer dereference in the sub_41773C function of TOTOLINK N600R v4.3.0cu.7866_B20220506 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2025-56007 2025-10-23 MEDIUM 6.5 CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to…
CVE-2025-34156 2025-10-23 N/A 0.0 Tibbo AggreGate Network Manager < 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information…
CVE-2025-34155 2025-10-23 N/A 0.0 Tibbo AggreGate Network Manager < 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not,…
CVE-2025-11575 2025-10-23 HIGH 7.8 Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0.
CVE-2025-62169 2025-10-23 HIGH 8.1 OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the…
CVE-2025-60341 2025-10-22 HIGH 7.5 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the ssid parameter in the fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-60340 2025-10-22 HIGH 7.5 Multiple buffer overflows in the SetClientState function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the limitSpeed,…
CVE-2025-60339 2025-10-22 HIGH 7.5 Multiple buffer overflow vulnerabilities in the openSchedWifi function of Tenda AC6 v.15.03.06.50 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the…
« Anterior Página 717 de 4303 Siguiente »