Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-56676	2025-09-30	N/A	0.0	TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. A temporary password or reset token issued to one user can be used to log…
CVE-2025-56572	2025-09-30	N/A	0.0	An issue in finance.js v.4.1.0 allows a remote attacker to cause a denial of service via the seekZero() parameter.
CVE-2025-56571	2025-09-30	N/A	0.0	Finance.js v4.1.0 contains a Denial of Service (DoS) vulnerability via the IRR function’s depth parameter. Improper handling of the recursion/iteration limit can lead to excessive CPU usage, causing…
CVE-2025-55797	2025-09-30	N/A	0.0	An improper access control vulnerability in FormCms v0.5.4 in the /api/schemas/history/[schemaId] endpoint allows unauthenticated attackers to access historical schema data if a valid schemaId is known or guessed.
CVE-2025-34224	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose a set of PHP scripts under the `console_release` directory without requiring…
CVE-2025-34221	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 25.2.1518 (VA/SaaS deployments) expose every internal Docker container to the network because firewall rules allow…
CVE-2025-34215	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (only VA deployments) expose an unauthenticated firmware-upload flow: a public page…
CVE-2025-7779	2025-09-30	HIGH	8.8	Local privilege escalation due to insecure XPC service configuration. The following products are affected: Acronis True Image (macOS) before build 42389, Acronis True Image for SanDisk (macOS) before…
CVE-2025-59956	2025-09-30	MEDIUM	6.5	AgentAPI is an HTTP API for Claude Code, Goose, Aider, Gemini, Amp, and Codex. Versions 0.3.3 and below are susceptible to a client-side DNS rebinding attack when hosted…
CVE-2025-61586	2025-09-30	N/A	0.0	FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below are vulnerable to directory enumeration by setting path in theme field, allowing attackers to gain additional information…
CVE-2025-59954	2025-09-30	N/A	0.0	Knowage is an open source analytics and business intelligence suite. Versions 8.1.26 and below are vulnerable to Remote Code Exection through using an unsafe org.apache.commons.jxpath.JXPathContext in MetaService.java service.…
CVE-2025-59950	2025-09-30	MEDIUM	6.7	FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.3 and below, due to a bypass of double clickjacking protection (confirmation dialog), it is possible to trick the…
CVE-2025-59937	2025-09-29	N/A	0.0	go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient…
CVE-2025-57769	2025-09-29	N/A	0.0	FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code…
CVE-2025-56301	2025-09-30	N/A	0.0	An issue was discovered in Chipsalliance Rocket-Chip commit f517abbf41abb65cea37421d3559f9739efd00a9 (2025-01-29) allowing attackers to corrupt exception handling and privilege state transitions via a flawed interaction between exception handling and…
CVE-2025-54875	2025-09-29	CRITICAL	9.8	FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through…
CVE-2025-54591	2025-09-29	HIGH	7.5	FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below expose information about feeds and tags of default admin users, due to lack of access checking in…
CVE-2025-34235	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled…
CVE-2025-11178	2025-09-30	HIGH	7.3	Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42386.
CVE-2025-59948	2025-09-29	MEDIUM	6.7	FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders…
CVE-2025-54592	2025-09-29	N/A	0.0	FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not properly terminate the session during logout. After a user logs out, the session cookie remains…
CVE-2025-34234	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain two hardcoded private keys that are shipped in…
CVE-2025-34232	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind server-side request forgery (SSRF) vulnerability reachable…
CVE-2025-34231	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a blind and non-blind server-side request forgery (SSRF) vulnerability. The…
CVE-2025-34217	2025-09-30	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA/SaaS deployments) contain an undocumented 'printerlogic' user with a hardcoded SSH public key in '~/.ssh/authorized_keys' and a sudoers rule…
CVE-2025-34225	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contain a server-side request forgery (SSRF) vulnerability. The `console_release` directory is…
CVE-2025-34223	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) contain a default admin account and an installation‑time endpoint at `/admin/query/update_database.php` that can…
CVE-2025-34218	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a…
CVE-2025-34216	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1026 and Application prior to version 20.0.2702 (VA deployments only) expose a set of unauthenticated REST API endpoints that return configuration…
CVE-2025-34212	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the…
CVE-2025-34211	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA and SaaS deployments) contain a private SSL key and matching…
CVE-2025-34209	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 (VA and SaaS deployments) contain Docker images with the private GPG key and passphrase…
CVE-2025-10859	2025-09-30	MEDIUM	4.0	Cookie storage for non-HTML temporary documents was being shared incorrectly with normal browsing content, allowing information from private tabs to escape Incognito mode even after the user closed…
CVE-2025-10991	2025-09-30	N/A	0.0	The attacker may obtain root access by connecting to the UART port and this vulnerability requires the attacker to have the physical access to the device. This issue…
CVE-2024-58040	2025-09-30	CRITICAL	9.1	Crypt::RandomEncryption for Perl version 0.01 uses insecure rand() function during encryption.
CVE-2025-34207	2025-09-29	N/A	0.0	Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to 22.0.1049 and Application prior to 20.0.2786 (VA and SaaS deployments) configure the SSH client within Docker instances with the following…
CVE-2025-41244	2025-09-29	HIGH	7.8	VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed…
CVE-2025-11153	2025-09-30	N/A	0.0	This vulnerability affects Firefox < 143.0.3.
CVE-2025-11152	2025-09-30	N/A	0.0	This vulnerability affects Firefox < 143.0.3.
CVE-2025-10217	2025-09-30	N/A	0.0	A vulnerability exists in Asset Suite for an authenticated user to manipulate the content of performance related log data or to inject crafted data in logfile for potentially…
CVE-2025-9993	2025-09-30	HIGH	8.1	The Bei Fen – WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This…
CVE-2025-9991	2025-09-30	HIGH	8.1	The Tiny Bootstrap Elements Light plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.3.34 via the 'language' parameter. This makes…
CVE-2025-9948	2025-09-30	MEDIUM	4.3	The Chat by Chatwee plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect…
CVE-2025-9946	2025-09-30	MEDIUM	6.1	The LockerPress – WordPress Security Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing…
CVE-2025-9852	2025-09-30	MEDIUM	6.4	The Yoga Schedule Momoyoga plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'momoyoga-schedule' shortcode in all versions up to, and including, 2.9.0 due to…
CVE-2025-9762	2025-09-30	CRITICAL	9.8	The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the save_attachments function in all versions up to,…
CVE-2025-8877	2025-09-30	HIGH	7.5	The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the…
CVE-2025-8777	2025-09-30	MEDIUM	6.4	The planetcalc plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘language’ parameter in all versions up to, and including, 2.2 due to insufficient input sanitization…
CVE-2025-8625	2025-09-30	CRITICAL	9.8	The Copypress Rest API plugin for WordPress is vulnerable to Remote Code Execution via copyreap_handle_image() Function in versions 1.1 to 1.2. The plugin falls back to a hard-coded…
CVE-2025-8624	2025-09-30	MEDIUM	6.4	The Nexa Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Google Maps widget in all versions up to, and including, 1.1.0 due to…

« Anterior Página 784 de 4304 Siguiente »

Vulnerabilidades CVE

Vulnerabilidades CVE

Soluciones

Recursos

Legal y Soporte