Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-58384 2025-09-26 CRITICAL 10.0 In DOXENSE WATCHDOC before 6.1.1.5332, Deserialization of Untrusted Data can lead to remote code execution through the .NET Remoting library in the Watchdoc administration interface.
CVE-2025-11037 2025-09-26 HIGH 7.3 A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/admin_index_search.php. Performing manipulation of the argument Search results in…
CVE-2025-11036 2025-09-26 HIGH 7.3 A vulnerability was identified in code-projects E-Commerce Website 1.0. This affects an unknown function of the file /pages/admin_account_update.php. Such manipulation of the argument user_id leads to sql injection.…
CVE-2025-11035 2025-09-26 MEDIUM 6.3 A vulnerability was determined in Jinher OA 2.0. The impacted element is an unknown function of the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl&style=1. This manipulation causes xml external entity reference. The attack…
CVE-2025-55187 2025-09-26 CRITICAL 9.9 In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges.
CVE-2025-11034 2025-09-26 MEDIUM 4.3 A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of the…
CVE-2025-11033 2025-09-26 HIGH 7.3 A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to…
CVE-2025-11032 2025-09-26 HIGH 7.3 A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can…
CVE-2025-11031 2025-09-26 MEDIUM 5.3 A flaw has been found in DataTables up to 1.10.13. The affected element is an unknown function of the file /examples/resources/examples.php. This manipulation of the argument src causes…
CVE-2025-11029 2025-09-26 MEDIUM 4.3 A weakness has been identified in givanz Vvveb up to 1.0.7.2. This vulnerability affects unknown code. Executing manipulation can lead to cross-site request forgery. The attack can be…
CVE-2025-11028 2025-09-26 MEDIUM 5.3 A security flaw has been discovered in givanz Vvveb up to 1.0.7.2. This affects an unknown part of the component Image Handler. Performing manipulation results in information disclosure.…
CVE-2025-11027 2025-09-26 LOW 2.4 A vulnerability was identified in givanz Vvveb up to 1.0.7.2. Affected by this issue is some unknown functionality of the component SVG File Handler. Such manipulation leads to…
CVE-2025-10976 2025-09-25 LOW 3.1 A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to…
CVE-2025-10975 2025-09-25 MEDIUM 6.3 A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the…
CVE-2025-10974 2025-09-25 MEDIUM 6.3 A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the…
CVE-2025-10973 2025-09-25 HIGH 7.3 A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument…
CVE-2025-59844 2025-09-26 N/A 0.0 SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. A command injection vulnerability exists in SonarQube GitHub Action in version 4.0.0…
CVE-2025-11030 2025-09-26 HIGH 7.3 A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The…
CVE-2025-59843 2025-09-26 N/A 0.0 Flag Forge is a Capture The Flag (CTF) platform. From versions 2.0.0 to before 2.3.1, the public endpoint /api/user/[username] returns user email addresses in its JSON response. The…
CVE-2025-59842 2025-09-26 N/A 0.0 jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files…
CVE-2025-58385 2025-09-26 HIGH 7.1 In DOXENSE WATCHDOC before 6.1.0.5094, private user puk codes can be disclosed for Active Directory registered users (there is hard-coded and predictable data).
CVE-2025-57292 2025-09-26 MEDIUM 6.1 Todoist v8484 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata.
CVE-2025-56463 2025-09-26 MEDIUM 6.8 Mercusys MW305R 3.30 and below is has a Transport Layer Security (TLS) certificate private key disclosure.
CVE-2025-11026 2025-09-26 LOW 3.5 A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information…
CVE-2025-35027 2025-09-26 HIGH 7.3 Multiple robotic products by Unitree sharing a common firmware, including the Go2, G1, H1, and B2 devices, contain a command injection vulnerability. By setting a malicious string when…
CVE-2025-11017 2025-09-26 LOW 3.3 A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results…
CVE-2025-6396 2025-09-26 MEDIUM 6.1 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webbeyaz Website Design Website Software allows Cross-Site Scripting (XSS).This issue affects Website Software: through…
CVE-2025-36326 2025-09-26 LOW 3.7 IBM Cognos Controller 11.0.0 through 11.0.1, and IBM Controller 11.1.0 through 11.1.1 could allow an attacker to obtain sensitive information due to the use of hardcoded cryptographic keys…
CVE-2025-36274 2025-09-26 HIGH 7.5 IBM Aspera HTTP Gateway 2.0.0 through 2.3.1 stores sensitive information in clear text in easily obtainable files which can be read by an unauthenticated user.
CVE-2025-11019 2025-09-26 LOW 2.4 A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting.…
CVE-2025-55560 2025-09-25 N/A 0.0 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
CVE-2025-55559 2025-09-25 N/A 0.0 An issue was discovered TensorFlow v2.18.0. A Denial of Service (DoS) occurs when padding is set to 'valid' in tf.keras.layers.Conv2D.
CVE-2025-55558 2025-09-25 N/A 0.0 A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service…
CVE-2025-55557 2025-09-25 N/A 0.0 A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS).
CVE-2025-55556 2025-09-25 N/A 0.0 TensorFlow v2.18.0 was discovered to output random results when compiling Embedding, leading to unexpected behavior in the application.
CVE-2025-55554 2025-09-25 N/A 0.0 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
CVE-2025-55553 2025-09-25 N/A 0.0 A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS).
CVE-2025-55552 2025-09-25 N/A 0.0 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-43943 2025-09-25 MEDIUM 6.7 Dell Cloud Disaster Recovery, version(s) prior to 19.20, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker…
CVE-2025-33116 2025-09-25 MEDIUM 4.4 IBM Watson Studio 4.0 through 5.2.0 on Cloud Pak for Data is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in…
CVE-2025-26333 2025-09-25 MEDIUM 5.9 Dell Crypto-J generates an error message that includes sensitive information about its environment and associated data. A remote attacker could potentially exploit this vulnerability, leading to information exposure.
CVE-2025-10953 2025-09-25 HIGH 8.8 A security vulnerability has been detected in UTT 1200GW and 1250GW up to 3.0.0-170831/3.2.2-200710. This vulnerability affects unknown code of the file /goform/formApMail. The manipulation of the argument…
CVE-2025-10952 2025-09-25 MEDIUM 5.3 A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File…
CVE-2025-10911 2025-09-25 MEDIUM 5.5 A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
CVE-2024-48014 2025-09-25 HIGH 7.5 Dell BSAFE Micro Edition Suite, versions prior to 5.0.2.3 contain an Out-of-bounds Write vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to denial…
CVE-2025-59838 2025-09-25 N/A 0.0 Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This…
CVE-2025-59832 2025-09-25 CRITICAL 9.9 Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, there is a stored XSS vulnerability in the ticket comment editor. A…
CVE-2025-59830 2025-09-25 HIGH 7.5 Rack is a modular Ruby web server interface. Prior to version 2.2.18, Rack::QueryParser enforces its params_limit only for parameters separated by &, while still splitting on both &…
CVE-2025-59823 2025-09-25 CRITICAL 9.9 Project Gardener implements the automated management and operation of Kubernetes clusters as a service. Code injection may be possible in Gardener Extensions for AWS providers prior to version…
CVE-2025-55551 2025-09-25 N/A 0.0 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
« Anterior Página 790 de 4304 Siguiente »