Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2024-54568 2025-08-29 MEDIUM 4.3 The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.
CVE-2024-54554 2025-08-29 MEDIUM 5.5 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
CVE-2024-44271 2025-08-29 LOW 3.3 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
CVE-2025-9598 2025-08-29 HIGH 7.3 A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/year_setup.php. Performing manipulation of the argument txtXYear results…
CVE-2025-9597 2025-08-29 HIGH 7.3 A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql…
CVE-2025-9596 2025-08-29 HIGH 7.3 A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection.…
CVE-2025-9595 2025-08-29 MEDIUM 4.3 A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname…
CVE-2025-48979 2025-08-29 LOW 3.4 An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
CVE-2025-9594 2025-08-28 HIGH 7.3 A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complain_info.php. The manipulation of the argument vid…
CVE-2025-9593 2025-08-28 HIGH 7.3 A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unit_status_info.php. Executing manipulation of the argument usid can lead…
CVE-2025-58062 2025-08-28 N/A 0.0 LSTM-Kirigaya's openmcp-client is a vscode plugin for mcp developer. Prior to version 0.1.12, when users on a Windows platform connect to an attacker controlled MCP server, attackers could…
CVE-2025-9592 2025-08-28 HIGH 7.3 A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in…
CVE-2025-9591 2025-08-28 LOW 2.4 A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation…
CVE-2025-9590 2025-08-28 LOW 3.5 A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads…
CVE-2025-9589 2025-08-28 LOW 2.5 A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack…
CVE-2025-58061 2025-08-28 MEDIUM 5.5 OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that…
CVE-2025-58058 2025-08-28 MEDIUM 5.3 xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte…
CVE-2025-9586 2025-08-28 MEDIUM 6.3 A vulnerability was identified in Comfast CF-N1 2.6.0. This vulnerability affects the function wireless_device_dissoc of the file /usr/bin/webmgnt. Such manipulation of the argument mac leads to command injection.…
CVE-2025-9585 2025-08-28 MEDIUM 6.3 A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack…
CVE-2025-9584 2025-08-28 MEDIUM 6.3 A vulnerability was found in Comfast CF-N1 2.6.0. Affected by this issue is the function update_interface_png of the file /usr/bin/webmgnt. The manipulation of the argument interface/display_name results in…
CVE-2025-9583 2025-08-28 MEDIUM 6.3 A vulnerability has been found in Comfast CF-N1 2.6.0. Affected by this vulnerability is the function ping_config of the file /usr/bin/webmgnt. The manipulation leads to command injection. Remote…
CVE-2025-9582 2025-08-28 MEDIUM 6.3 A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntp_timezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command…
CVE-2025-6203 2025-08-28 HIGH 7.5 A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This…
CVE-2025-9581 2025-08-28 MEDIUM 6.3 A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multi_pppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phy_interface results in command injection. The…
CVE-2025-9580 2025-08-28 MEDIUM 6.3 A security vulnerability has been detected in LB-LINK BL-X26 1.2.8. This affects an unknown function of the file /goform/set_blacklist of the component HTTP Handler. Such manipulation of the…
CVE-2025-9579 2025-08-28 MEDIUM 6.3 A weakness has been identified in LB-LINK BL-X26 1.2.8. The impacted element is an unknown function of the file /goform/set_hidessid_cfg of the component HTTP Handler. This manipulation of…
CVE-2025-9577 2025-08-28 LOW 2.5 A security flaw has been discovered in TOTOLINK X2000R up to 2.0.0. The affected element is an unknown function of the file /etc/shadow.sample of the component Administrative Interface.…
CVE-2025-57220 2025-08-28 MEDIUM 5.3 An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
CVE-2025-57219 2025-08-28 MEDIUM 5.3 Incorrect access control in the endpoint /goform/ate of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 allows attackers to escalate privileges or access sensitive components via a crafted request.
CVE-2025-57215 2025-08-28 HIGH 7.5 Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
CVE-2025-58333 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58332 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58331 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58330 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58329 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58328 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58327 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58326 2025-08-29 N/A 0.0 Rejected reason: Not used
CVE-2025-58322 2025-08-28 HIGH 7.8 NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.
CVE-2025-57218 2025-08-28 MEDIUM 5.3 Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
CVE-2025-57217 2025-08-28 MEDIUM 5.3 Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
CVE-2025-51967 2025-08-28 MEDIUM 6.1 A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST…
CVE-2025-56236 2025-08-28 MEDIUM 6.1 FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a…
CVE-2025-51643 2025-08-28 LOW 2.4 Meitrack T366G-L GPS Tracker devices contain an SPI flash chip (Winbond 25Q64JVSIQ) that is accessible without authentication or tamper protection. An attacker with physical access to the device…
CVE-2025-52054 2025-08-28 MEDIUM 5.3 An issue was discovered in Tenda AC8 v4.0 AC1200 Dual-band Gigabit Wireless Router AC8v4.0 Firmware 16.03.33.05. The root password of the device is calculated with a static string…
CVE-2025-51969 2025-08-28 MEDIUM 6.5 A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the product_id GET parameter, which is not…
CVE-2025-51968 2025-08-28 MEDIUM 6.5 A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST…
CVE-2025-34163 2025-08-27 N/A 0.0 Dongsheng Logistics Software exposes an unauthenticated endpoint at /CommMng/Print/UploadMailFile that fails to enforce proper file type validation and access control. An attacker can upload arbitrary files, including executable…
CVE-2025-34162 2025-08-27 N/A 0.0 An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to…
CVE-2025-34160 2025-08-27 N/A 0.0 AnyShare contains a critical unauthenticated remote code execution vulnerability in the ServiceAgent API exposed on port 10250. The endpoint /api/ServiceAgent/start_service accepts user-supplied input via POST and fails to…
« Anterior Página 879 de 4304 Siguiente »