Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-11319 2025-10-06 MEDIUM 6.3 A weakness has been identified in nahiduddinahammed Hospital-Management-System-Website up to e6562429e14b2f88bd2139cae16e87b965024097. This issue affects some unknown processing of the file /delete.php. This manipulation of the argument ai causes…
CVE-2025-11318 2025-10-06 HIGH 7.3 A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This vulnerability affects unknown code of the file uploadWxFile.do. The manipulation of the…
CVE-2025-11317 2025-10-06 HIGH 7.3 A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort…
CVE-2025-11316 2025-10-06 HIGH 7.3 A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of…
CVE-2025-50538 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
CVE-2025-29192 2025-10-06 HIGH 8.2 Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
CVE-2025-11315 2025-10-06 HIGH 7.3 A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of…
CVE-2025-11314 2025-10-06 HIGH 7.3 A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument…
CVE-2025-11313 2025-10-06 HIGH 7.3 A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument…
CVE-2025-11312 2025-10-06 HIGH 7.3 A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort…
CVE-2025-11311 2025-10-06 HIGH 7.3 A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation…
CVE-2025-11310 2025-10-06 HIGH 7.3 A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of…
CVE-2025-11300 2025-10-05 HIGH 8.8 A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results…
CVE-2025-11299 2025-10-05 HIGH 8.8 A vulnerability was identified in Belkin F9K1015 1.00.10. The affected element is an unknown function of the file /goform/formWanTcpipSetup. The manipulation of the argument pppUserName leads to buffer…
CVE-2025-11298 2025-10-05 MEDIUM 6.3 A vulnerability was determined in Belkin F9K1015 1.00.10. Impacted is an unknown function of the file /goform/formSetWanStatic. Executing manipulation of the argument m_wan_ipaddr can lead to command injection.…
CVE-2025-11297 2025-10-05 HIGH 8.8 A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing manipulation of the argument webpage results in buffer overflow.…
CVE-2025-11296 2025-10-05 HIGH 8.8 A vulnerability has been found in Belkin F9K1015 1.00.10. This vulnerability affects unknown code of the file /goform/formPPTPSetup. Such manipulation of the argument pptpUserName leads to buffer overflow.…
CVE-2025-11295 2025-10-05 HIGH 8.8 A flaw has been found in Belkin F9K1015 1.00.10. This affects an unknown part of the file /goform/formPPPoESetup. This manipulation of the argument pppUserName causes buffer overflow. Remote…
CVE-2025-11294 2025-10-05 HIGH 8.8 A vulnerability was detected in Belkin F9K1015 1.00.10. Affected by this issue is some unknown functionality of the file /goform/formL2TPSetup. The manipulation of the argument L2TPUserName results in…
CVE-2025-11293 2025-10-05 HIGH 8.8 A security vulnerability has been detected in Belkin F9K1015 1.00.10. Affected by this vulnerability is an unknown functionality of the file /goform/formConnectionSetting. The manipulation of the argument max_Conn…
CVE-2025-11292 2025-10-05 MEDIUM 6.3 A weakness has been identified in Belkin F9K1015 1.00.10. Affected is an unknown function of the file /goform/formBSSetSitesurvey. Executing manipulation of the argument wan_ipaddr can lead to command…
CVE-2025-11291 2025-10-05 MEDIUM 4.3 A security flaw has been discovered in ixmaps website2017 up to 0c71cffa0162186bc057a76766bc97e9f5a3a2d0. This impacts an unknown function of the file /map.php of the component HTTP GET Request Handler.…
CVE-2025-11290 2025-10-05 MEDIUM 5.6 A vulnerability was identified in CRMEB up to 5.6.1. This affects an unknown function of the component JWT HMAC Secret Handler. Such manipulation of the argument secret with…
CVE-2025-8917 2025-10-05 MEDIUM 5.8 A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to…
CVE-2025-11289 2025-10-05 LOW 2.4 A vulnerability was determined in westboy CicadasCMS up to 2431154dac8d0735e04f1fd2a3c3556668fc8dab. The impacted element is the function Save of the file src/main/java/com/zhiliao/common/template/TemplateFileServiceImpl.java of the component Template Management Page. This…
