Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-41704 2025-10-14 MEDIUM 5.3 An unauthanticated remote attacker can perform a DoS of the Modbus service by sending a specific function and sub-function code without affecting the core functionality.
CVE-2025-41703 2025-10-14 HIGH 7.5 An unauthenticated remote attacker can cause a Denial of Service by turning off the output of the UPS via Modbus command.
CVE-2025-8594 2025-10-14 LOW 3.8 The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor…
CVE-2025-59889 2025-10-14 HIGH 8.6 Improper authentication of library files in the Eaton IPP software installer could lead to arbitrary code execution of an attacker with the access to the software package.
CVE-2025-11731 2025-10-14 LOW 3.1 A flaw was found in the exsltFuncResultComp() function of libxslt, which handles EXSLT elements during stylesheet parsing. Due to improper type handling, the function may treat an XML…
CVE-2025-10732 2025-10-14 MEDIUM 4.3 The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This…
CVE-2025-10357 2025-10-14 MEDIUM 6.1 The Simple SEO WordPress plugin before 2.0.32 does not sanitise and escape some parameters when outputing them in the page, which could allow users with a role as…
CVE-2025-42939 2025-10-14 MEDIUM 4.3 SAP S/4HANA (Manage Processing Rules - For Bank Statements) allows an authenticated attacker with basic privileges to delete conditions from any shared rule of any user by tampering…
CVE-2025-42937 2025-10-14 CRITICAL 9.8 SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high…
CVE-2025-42910 2025-10-14 CRITICAL 9.0 Due to missing verification of file type or content, SAP Supplier Relationship Management allows an authenticated attacker to upload arbitrary files. These files could include executables which might…
CVE-2025-42909 2025-10-14 LOW 3.0 SAP Cloud Appliance Library Appliances allows an attacker with high privileges to leverage an insecure S/4HANA default profile setting in an existing SAP CAL appliances to gain access…
CVE-2025-42908 2025-10-14 MEDIUM 5.4 Due to a Cross-Site Request Forgery (CSRF) vulnerability in SAP NetWeaver Application Server for ABAP, an authenticated attacker could initiate transactions directly via the session manager, bypassing the…
CVE-2025-42906 2025-10-14 MEDIUM 5.3 SAP Commerce Cloud contains a path traversal vulnerability that may allow users to access web applications such as the Administration Console from addresses where the Administration Console is…
CVE-2025-42903 2025-10-14 MEDIUM 4.3 A vulnerability in SAP Financial Service Claims Management RFC function ICL_USER_GET_NAME_AND_ADDRESS allows user enumeration and potential disclosure of personal data through response discrepancies, causing low impact on confidentiality…
CVE-2025-42902 2025-10-14 MEDIUM 5.3 Due to the memory corruption vulnerability in SAP NetWeaver AS ABAP and ABAP Platform, an unauthenticated attacker can send a corrupted SAP Logon Ticket or SAP Assertion Ticket…
CVE-2025-42901 2025-10-14 MEDIUM 5.4 SAP Application Server for ABAP allows an authenticated attacker to store malicious JavaScript payloads which could be executed in victim user's browser when accessing the affected functionality of…
CVE-2025-62392 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62391 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62390 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62389 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62388 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62387 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62386 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62385 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62384 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62383 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-62365 2025-10-13 N/A 0.0 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function…
CVE-2025-62363 2025-10-13 HIGH 7.8 yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the…
CVE-2025-62362 2025-10-13 N/A 0.0 gpp-burgerportaal is a Dutch government citizen portal application. In versions before 2.0.3, 3.0.2, and 4.0.1, the name and email address of employees who publish content are exposed in…
CVE-2025-62361 2025-10-13 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, an Open Redirect vulnerability was identified in the control.php…
CVE-2025-62360 2025-10-13 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users.Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_documento.php endpoint,…
CVE-2025-62359 2025-10-13 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.0, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in…
CVE-2025-62358 2025-10-13 MEDIUM 5.4 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, the log parameter in configuracao_geral.php is vulnerable to Reflected…
CVE-2025-62251 2025-10-13 N/A 0.0 Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to…
CVE-2025-62179 2025-10-13 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/cadastro_funcionario_pessoa_existente.php…
CVE-2025-62178 2025-10-13 LOW 3.5 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a Reflected Cross-Site Scripting (XSS) vulnerability was identified in…
CVE-2025-62177 2025-10-13 N/A 0.0 WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar.php…
CVE-2025-11623 2025-10-13 MEDIUM 6.5 SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database.
CVE-2025-9713 2025-10-13 HIGH 8.8 Path traversal in Ivanti Endpoint Manager allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required.
CVE-2025-62364 2025-10-13 MEDIUM 6.2 text-generation-webui is an open-source web interface for running Large Language Models. In versions through 3.13, a Local File Inclusion vulnerability exists in the character picture upload feature. An…
CVE-2025-62252 2025-10-13 N/A 0.0 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through…
CVE-2025-62246 2025-10-13 N/A 0.0 Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through…
CVE-2025-62176 2025-10-13 MEDIUM 4.3 Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to…
CVE-2025-62175 2025-10-13 MEDIUM 4.3 Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the…
CVE-2025-62174 2025-10-13 LOW 3.5 Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, when an administrator resets a user account's password via the…
CVE-2025-61688 2025-10-13 HIGH 8.6 Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, Omni might leak sensitive information via an API.
CVE-2025-59836 2025-10-13 MEDIUM 5.3 Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to 1.1.5 and 1.0.2, there is a nil pointer dereference vulnerability in the Omni Resource…
CVE-2025-11622 2025-10-13 HIGH 7.8 Insecure deserialization in Ivanti Endpoint Manager allows a local authenticated attacker to escalate their privileges.
CVE-2025-33182 2025-10-14 HIGH 7.6 NVIDIA Jetson Linux contains a vulnerability in UEFI, where improper authentication may allow a privileged user to cause corruption of the Linux Device Tree. A successful exploitation of…
CVE-2025-60537 2025-10-14 MEDIUM 6.5 Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data.
« Anterior Página 85 de 3643 Siguiente »