Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-20287 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to upload arbitrary files to an affected device.…
CVE-2025-20280 2025-09-03 MEDIUM 4.8 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct a stored…
CVE-2025-20270 2025-09-03 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information…
CVE-2025-9959 2025-09-03 HIGH 7.6 Incomplete validation of dunder attributes allows an attacker to escape from the Local Python execution environment sandbox, enforced by smolagents. The attack requires a Prompt Injection in order…
CVE-2025-9922 2025-09-03 MEDIUM 4.3 A security vulnerability has been detected in Campcodes Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Such manipulation of…
CVE-2025-9921 2025-09-03 LOW 2.4 A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument product_code/gen_name/product_name/supplier causes cross…
CVE-2025-9867 2025-09-03 MEDIUM 5.4 Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…
CVE-2025-9866 2025-09-03 HIGH 8.8 Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-9865 2025-09-03 MEDIUM 5.4 Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform…
CVE-2025-9864 2025-09-03 HIGH 8.8 Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
CVE-2025-56761 2025-09-03 MEDIUM 5.4 Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the…
CVE-2025-56760 2025-09-03 MEDIUM 4.3 When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing…
CVE-2025-56689 2025-09-03 MEDIUM 4.6 An issue was discovered in Quest One Identity 7.5.1.20903. A crafted response manipulation can bypass the OTP on MFA page which leads to access the PAM portal without…
CVE-2025-9920 2025-09-03 MEDIUM 4.7 A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results…
CVE-2025-9919 2025-09-03 HIGH 7.3 A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to…
CVE-2025-56498 2025-09-03 MEDIUM 5.3 An OS command injection vulnerability exists in PLDT WiFi Router's Prolink PGN6401V Firmware 8.1.2 web management interface. The ping6.asp page submits user input to the /boaform/formPing6 endpoint via…
CVE-2025-56435 2025-09-03 MEDIUM 5.3 SQL Injection vulnerability in FoxCMS v1.2.6 and before allows a remote attacker to execute arbitrary code via the. file /DataBackup.php and the operation on the parameter id.
CVE-2025-55944 2025-09-03 MEDIUM 6.1 Slink v1.4.9 allows stored cross-site scripting (XSS) via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The…
CVE-2025-55852 2025-09-03 HIGH 7.5 Tenda AC8 v16.03.34.06 is vulnerable to Buffer Overflow in the formWifiBasicSet function via the parameter security or security_5g.
CVE-2025-0280 2025-09-03 HIGH 7.5 A security vulnerability in HCL Compass can allow attacker to gain unauthorized database access.
CVE-2025-58701 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58700 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58699 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58698 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58697 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58696 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58695 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58694 2025-09-04 N/A 0.0 Rejected reason: Not used
CVE-2025-58171 2025-09-04 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-57146 2025-09-03 LOW 3.8 phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.
CVE-2025-56608 2025-09-03 MEDIUM 4.2 The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a…
CVE-2023-3666 2025-09-03 LOW 3.3 The Sticky Side Buttons WordPress plugin before 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform…
CVE-2025-57148 2025-09-03 CRITICAL 9.1 phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.
CVE-2025-57147 2025-09-03 HIGH 7.5 A SQL Injection vulnerability was found in phpgurukul Complaint Management System 2.0. The vulnerability is due to lack of input validation of multiple parameters including fullname, email, and…
CVE-2025-57052 2025-09-03 CRITICAL 9.8 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON…
CVE-2025-22417 2025-09-02 HIGH 7.3 In finishTransition of Transition.java, there is a possible way to bypass touch filtering restrictions due to a tapjacking/overlay attack. This could lead to local escalation of privilege with…
CVE-2025-22416 2025-09-02 HIGH 7.8 In onCreate of ChooserActivity.java , there is a possible way to view other users' images due to a confused deputy. This could lead to local escalation of privilege…
CVE-2025-9845 2025-09-03 LOW 3.5 A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the…
CVE-2025-9835 2025-09-02 MEDIUM 4.3 A vulnerability has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to…
CVE-2025-9834 2025-09-02 LOW 3.5 A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username…
CVE-2025-9833 2025-09-02 HIGH 7.3 A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument…
CVE-2025-9830 2025-09-02 HIGH 7.3 A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[]…
CVE-2025-58460 2025-09-03 MEDIUM 4.2 A missing permission check in Jenkins OpenTelemetry Plugin 3.1543.v8446b_92b_cd64 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through…
CVE-2025-58459 2025-09-03 MEDIUM 4.3 Jenkins global-build-stats Plugin 322.v22f4db_18e2dd and earlier does not perform permission checks in its REST API endpoints, allowing attackers with Overall/Read permission to enumerate graph IDs.
CVE-2025-58458 2025-09-03 MEDIUM 4.3 In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying…
CVE-2025-58176 2025-09-03 HIGH 8.8 Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered…
CVE-2025-48876 2025-09-03 N/A 0.0 Rejected reason: This CVE is a duplicate of another CVE.
CVE-2025-26416 2025-09-02 CRITICAL 9.8 In initializeSwizzler of SkBmpStandardCodec.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no…
CVE-2025-22442 2025-09-02 HIGH 7.0 In multiple functions of DevicePolicyManagerService.java, there is a possible way to install unauthorized applications into a newly created work profile due to a race condition. This could lead…
CVE-2025-22439 2025-09-02 HIGH 7.3 In onLastAccessedStackLoaded of ActionHandler.java , there is a possible way to bypass storage restrictions across apps due to a missing permission check. This could lead to local escalation…
« Anterior Página 866 de 4304 Siguiente »