Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-55035 2025-10-16 MEDIUM 6.1 Mattermost Desktop App versions
CVE-2025-61536 2025-10-16 HIGH 8.2 FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit…
CVE-2025-11851 2025-10-16 LOW 3.5 A vulnerability has been found in Apeman ID71 EN75.8.53.20. The affected element is an unknown function of the file /set_alias.cgi. Such manipulation of the argument alias leads to…
CVE-2025-11842 2025-10-16 MEDIUM 6.3 A security vulnerability has been detected in Shazwazza Smidge up to 4.5.1. The impacted element is an unknown function of the component Bundle Handler. The manipulation of the…
CVE-2025-11840 2025-10-16 LOW 3.3 A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing manipulation can lead to out-of-bounds read. The…
CVE-2025-36002 2025-10-16 MEDIUM 5.5 IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be…
CVE-2025-22381 2025-10-16 HIGH 8.2 Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user's password.
CVE-2024-56143 2025-10-16 HIGH 8.2 Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query…
CVE-2025-41254 2025-10-16 MEDIUM 4.3 STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 -…
CVE-2025-41253 2025-10-16 HIGH 7.5 The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be…
CVE-2025-11839 2025-10-16 LOW 3.3 A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing manipulation results in unchecked return value. The attack…
CVE-2025-9955 2025-10-16 MEDIUM 5.7 An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration.…
CVE-2025-9804 2025-10-16 CRITICAL 9.6 An improper access control vulnerability exists in multiple WSO2 products due to insufficient permission enforcement in certain internal SOAP Admin Services and System REST APIs. A low-privileged user…
CVE-2025-9152 2025-10-16 CRITICAL 9.8 An improper privilege management vulnerability exists in WSO2 API Manager due to missing authentication and authorization checks in the keymanager-operations Dynamic Client Registration (DCR) endpoint. A malicious user…
CVE-2025-10611 2025-10-16 CRITICAL 9.8 Due to an insufficient access control implementation in multiple WSO2 Products, authentication and authorization checks for certain REST APIs can be bypassed, allowing them to be invoked without…
CVE-2025-3930 2025-10-16 N/A 0.0 Strapi uses JSON Web Tokens (JWT) for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the…
CVE-2025-6338 2025-10-16 N/A 0.0 There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt…
CVE-2025-58426 2025-10-16 MEDIUM 4.3 desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications.
CVE-2025-58079 2025-10-16 MEDIUM 4.3 Improper Protection of Alternate Path (CWE-424) in the AppSuite of desknet's NEO V4.0R1.0 to V9.0R2.0 allows an attacker to create malicious AppSuite applications.
CVE-2025-55072 2025-10-16 MEDIUM 5.4 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
CVE-2025-54859 2025-10-16 MEDIUM 4.8 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
CVE-2025-54760 2025-10-16 MEDIUM 5.4 Stored cross-site scripting (XSS) vulnerability in desknet's NEO V9.0R2.0 and earlier allow execution of arbitrary JavaScript in a user’s web browser.
CVE-2025-52583 2025-10-16 MEDIUM 6.1 Reflected cross-site scripting (XSS) vulnerability in desknet's Web Server allows execution of arbitrary JavaScript in a user’s web browser.
CVE-2025-24833 2025-10-16 MEDIUM 5.4 Stored cross-site scripting (XSS) vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser.
CVE-2025-61581 2025-10-16 N/A 0.0 ** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management…
CVE-2025-58115 2025-10-16 MEDIUM 6.1 ChatLuck contains a cross-site scripting vulnerability in Guest User Sign-up. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing…
CVE-2025-58075 2025-10-16 HIGH 8.1 Mattermost versions 10.11.x
CVE-2025-58073 2025-10-16 HIGH 8.1 Mattermost versions 10.11.x
CVE-2025-54539 2025-10-16 CRITICAL 9.8 A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including…
CVE-2025-54499 2025-10-16 LOW 3.1 Mattermost versions 10.5.x
CVE-2025-54461 2025-10-16 MEDIUM 5.3 ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user.
CVE-2025-53858 2025-10-16 MEDIUM 5.4 ChatLuck contains a cross-site scripting vulnerability in Chat Rooms. If exploited, an arbitrary script may be executed on the web browser of the user who is accessing the…
CVE-2025-41410 2025-10-16 MEDIUM 5.4 Mattermost versions 10.10.x
CVE-2025-10545 2025-10-16 LOW 3.1 Mattermost versions 10.5.x
CVE-2025-0277 2025-10-16 MEDIUM 6.5 HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not…
CVE-2025-0276 2025-10-16 MEDIUM 6.5 HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing…
CVE-2025-55091 2025-10-16 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an…
CVE-2025-41443 2025-10-16 MEDIUM 4.3 Mattermost versions 10.5.x
CVE-2025-41021 2025-10-16 N/A 0.0 Stored Cross-Site Scripting (XSS) in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request…
CVE-2025-41020 2025-10-16 N/A 0.0 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticket_a4.php'.
CVE-2025-41019 2025-10-16 N/A 0.0 SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticket_detail'.
CVE-2025-41018 2025-10-16 N/A 0.0 SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'.
CVE-2025-62585 2025-10-16 HIGH 7.5 Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
CVE-2025-62584 2025-10-16 HIGH 7.5 Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
CVE-2025-62583 2025-10-16 CRITICAL 9.8 Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
CVE-2025-55090 2025-10-16 N/A 0.0 In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an…
CVE-2025-55089 2025-10-16 N/A 0.0 In FileX before 6.4.2, the file support module for Eclipse Foundation ThreadX, there was a possible buffer overflow in the FileX RAM disk driver. It could cause a…
CVE-2025-55084 2025-10-16 N/A 0.0 In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
CVE-2025-10850 2025-10-16 CRITICAL 9.8 The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register'…
CVE-2025-10849 2025-10-16 MEDIUM 5.3 The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' function called via an AJAX action…
« Anterior Página 76 de 3643 Siguiente »