Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-9813 2025-09-02 HIGH 8.8 A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow.…
CVE-2025-9812 2025-09-02 HIGH 8.8 A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer…
CVE-2025-9811 2025-09-02 HIGH 7.3 A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql…
CVE-2025-8662 2025-09-02 N/A 0.0 OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through…
CVE-2025-9806 2025-09-02 LOW 1.9 A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etc_ro/shadow of the component Administrative Interface. This manipulation with the input Fireitup…
CVE-2025-9805 2025-09-02 MEDIUM 6.3 A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The…
CVE-2025-58178 2025-09-02 HIGH 7.8 SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in…
CVE-2025-58162 2025-09-02 MEDIUM 6.5 MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory…
CVE-2025-58161 2025-09-02 N/A 0.0 MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to…
CVE-2025-57808 2025-09-02 HIGH 8.1 ESPHome is a system to control microcontrollers remotely through Home Automation systems. In version 2025.8.0 in the ESP-IDF platform, ESPHome's web_server authentication check can pass incorrectly when the…
CVE-2025-9802 2025-09-02 MEDIUM 4.7 A vulnerability was detected in RemoteClinic 2.0. This vulnerability affects unknown code of the file /staff/profile.php. The manipulation of the argument ID results in sql injection. The attack…
CVE-2025-9801 2025-09-01 MEDIUM 5.4 A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote…
CVE-2025-9800 2025-09-01 MEDIUM 6.3 A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File…
CVE-2025-9799 2025-09-01 MEDIUM 5.0 A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler.…
CVE-2025-9797 2025-09-01 LOW 2.4 A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes…
CVE-2025-9796 2025-09-01 LOW 3.5 A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is…
CVE-2024-28988 2025-09-01 CRITICAL 9.8 SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on…
CVE-2025-9795 2025-09-01 MEDIUM 6.3 A vulnerability has been found in xujeff tianti 天梯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument…
CVE-2025-9794 2025-09-01 HIGH 7.3 A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the…
CVE-2025-9793 2025-09-01 HIGH 7.3 A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the…
CVE-2025-9792 2025-09-01 HIGH 7.3 A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /e_dashboard/e_all_info.php. Such manipulation of the argument mid…
CVE-2025-9810 2025-09-01 MEDIUM 6.8 TOCTOU  in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a symlink race between fopen("w") on the history path and subsequent chmod() on the same path.
CVE-2025-9809 2025-09-01 N/A 0.0 Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding…
CVE-2025-9791 2025-09-01 HIGH 8.8 A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow.…
CVE-2025-9790 2025-09-01 HIGH 7.3 A security flaw has been discovered in SourceCodester Hotel Reservation System 1.0. This affects an unknown part of the file /admin/updateabout.php. The manipulation of the argument address results…
CVE-2025-9789 2025-09-01 HIGH 7.3 A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is some unknown functionality of the file /admin/edituser.php. The manipulation of the argument…
CVE-2025-9788 2025-09-01 HIGH 7.3 A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin_class.php. Executing manipulation of the argument…
CVE-2025-3586 2025-09-01 N/A 0.0 In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 27 through update 42 (Liferay PaaS, and Liferay…
CVE-2025-9375 2025-09-01 N/A 0.0 XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodict: 0.14.2.
CVE-2025-9786 2025-09-01 HIGH 7.3 A vulnerability was found in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /teacher_signup.php. Performing manipulation of the argument firstname results in…
CVE-2025-57799 2025-09-01 N/A 0.0 StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands,…
CVE-2025-55007 2025-09-01 LOW 3.5 Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests…
CVE-2025-58421 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58420 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58419 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58418 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58417 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58416 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58415 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-58414 2025-09-02 N/A 0.0 Rejected reason: Not used
CVE-2025-9783 2025-09-01 HIGH 8.8 A vulnerability was determined in TOTOLINK A702R 4.0.0-B20211108.1423. This issue affects the function sub_418030 of the file /boafrm/formParentControl. Executing manipulation of the argument submit-url can lead to buffer…
CVE-2025-33102 2025-09-01 MEDIUM 5.9 IBM Concert Software 1.0.0 through 1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2025-33099 2025-09-01 MEDIUM 5.9 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to perform unauthorized actions using man in the middle techniques due to improper certificate validation.
CVE-2025-33084 2025-09-01 MEDIUM 5.9 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker…
CVE-2025-33083 2025-09-01 MEDIUM 5.4 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-33082 2025-09-01 MEDIUM 5.4 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-0656 2025-09-01 MEDIUM 6.1 IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated user to embed arbitrary JavaScript code in the Web UI thus altering…
CVE-2025-9782 2025-09-01 HIGH 8.8 A vulnerability was found in TOTOLINK A702R 4.0.0-B20211108.1423. This vulnerability affects the function sub_4466F8 of the file /boafrm/formOneKeyAccessButton. Performing manipulation of the argument submit-url results in buffer overflow.…
CVE-2025-9781 2025-09-01 HIGH 8.8 A vulnerability has been found in TOTOLINK A702R 4.0.0-B20211108.1423. This affects the function sub_4162DC of the file /boafrm/formFilter. Such manipulation of the argument ip6addr leads to buffer overflow.…
CVE-2025-9780 2025-09-01 HIGH 8.8 A flaw has been found in TOTOLINK A702R 4.0.0-B20211108.1423. Affected by this issue is the function sub_419BE0 of the file /boafrm/formIpQoS. This manipulation of the argument mac causes…
« Anterior Página 872 de 4304 Siguiente »