CVE-2022-50495 2025-10-04 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-8406 2025-10-05 MEDIUM 6.3 ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to validate files during `data.tar.gz` extraction, which fails to…
CVE-2025-11288 2025-10-05 MEDIUM 6.3 A security flaw has been discovered in CRMEB up to 5.6. This issue affects some unknown processing of the file /adminapi/product/product of the component GET Parameter Handler. Performing…
CVE-2025-11287 2025-10-05 HIGH 7.3 A vulnerability was identified in samanhappy MCPHub up to 0.9.10. This vulnerability affects the function handleSseConnectionfunction of the file src/services/sseService.ts. Such manipulation leads to improper authentication. The attack…
CVE-2025-11286 2025-10-05 MEDIUM 4.7 A vulnerability was determined in samanhappy MCPHub up to 0.9.10. This affects an unknown part of the file src/controllers/serverController.ts of the component MCPRouter Service. This manipulation of the…
CVE-2025-11285 2025-10-05 MEDIUM 6.3 A vulnerability was found in samanhappy MCPHub up to 0.9.10. Affected by this issue is some unknown functionality of the file src/controllers/serverController.ts. The manipulation of the argument command/args…
CVE-2025-11284 2025-10-05 HIGH 7.3 A vulnerability has been found in Zytec Dalian Zhuoyun Technology Central Authentication Service 3. Affected by this vulnerability is an unknown functionality of the file /index.php/auth/Ops/git of the…
CVE-2025-11283 2025-10-05 LOW 2.4 A vulnerability was determined in Frappe LMS 2.35.0. This affects an unknown function of the component Course Handler. Executing manipulation of the argument Description can lead to cross…
CVE-2025-11282 2025-10-05 LOW 2.4 A vulnerability was found in Frappe LMS 2.34.x/2.35.0. The impacted element is an unknown function of the component Incomplete Fix CVE-2025-55006. Performing manipulation results in cross site scripting.…
CVE-2025-61882 2025-10-05 CRITICAL 9.8 Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker…
CVE-2025-11281 2025-10-05 MEDIUM 5.0 A vulnerability has been found in Frappe LMS 2.35.0. The affected element is an unknown function of the file /courses/ of the component Unpublished Course Handler. Such manipulation…
CVE-2025-11280 2025-10-05 LOW 3.7 A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct…
CVE-2025-11279 2025-10-05 MEDIUM 5.5 A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the…
CVE-2025-11278 2025-10-05 MEDIUM 4.3 A security vulnerability has been detected in AllStarLink Supermon up to 6.2. This vulnerability affects unknown code of the component AllMon2. The manipulation leads to cross site scripting.…
CVE-2025-11277 2025-10-05 MEDIUM 5.3 A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing manipulation can lead to heap-based buffer…
CVE-2025-11276 2025-10-05 LOW 3.5 A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross…
CVE-2025-11275 2025-10-05 MEDIUM 5.3 A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based…
CVE-2025-11274 2025-10-05 LOW 3.3 A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack…
CVE-2025-11273 2025-10-04 MEDIUM 6.3 A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument URL results in deserialization.…
CVE-2025-11272 2025-10-04 MEDIUM 5.4 A vulnerability has been found in SeriaWei ZKEACMS up to 4.3. This affects the function Delete of the file src/ZKEACMS.Redirection/Controllers/UrlRedirectionController.cs of the component POST Request Handler. The manipulation…
CVE-2023-53616 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in…
CVE-2023-53615 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The…
CVE-2023-53614 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree…
CVE-2023-53613 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: dax: Fix dax_mapping_release() use after free A CONFIG_DEBUG_KOBJECT_RELEASE test of removing a device-dax region provider (like modprobe -r…
CVE-2023-53612 2025-10-04 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally…
« Anterior Página 768 de 4304 Siguiente »