Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-61087 2025-10-02 N/A 0.0 SourceCodester Pet Grooming Management Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the Customer Name field under Customer Management Section.
CVE-2025-60782 2025-10-02 N/A 0.0 PHP Education Manager v1.0 is vulnerable to Cross Site Scripting (XSS) stored Cross-Site Scripting (XSS) vulnerability in the topics management module (topics.php). Attackers can inject malicious JavaScript payloads…
CVE-2025-56381 2025-10-02 MEDIUM 6.5 ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.
CVE-2025-56380 2025-10-02 MEDIUM 6.5 Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter
CVE-2025-56379 2025-10-02 N/A 0.0 A stored cross-site scripting (XSS) vulnerability in the blog post feature of ERPNEXT v15.67.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected…
CVE-2025-53881 2025-10-02 N/A 0.0 A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before…
CVE-2023-28760 2025-10-02 HIGH 7.5 TP-Link AX1800 WiFi 6 Router (Archer AX21) devices allow unauthenticated attackers (on the LAN) to execute arbitrary code as root via the db_dir field to minidlnad. The attacker…
CVE-2025-41010 2025-10-02 N/A 0.0 Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an “Origin”…
CVE-2025-22862 2025-10-02 MEDIUM 6.7 An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through…
CVE-2025-11240 2025-10-02 N/A 0.0 An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation…
CVE-2025-11239 2025-10-02 N/A 0.0 Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only…
CVE-2025-0642 2025-10-02 MEDIUM 6.3 Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.
CVE-2025-41064 2025-10-02 N/A 0.0 Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
CVE-2024-58267 2025-10-02 HIGH 8.0 A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based…
CVE-2024-58260 2025-10-02 HIGH 7.6 A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User…
CVE-2025-54293 2025-10-02 N/A 0.0 Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via…
CVE-2025-40992 2025-10-02 N/A 0.0 Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could…
CVE-2025-40991 2025-10-02 N/A 0.0 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via…
CVE-2025-40990 2025-10-02 N/A 0.0 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description"…
CVE-2025-40989 2025-10-02 N/A 0.0 Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via…
CVE-2025-61735 2025-10-02 HIGH 7.3 Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. You are fine as long as the Kylin's system and project admin…
CVE-2025-61734 2025-10-02 HIGH 7.5 Files or Directories Accessible to External Parties vulnerability in Apache Kylin. You are fine as long as the Kylin's system and project admin access is well protected. This…
CVE-2025-61733 2025-10-02 HIGH 7.5 Authentication Bypass Using an Alternate Path or Channel vulnerability in Apache Kylin. This issue affects Apache Kylin: from 4.0.0 through 5.0.2. Users are recommended to upgrade to version…
CVE-2025-54468 2025-10-02 MEDIUM 4.7 A vulnerability has been identified within Rancher Manager whereby `Impersonate-Extra-*` headers are being sent to an external entity, for example `amazonaws.com`, via the `/meta/proxy` Rancher endpoint. These headers…
CVE-2025-54292 2025-10-02 N/A 0.0 Path traversal in Canonical LXD LXD-UI versions before 6.5 and 5.21.4 on all platforms allows remote authenticated attackers to access or modify unintended resources via crafted resource names…
CVE-2025-54291 2025-10-02 N/A 0.0 Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code…
CVE-2025-54290 2025-10-02 N/A 0.0 Information disclosure in image export API in Canonical LXD before 6.5 and 5.21.4 on Linux allows network attackers to determine project existence without authentication via crafted requests using…
CVE-2025-54289 2025-10-02 N/A 0.0 Privilege Escalation in operations API in Canonical LXD 6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via…
CVE-2025-54288 2025-10-02 N/A 0.0 Information Spoofing in devLXD Server in Canonical LXD versions 4.0 and above on Linux container platforms allows attackers with root privileges within any container to impersonate other containers…
CVE-2025-54287 2025-10-02 N/A 0.0 Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via…
CVE-2025-54286 2025-10-02 N/A 0.0 Cross-Site Request Forgery (CSRF) in LXD-UI in Canonical LXD versions >= 5.0 on Linux allows an attacker to create and start container instances without user consent via crafted…
CVE-2025-40646 2025-10-02 N/A 0.0 Exposure of sensitive information in Viday. This vulnerability could allow an attacker to obtain sensitive information about customers by intercepting HTTP requests and searching for the JWT containing…
CVE-2025-40645 2025-10-02 N/A 0.0 Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using…
CVE-2025-9697 2025-10-02 CRITICAL 9.8 The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to…
CVE-2025-9587 2025-10-02 MEDIUM 6.5 The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action…
CVE-2025-61692 2025-10-02 HIGH 7.8 VT STUDIO versions 8.53 and prior contain a use after free vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected…
CVE-2025-61691 2025-10-02 HIGH 7.8 VT STUDIO versions 8.53 and prior contain an out-of-bounds read vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
CVE-2025-61690 2025-10-02 HIGH 7.8 KV STUDIO versions 12.23 and prior contain a buffer underflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
CVE-2025-58777 2025-10-02 HIGH 7.8 VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the…
CVE-2025-58776 2025-10-02 HIGH 7.8 KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected…
CVE-2025-58775 2025-10-02 HIGH 7.8 KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
CVE-2025-11221 2025-10-02 HIGH 8.8 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not…
CVE-2025-11182 2025-10-02 MEDIUM 6.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All…
CVE-2025-11020 2025-10-02 HIGH 8.8 An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC…
CVE-2025-61588 2025-10-02 N/A 0.0 RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. In versions 2.0.2 and below of risc0-zkvm-platform, when the zkVM guest calls…
CVE-2025-61583 2025-10-01 MEDIUM 4.3 TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the…
CVE-2025-61582 2025-10-01 HIGH 7.5 TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated…
CVE-2025-61587 2025-10-01 N/A 0.0 Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis…
CVE-2025-59951 2025-10-01 N/A 0.0 Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being…
CVE-2025-54811 2025-10-01 HIGH 7.1 OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends…
« Anterior Página 777 de 4304 Siguiente »