Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59403 2025-10-02 MEDIUM 6.5 The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes…
CVE-2025-57305 2025-10-02 MEDIUM 6.5 VitaraCharts 5.3.5 is vulnerable to Server-Side Request Forgery in fileLoader.jsp.
CVE-2025-56162 2025-10-02 MEDIUM 6.5 YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to:…
CVE-2025-57443 2025-10-02 MEDIUM 5.1 FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows…
CVE-2025-54087 2025-10-02 N/A 0.0 CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the…
CVE-2025-54086 2025-10-02 N/A 0.0 CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read…
CVE-2025-10653 2025-10-02 HIGH 8.6 An unauthenticated debug port may allow access to the device file system.
CVE-2025-59738 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59737 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59736 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59735 2025-10-02 CRITICAL 9.8 Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The…
CVE-2025-59755 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59754 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59753 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59752 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59751 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59750 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59764 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59763 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59762 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59761 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59760 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59759 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59758 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59757 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59756 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59774 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59773 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59772 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59771 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59770 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59769 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59768 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59767 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59766 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59765 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59745 2025-10-02 HIGH 7.5 Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure…
CVE-2025-59746 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59747 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59748 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59749 2025-10-02 MEDIUM 6.1 Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The…
CVE-2025-59835 2025-10-02 N/A 0.0 LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform…
CVE-2025-54315 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
CVE-2025-49090 2025-10-02 HIGH 7.1 The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
CVE-2025-56161 2025-10-02 HIGH 7.5 YOSHOP 2.0 allows unauthenticated information disclosure via comment-list API endpoints in the Goods module. The Comment model eagerly loads the related User model without field filtering; because User.php…
CVE-2025-56154 2025-10-02 MEDIUM 6.1 htmly v3.0.8 is vulnerable to Cross Site Scripting (XSS) in the /author/:name endpoint of the affected application. The name parameter is not properly sanitized before being reflected in…
CVE-2025-32942 2025-10-02 HIGH 7.2 SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
CVE-2025-34210 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store a large number of sensitive credentials (database passwords, MySQL root password, SaaS keys, Portainer admin password,…
CVE-2025-34208 2025-10-02 N/A 0.0 Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) store user passwords using unsalted SHA-512 hashes with a fall-back to unsalted SHA-1. The hashing is performed…
CVE-2025-61096 2025-10-02 MEDIUM 6.5 PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.
« Anterior Página 776 de 4304 Siguiente »