Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-43829 2025-10-08 N/A 0.0 Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4…
CVE-2025-11478 2025-10-08 MEDIUM 6.3 A weakness has been identified in SourceCodester Farm Management System 1.0. This issue affects some unknown processing of the file /myCart.php. This manipulation of the argument pid causes…
CVE-2025-11477 2025-10-08 HIGH 7.3 A security flaw has been discovered in SourceCodester Wedding Reservation Management System 1.0. This vulnerability affects unknown code of the file /global.php. The manipulation of the argument User…
CVE-2025-11476 2025-10-08 HIGH 7.3 A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql…
CVE-2025-60298 2025-10-08 MEDIUM 5.4 Novel-Plus up to 5.2.4 was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability via the /author/updateIndexName endpoint. This vulnerability allows authenticated attackers to inject malicious JavaScript code…
CVE-2025-43821 2025-10-08 N/A 0.0 Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4…
CVE-2025-11475 2025-10-08 HIGH 7.3 A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing manipulation of the argument…
CVE-2025-10649 2025-10-08 MEDIUM 6.5 The Welcart e-Commerce plugin for WordPress is vulnerable to SQL Injection via the cookie in all versions up to, and including, 2.11.21 due to insufficient escaping on the…
CVE-2025-10353 2025-10-08 N/A 0.0 File upload leading to remote code execution (RCE) in the “melis-cms-slider” module of Melis Technology's Melis Platform. This vulnerability allows an attacker to upload a malicious file via…
CVE-2025-10352 2025-10-08 N/A 0.0 Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'.
CVE-2025-10351 2025-10-08 N/A 0.0 SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through…
CVE-2025-11469 2025-10-08 MEDIUM 6.3 A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the…
CVE-2025-11445 2025-10-08 MEDIUM 6.3 A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in…
CVE-2025-11444 2025-10-08 HIGH 8.8 A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such…
CVE-2025-11443 2025-10-08 LOW 3.7 A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation…
CVE-2025-11442 2025-10-08 MEDIUM 4.3 A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in…
CVE-2025-48464 2025-10-08 MEDIUM 4.7 Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
CVE-2025-11441 2025-10-08 LOW 3.7 A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument…
CVE-2025-11440 2025-10-08 MEDIUM 4.3 A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The…
CVE-2025-11439 2025-10-08 MEDIUM 4.3 A vulnerability was found in JhumanJ OpnForm up to 1.9.3. This issue affects some unknown processing of the file /show/integrations. Performing manipulation results in missing authorization. Remote exploitation…
CVE-2025-11438 2025-10-08 MEDIUM 6.3 A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads…
CVE-2025-11437 2025-10-08 LOW 2.4 A flaw has been found in JhumanJ OpnForm up to 1.9.3. This affects an unknown part of the file /api/open/forms/ of the component Form Editor. This manipulation causes…
CVE-2025-11436 2025-10-08 MEDIUM 6.3 A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload.…
CVE-2025-11435 2025-10-08 MEDIUM 4.3 A security vulnerability has been detected in JhumanJ OpnForm up to 1.9.3. Affected by this vulnerability is an unknown functionality of the file /show/submissions. The manipulation leads to…
CVE-2025-11171 2025-10-08 MEDIUM 5.3 The Chartify – WordPress Chart Plugin for WordPress is vulnerable to Missing Authentication for Critical Function in all versions up to, and including, 3.5.9. This is due to…
CVE-2025-10635 2025-10-08 HIGH 7.7 The Find Me On WordPress plugin through 2.0.9.1 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers and above to perform…
CVE-2025-11434 2025-10-08 HIGH 7.3 A weakness has been identified in itsourcecode Student Transcript Processing System 1.0. Affected is an unknown function of the file /login.php. Executing manipulation of the argument uname can…
CVE-2025-11433 2025-10-08 LOW 3.5 A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing…
CVE-2025-11432 2025-10-08 HIGH 7.3 A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql…
CVE-2025-11204 2025-10-08 HIGH 7.2 The RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 6.0.6.2…
CVE-2025-11431 2025-10-08 MEDIUM 6.3 A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument…
CVE-2025-11430 2025-10-08 HIGH 7.3 A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results…
CVE-2025-10587 2025-10-08 CRITICAL 9.8 The Community Events plugin for WordPress is vulnerable to SQL Injection via the event_category parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on…
CVE-2025-10494 2025-10-08 HIGH 8.1 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation when deleting profile pictures…
CVE-2025-11426 2025-10-08 MEDIUM 6.3 A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of…
CVE-2025-11425 2025-10-08 LOW 2.4 A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to…
CVE-2025-61787 2025-10-08 HIGH 8.1 Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions prior to 2.5.3 and 2.2.15 are vulnerable to Command Line Injection attacks on Windows when batch files are executed.…
CVE-2025-11424 2025-10-08 HIGH 7.3 A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can…
CVE-2025-11423 2025-10-08 CRITICAL 9.8 A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing manipulation of the argument page results in memory corruption. The…
CVE-2025-11422 2025-10-08 HIGH 7.3 A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the…
CVE-2025-11421 2025-10-08 LOW 3.5 A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument Firstname/Lastname/Platform causes…
CVE-2025-61786 2025-10-08 LOW 3.3 Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.stat` and `Deno.FsFile.prototype.statSync` are not limited by the permission model check `--deny-read=./`. It's…
CVE-2025-61785 2025-10-08 LOW 3.3 Deno is a JavaScript, TypeScript, and WebAssembly runtime. In versions prior to 2.5.3 and 2.2.15, `Deno.FsFile.prototype.utime` and `Deno.FsFile.prototype.utimeSync` are not limited by the permission model check `--deny-write=./`. It's…
CVE-2025-48981 2025-10-08 HIGH 8.6 An insecure implementation of the proprietary protocol DNET in Product CGM MEDICO allows attackers within the intranet to eavesdrop and manipulate data on the protocol because encryption is…
CVE-2025-11420 2025-10-08 HIGH 7.3 A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/edit_order_details.php. The manipulation of the argument order_id results in sql injection.…
CVE-2025-11418 2025-10-08 CRITICAL 9.8 A security vulnerability has been detected in Tenda CH22 up to 1.0.0.1. This issue affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP Request Handler.…
CVE-2025-61999 2025-10-08 MEDIUM 4.3 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to upload JavaScript or other content embedded in an SVG image used as a logo. Injected content is executed in…
CVE-2025-61998 2025-10-08 MEDIUM 4.3 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content as a URL within the Technical Support Hyperlink Manager. Injected content is executed in…
CVE-2025-61997 2025-10-08 MEDIUM 4.3 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Enterprise Banner image upload field. Injected content is executed in…
CVE-2025-61996 2025-10-08 MEDIUM 4.3 OPEXUS FOIAXpress before 11.13.3.0 allows an administrative user to inject JavaScript or other content within the Annual Report Template. Injected content is executed in the context of other…
« Anterior Página 760 de 4304 Siguiente »