Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58073 2025-10-16 HIGH 8.1 Mattermost versions 10.11.x
CVE-2025-54539 2025-10-16 CRITICAL 9.8 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including…
CVE-2025-54499 2025-10-16 LOW 3.1 Mattermost versions 10.5.x
CVE-2025-54461 2025-10-16 MEDIUM 5.3 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user.
CVE-2025-53858 2025-10-16 MEDIUM 5.4 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the…
CVE-2025-41410 2025-10-16 MEDIUM 5.4 Mattermost versions 10.10.x
CVE-2025-10545 2025-10-16 LOW 3.1 Mattermost versions 10.5.x
CVE-2025-0277 2025-10-16 MEDIUM 6.5 HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not…
CVE-2025-0276 2025-10-16 MEDIUM 6.5 HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing…
CVE-2025-55091 2025-10-16 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an…
CVE-2025-41443 2025-10-16 MEDIUM 4.3 Mattermost versions 10.5.x
CVE-2025-41021 2025-10-16 N/A 0.0 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request…
CVE-2025-41020 2025-10-16 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.
CVE-2025-41019 2025-10-16 N/A 0.0 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.
CVE-2025-41018 2025-10-16 N/A 0.0 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.
CVE-2025-62585 2025-10-16 HIGH 7.5 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-62584 2025-10-16 HIGH 7.5 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-62583 2025-10-16 CRITICAL 9.8 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-55090 2025-10-16 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an…
CVE-2025-55089 2025-10-16 N/A 0.0 In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a…
CVE-2025-55084 2025-10-16 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
CVE-2025-10850 2025-10-16 CRITICAL 9.8 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register'…
CVE-2025-10849 2025-10-16 MEDIUM 5.3 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function called via an AJAX action…
CVE-2025-10742 2025-10-16 CRITICAL 9.8 The Truelysell Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.8.6. This is due to the plugin providing user-controlled…
CVE-2025-10706 2025-10-16 HIGH 8.8 The Classified Pro theme for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check in the 'cwp_addons_update_plugin_cb' function in all versions up to, and…
CVE-2025-58778 2025-10-16 HIGH 7.2 Multiple versions of RG-EST300 provided by Ruijie Networks provide SSH server functionality. It is not documented in the manual, and enabled in the initial configuration. Anyone with the…
CVE-2025-0275 2025-10-16 MEDIUM 5.3 HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal…
CVE-2025-11814 2025-10-16 MEDIUM 6.4 The Ultimate Addons for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to 3.21.1 (exclusive) due to insufficient input sanitization and output…
CVE-2025-0274 2025-10-16 MEDIUM 5.3 HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access…
CVE-2025-10700 2025-10-16 MEDIUM 4.3 The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.0. This is due to…
CVE-2025-62580 2025-10-16 HIGH 7.8 ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-62579 2025-10-16 HIGH 7.8 ASDA-Soft Stack-based Buffer Overflow Vulnerability
CVE-2025-11683 2025-10-16 MEDIUM 6.5 YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows…
CVE-2025-62375 2025-10-15 N/A 0.0 go-witness and witness are Go modules for generating attestations. In go-witness versions 0.8.6 and earlier and witness versions 0.9.2 and earlier the AWS attestor improperly verifies AWS EC2…
CVE-2025-11619 2025-10-15 HIGH 8.8 Improper certificate validation when connecting to gateways in Devolutions Server 2025.3.2 and earlier allows attackers in MitM position to intercept traffic.
CVE-2025-11568 2025-10-15 MEDIUM 4.4 A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this…
CVE-2025-11832 2025-10-15 N/A 0.0 Allocation of Resources Without Limits or Throttling vulnerability in Azure Access Technology BLU-IC2, Azure Access Technology BLU-IC4 allows Flooding.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-62410 2025-10-15 N/A 0.0 In versions before 20.0.2, it was found that --disallow-code-generation-from-strings is not sufficient for isolating untrusted JavaScript in happy-dom. The untrusted script and the rest of the application still…
CVE-2025-62382 2025-10-15 HIGH 7.7 Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.2, Frigate's export workflow allows an authenticated operator to nominate any…
CVE-2025-62381 2025-10-15 N/A 0.0 sveltekit-superforms makes SvelteKit forms a pleasure to use. sveltekit-superforms v2.27.3 and prior are susceptible to a prototype pollution vulnerability within the parseFormData function of formData.js. An attacker can…
CVE-2025-62371 2025-10-15 HIGH 7.4 OpenSearch Data Prepper as an open source data collector for observability data. In versions prior to 2.12.2, the OpenSearch sink and source plugins in Data Prepper trust all…
CVE-2025-55039 2025-10-15 MEDIUM 6.5 This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication…
CVE-2025-56749 2025-10-15 CRITICAL 9.4 Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading…
CVE-2025-56748 2025-10-15 MEDIUM 6.4 Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid…
CVE-2025-62380 2025-10-15 N/A 0.0 mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with…
CVE-2025-62378 2025-10-15 MEDIUM 6.1 CommandKit is the discord.js meta-framework for building Discord bots. In versions 1.2.0-rc.1 through 1.2.0-rc.11, a logic flaw exists in the message command handler that affects how the commandName…
CVE-2025-58133 2025-10-15 MEDIUM 5.3 Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2025-58132 2025-10-15 MEDIUM 4.1 Command injection in some Zoom Clients for Windows may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2025-54271 2025-10-15 MEDIUM 5.6 Creative Cloud Desktop versions 6.7.0.278 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to arbitrary file system write. A low-privileged attacker…
CVE-2025-20360 2025-10-15 MEDIUM 5.8 Multiple Cisco products are affected by a vulnerability in the Snort 3 HTTP Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine…
« Anterior Página 737 de 4304 Siguiente »