Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9075 2025-10-01 MEDIUM 6.4 The ZoloBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple Gutenberg blocks in versions up to, and including, 2.3.10. This is due to insufficient input…
CVE-2025-10744 2025-10-01 MEDIUM 5.3 The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.1 through publicly…
CVE-2025-10735 2025-10-01 MEDIUM 4.0 The Block For Mailchimp – Easy Mailchimp Form Integration plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.12 via…
CVE-2025-10538 2025-10-01 N/A 0.0 An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account…
CVE-2025-61722 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61721 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61720 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61719 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61718 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61717 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61716 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61715 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61714 2025-10-01 N/A 0.0 Rejected reason: Not used
CVE-2025-61792 2025-09-30 MEDIUM 6.4 Quadient DS-700 iQ devices through 2025-09-30 might have a race condition during the quick clicking of (in order) the Question Mark button, the Help Button, the About button,…
CVE-2025-55191 2025-09-30 MEDIUM 6.5 Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition…
CVE-2025-43826 2025-09-30 N/A 0.0 Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10,…
CVE-2022-40285 2025-09-30 N/A 0.0 Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2024-13967. Reason: This record is a reservation duplicate of CVE-2024-13967. Notes: All CVE users should reference CVE-2024-13967 instead of…
CVE-2025-9232 2025-09-30 MEDIUM 5.9 Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of…
CVE-2025-9231 2025-09-30 MEDIUM 6.5 Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary:…
CVE-2025-9230 2025-09-30 HIGH 7.5 Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write. Impact summary: This out-of-bounds read may trigger…
CVE-2025-56392 2025-09-30 N/A 0.0 An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST…
CVE-2025-56200 2025-09-30 MEDIUM 6.1 A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the…
CVE-2025-56018 2025-09-30 MEDIUM 6.1 SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field.
CVE-2025-52050 2025-09-30 MEDIUM 6.5 In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-52049 2025-09-30 MEDIUM 6.5 In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query…
CVE-2025-52047 2025-09-30 MEDIUM 6.5 In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-52043 2025-09-30 MEDIUM 6.5 In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL…
CVE-2025-36262 2025-09-30 MEDIUM 4.9 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information…
CVE-2025-36132 2025-09-30 MEDIUM 5.4 IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in…
CVE-2025-28016 2025-09-30 MEDIUM 4.8 A Reflected Cross-Site Scripting (XSS) vulnerability was found in loginsystem/edit-profile.php of the PHPGurukul User Registration & Login and User Management System V3.3. This vulnerability allows remote attackers to…
CVE-2025-10659 2025-09-30 CRITICAL 9.8 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the…
CVE-2024-55017 2025-09-30 HIGH 7.5 Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the redirect_uri parameter allows attackers to intercept authorization codes and gain unauthorized access to…
CVE-2025-56132 2025-09-30 N/A 0.0 LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality. The application returns distinguishable responses for valid and invalid email addresses, allowing unauthenticated…
CVE-2025-43827 2025-09-30 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10,…
CVE-2025-11149 2025-09-30 HIGH 7.5 This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This…
CVE-2025-11148 2025-09-30 CRITICAL 9.8 All versions of the package check-branches are vulnerable to Command Injection check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts…
CVE-2025-57254 2025-09-30 N/A 0.0 An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password…
CVE-2025-56675 2025-09-30 LOW 3.5 The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password.
CVE-2025-56513 2025-09-30 N/A 0.0 NiceHash QuickMiner 6.12.0 perform software updates over HTTP without validating digital signatures or hash checks. An attacker capable of intercepting or redirecting traffic to the update url and…
CVE-2025-54477 2025-09-30 MEDIUM 5.3 Improper handling of authentication requests lead to a user enumeration vector in the passkey authentication method.
CVE-2025-23293 2025-09-30 HIGH 8.7 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to…
CVE-2025-23292 2025-09-30 MEDIUM 4.6 NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may…
CVE-2025-23291 2025-09-30 LOW 2.4 NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an User/Attacker may cause an authorized action. A successful exploit of this vulnerability may lead to…
CVE-2025-11195 2025-09-30 LOW 3.3 Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a…
CVE-2025-56520 2025-09-30 N/A 0.0 Dify v1.6.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component controllers.console.remote_files.RemoteFileUploadApi. A different vulnerability than CVE-2025-29720.
CVE-2025-56207 2025-09-30 N/A 0.0 A security flaw in the '_transfer' function of a smart contract implementation for Money Making Opportunity (MMO), an Ethereum ERC721 Non-Fungible Token (NFT) project, allows users or attackers…
CVE-2025-54476 2025-09-30 N/A 0.0 Improper handling of input could lead to an XSS vector in the checkAttribute method of the input filter framework class.
CVE-2025-43400 2025-09-29 MEDIUM 6.3 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.8.1, macOS Tahoe 26.0.1, macOS Sequoia 15.7.1, visionOS 26.0.1, iOS 26.0.1…
CVE-2025-6034 2025-09-30 HIGH 7.8 There is a memory corruption vulnerability due to an out of bounds read in DefaultFontOptions() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in…
CVE-2025-6033 2025-09-30 HIGH 7.8 There is a memory corruption vulnerability due to an out of bounds write in XML_Serialize() when using SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in…
« Anterior Página 783 de 4304 Siguiente »