Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-59046 2025-09-09 CRITICAL 9.8 The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It…
CVE-2025-7635 2025-09-09 N/A 0.0 Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
CVE-2025-57633 2025-09-09 CRITICAL 9.8 A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from…
CVE-2025-58761 2025-09-09 HIGH 8.6 Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_image_proxy` endpoint in Tautulli v2.15.3 and prior is vulnerable to path traversal, allowing unauthenticated…
CVE-2025-58430 2025-09-09 N/A 0.0 listmonk is a standalone, self-hosted, newsletter and mailing list manager. In versions up to and including 1.1.0, every http request in addition to the session cookie `session` there…
CVE-2025-57540 2025-09-09 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript…
CVE-2025-57078 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pppoeServerWhiteMacIndex parameter in the formModifyPppAuthWhiteMac function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57539 2025-09-09 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input.…
CVE-2025-57538 2025-09-09 MEDIUM 5.4 A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject…
CVE-2025-57087 2025-09-09 HIGH 7.5 Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of…
CVE-2025-57072 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the staticRouteGateway parameter in the formSetStaticRoute function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57071 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the vpnUsers parameter in the formAddVpnUsers function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57070 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the gstUp parameter in the guestWifiRuleRefresh function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57069 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the pPppUser parameter in the getsinglepppuser function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57064 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57063 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57062 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57061 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formIPMacBindModify function via the ruleId, ip, mac, v6 and remark parameters. This vulnerability allows attackers to…
CVE-2025-57059 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the dhcpIndex parameter in the addDhcpRule function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-57058 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain multiple stack overflows in the formSetDebugCfg function via the pEnable, pLevel, and pModule parameters. This vulnerability allows attackers to cause a…
CVE-2025-57057 2025-09-09 HIGH 7.5 Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the listStr parameter in the ipMacBindListStore function. This vulnerability allows attackers to cause a Denial of Service…
CVE-2025-56406 2025-09-10 HIGH 7.5 An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to gain sensitive information or execute arbitrary commands via the SSE service.
CVE-2025-52915 2025-09-09 HIGH 7.2 K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation.…
CVE-2025-52322 2025-09-09 HIGH 7.5 An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C),…
CVE-2025-52277 2025-09-09 MEDIUM 6.1 Cross Site Scripting vulnerability in YesWiki v.4.54 allows a remote attacker to execute arbitrary code via a crafted payload to the meta configuration robots field
CVE-2025-10231 2025-09-10 HIGH 7.0 An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands…
CVE-2025-10199 2025-09-09 HIGH 7.8 A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path.
CVE-2025-10198 2025-09-09 HIGH 7.8 Sunshine for Windows, version v2025.122.141614, contains a DLL search-order hijacking vulnerability, allowing attackers to insert a malicious DLL in user-writeable PATH directories.
CVE-2025-10170 2025-09-09 HIGH 8.8 A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads…
CVE-2025-7718 2025-09-10 HIGH 8.8 The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including,…
CVE-2025-10227 2025-09-10 MEDIUM 4.6 Missing Encryption of Sensitive Data (CWE-311) in the Object Archive component in AxxonSoft Axxon One before 2.0.8 on Windows and Linux allows a local attacker with access to…
CVE-2025-10226 2025-09-10 CRITICAL 9.8 Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges,…
CVE-2025-10225 2025-09-10 HIGH 7.5 Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) in the OpenSSL-based session module in AxxonSoft Axxon One 2.0.6 and earlier on Windows allows a…
CVE-2025-10224 2025-09-10 MEDIUM 5.4 Improper Authentication (CWE-287) in the LDAP authentication engine in AxxonSoft Axxon One 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned…
CVE-2025-10223 2025-09-10 MEDIUM 5.4 Insufficient Session Expiration (CWE-613) in the Web Admin Panel in AxxonSoft Axxon One prior to 2.0.3 on Windows allows a local or remote authenticated attacker to retain access…
CVE-2025-10222 2025-09-10 LOW 3.3 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS 2.0.0 through 2.0.1 on Windows allows a local attacker…
CVE-2025-10221 2025-09-10 MEDIUM 5.5 Insertion of Sensitive Information into Log File (CWE-532) in the ARP Agent component in AxxonSoft Axxon One / AxxonNet 2.0.4 and earlier on Windows platforms allows a local…
CVE-2025-10220 2025-09-10 CRITICAL 9.8 Use of Unmaintained Third Party Components (CWE-1104) in the NuGet dependency components in AxxonSoft Axxon One VMS 2.0.0 through 2.0.4 on Windows allows a remote attacker to execute…
CVE-2025-10219 2025-09-10 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-10195 2025-09-10 MEDIUM 5.3 A vulnerability has been found in Seismic App 2.4.2 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.seismic.doccenter. Such manipulation leads to…
CVE-2025-10172 2025-09-09 HIGH 8.8 A flaw has been found in UTT 750W up to 3.2.2-191225. This issue affects some unknown processing of the file /goform/formPictureUrl. Executing manipulation of the argument importpictureurl can…
CVE-2025-40979 2025-09-10 N/A 0.0 DLL search order hijacking vulnerability in the wave.exe executable for Windows 11, version 1.27.8. Exploitation of this vulnerability could allow attackers with local access to execute arbitrary code…
CVE-2025-40725 2025-09-10 N/A 0.0 Reflected Cross-Site Scripting (XSS) vulnerability in Azon Dominator. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using…
CVE-2025-10215 2025-09-10 N/A 0.0 DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of…
CVE-2025-10214 2025-09-10 N/A 0.0 DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a FREngine.dll file of…
CVE-2025-10213 2025-09-10 N/A 0.0 DLL search path hijacking vulnerability in the UPDF.exe executable for Windows version 1.8.5.0 allows attackers with local access to execute arbitrary code by placing a dxtn.dll file of…
CVE-2025-36759 2025-09-10 N/A 0.0 Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
CVE-2025-36758 2025-09-10 N/A 0.0 It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.
CVE-2025-36757 2025-09-10 N/A 0.0 It is possible to bypass the administrator login screen on SolaX Cloud. An attacker could use parameter tampering to bypass the login screen and gain limited access to…
CVE-2025-36756 2025-09-10 N/A 0.0 A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.
« Anterior Página 844 de 4304 Siguiente »