Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-62393 2025-10-23 MEDIUM 4.3 A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses…
CVE-2025-11128 2025-10-23 MEDIUM 5.0 The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions…
CVE-2025-11023 2025-10-23 CRITICAL 9.8 Inclusion of Functionality from Untrusted Control Sphere, Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ArkSigner Software and Hardware Inc.…
CVE-2025-10705 2025-10-23 MEDIUM 5.3 The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.4.6. This is due…
CVE-2024-14011 2025-10-23 N/A 0.0 Rejected reason: This is a duplicate.
CVE-2025-60338 2025-10-22 HIGH 7.5 Tenda AC6 V2.0 15.03.06.50 was discovered to contain a stack overflow in the page parameter in the DhcpListClient function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-62401 2025-10-23 MEDIUM 5.4 An issue in Moodle’s timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.
CVE-2025-62400 2025-10-23 MEDIUM 4.3 Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted…
CVE-2025-62399 2025-10-23 HIGH 7.5 Moodle’s mobile and web service authentication endpoints did not sufficiently restrict repeated password attempts, making them susceptible to brute-force attacks.
CVE-2025-62397 2025-10-23 MEDIUM 5.3 The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.
CVE-2025-62396 2025-10-23 MEDIUM 5.3 An error-handling issue in the Moodle router (r.php) could cause the application to display internal directory listings when specific HTTP headers were not properly configured.
CVE-2025-62395 2025-10-23 MEDIUM 4.3 A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data.
CVE-2025-62394 2025-10-23 MEDIUM 4.3 Moodle failed to verify enrolment status correctly when sending quiz notifications. As a result, suspended or inactive users might receive quiz-related messages, leaking limited course information.
CVE-2025-10355 2025-10-23 N/A 0.0 Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker to create a malicious URL using a manipulated redirection parameter, potentially leading users to phishing sites…
CVE-2025-41073 2025-10-23 N/A 0.0 Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including…
CVE-2025-40643 2025-10-23 N/A 0.0 Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by…
CVE-2025-9981 2025-10-23 N/A 0.0 QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-9980 2025-10-23 N/A 0.0 QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be…
CVE-2025-12105 2025-10-23 HIGH 7.5 A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations…
CVE-2025-10914 2025-10-23 HIGH 7.6 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. Co. OBS (Student Affairs Information System) allows Reflected XSS.This issue affects…
CVE-2025-10727 2025-10-23 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS.This issue affects AcBakImzala: before v5.1.4.
CVE-2023-53701 2025-10-22 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-62499 2025-10-23 MEDIUM 4.8 Movable Type contains a stored cross-site scripting vulnerability in Edit CategorySet of ContentType page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary…
CVE-2025-61865 2025-10-23 MEDIUM 6.7 NarSuS App registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary…
CVE-2025-54856 2025-10-23 MEDIUM 4.8 Movable Type contains a stored cross-site scripting vulnerability in Edit ContentData page. If crafted input is stored by an attacker with "ContentType Management" privilege, an arbitrary script may…
CVE-2025-54806 2025-10-23 MEDIUM 6.1 GROWI v4.2.7 and earlier contains a cross-site scripting vulnerability in the page alert function. If a user accesses a crafted URL while logged in to the affected product,…
CVE-2025-62820 2025-10-23 MEDIUM 4.9 Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.
CVE-2025-62813 2025-10-23 MEDIUM 5.9 LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example,…
CVE-2025-48430 2025-10-23 MEDIUM 5.5 Uncaught Exception (CWE-248) in the Command Centre Server allows an Authorized and Privileged Operator to crash the Command Centre Server at will. This issue affects Command Centre Server:…
CVE-2025-48428 2025-10-23 MEDIUM 6.7 Cleartext Storage of Sensitive Information (CWE-312) in the Gallagher Morpho integration could allow an authenticated user with access to the Command Centre Server to export a specific signing…
CVE-2025-47699 2025-10-23 CRITICAL 9.9 Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) in the Gallagher Morpho integration could allow an authenticated operator with limited site permissions to make critical…
CVE-2025-41402 2025-10-23 MEDIUM 5.5 Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre…
CVE-2025-35981 2025-10-23 MEDIUM 5.5 Exposure of Private Personal Information to an Unauthorized Actor (CWE-359) in the Command Centre Server allows a privileged Operator to view limited personal data about a Cardholder they…
CVE-2025-12104 2025-10-23 N/A 0.0 Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-62812 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62811 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62810 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62809 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62808 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62807 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62806 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62805 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62804 2025-10-23 N/A 0.0 Rejected reason: Not used
CVE-2025-62710 2025-10-22 LOW 2.6 Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a…
CVE-2025-62708 2025-10-22 N/A 0.0 pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory…
CVE-2025-62707 2025-10-22 N/A 0.0 pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite…
CVE-2025-62706 2025-10-22 MEDIUM 6.5 Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext…
CVE-2025-62705 2025-10-22 N/A 0.0 OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters…
CVE-2025-62617 2025-10-22 HIGH 7.2 Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated…
CVE-2025-62614 2025-10-22 N/A 0.0 BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated…
« Anterior Página 719 de 4303 Siguiente »