Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6247 2025-08-26 MEDIUM 4.7 The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.118.0. This is due to missing or incorrect…
CVE-2025-57704 2025-08-26 MEDIUM 5.5 Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability.
CVE-2025-53419 2025-08-26 HIGH 7.8 Delta Electronics COMMGR has Code Injection vulnerability.
CVE-2025-53418 2025-08-26 HIGH 8.6 Delta Electronics COMMGR has Stack-based Buffer Overflow vulnerability.
CVE-2024-8860 2025-08-26 MEDIUM 4.3 The Tourfic plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tf_order_status_email_resend_function, tf_visitor_details_edit_function, tf_checkinout_details_edit_function, tf_order_status_edit_function, tf_order_bulk_action_edit_function, tf_remove_room_order_ids, and tf_delete_old_review_fields…
CVE-2025-9476 2025-08-26 HIGH 7.3 A vulnerability has been found in SourceCodester Human Resource Information System 1.0. Affected by this issue is some unknown functionality of the file /Superadmin_Dashboard/process/editemployee_process.php. Such manipulation of the…
CVE-2025-9475 2025-08-26 HIGH 7.3 A flaw has been found in SourceCodester Human Resource Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin_Dashboard/process/editemployee_process.php. This manipulation of the…
CVE-2025-41702 2025-08-26 CRITICAL 9.8 The JWT secret key is embedded in the egOS WebGUI backend and is readable to the default user. An unauthenticated remote attacker can generate valid HS256 tokens and…
CVE-2025-9474 2025-08-26 MEDIUM 4.5 A vulnerability was detected in Mihomo Party up to 1.8.1 on macOS. Affected is the function enableSysProxy of the file src/main/sys/sysproxy.ts of the component Socket Handler. The manipulation…
CVE-2025-9473 2025-08-26 HIGH 7.3 A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg…
CVE-2025-9472 2025-08-26 HIGH 7.3 A vulnerability was found in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /owner_utility/add_owner_utility.php. The manipulation of the argument ID results in…
CVE-2025-5931 2025-08-26 HIGH 8.8 The Dokan Pro plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.5. This is due to the plugin…
CVE-2025-9172 2025-08-26 HIGH 7.5 The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on…
CVE-2025-9439 2025-08-26 MEDIUM 4.3 A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This…
CVE-2025-9438 2025-08-26 MEDIUM 4.3 A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of…
CVE-2025-9434 2025-08-26 MEDIUM 4.3 A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument…
CVE-2025-9433 2025-08-26 MEDIUM 4.3 A vulnerability was found in mtons mblog up to 3.5.0. The impacted element is an unknown function of the file /admin/user/list of the component Admin Panel. Performing manipulation…
CVE-2025-8447 2025-08-26 N/A 0.0 An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve limited code content from another repository by…
CVE-2025-9432 2025-08-26 MEDIUM 4.3 A vulnerability has been found in mtons mblog up to 3.5.0. The affected element is an unknown function of the file /admin/post/list of the component Admin Panel. Such…
CVE-2025-9431 2025-08-26 MEDIUM 4.3 A flaw has been found in mtons mblog up to 3.5.0. Impacted is an unknown function of the file /search. This manipulation of the argument kw causes cross…
CVE-2025-9430 2025-08-26 LOW 2.4 A vulnerability was detected in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/options/update. The manipulation of the argument input results in…
CVE-2025-9429 2025-08-26 LOW 3.5 A security vulnerability has been detected in mtons mblog up to 3.5.0. This vulnerability affects unknown code of the file /post/submit of the component Post Handler. The manipulation…
CVE-2025-9426 2025-08-25 HIGH 7.3 A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument…
CVE-2025-8627 2025-08-25 N/A 0.0 The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak. This issue affects TP-Link KP303 (US) Smartplug: before 1.1.0.
CVE-2025-57814 2025-08-25 N/A 0.0 request-filtering-agent is an http(s).Agent implementation that blocks requests to Private/Reserved IP addresses. Versions 1.x.x and earlier contain a vulnerability where HTTPS requests to 127.0.0.1 bypass IP address filtering,…
CVE-2025-57809 2025-08-25 N/A 0.0 XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite recursion issue in the grammar. This issue has…
CVE-2025-57805 2025-08-25 N/A 0.0 The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an…
CVE-2025-9419 2025-08-25 HIGH 7.3 A vulnerability was detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /unit/addunit.php. Performing manipulation of the argument ID results…
CVE-2025-9418 2025-08-25 HIGH 7.3 A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads…
CVE-2025-6188 2025-08-25 HIGH 7.5 On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply.…
CVE-2025-57804 2025-08-25 N/A 0.0 h2 is a pure-Python implementation of a HTTP/2 protocol stack. Prior to version 4.3.0, an HTTP/2 request splitting vulnerability allows attackers to perform request smuggling attacks by injecting…
CVE-2024-39923 2025-08-25 MEDIUM 6.1 An issue was discovered in Mahara 24.04 before 24.04.2 and 23.04 before 23.04.7. The About, Contact, and Help footer links can be set up to be vulnerable to…
CVE-2023-47799 2025-08-25 HIGH 7.5 Mahara before 22.10.4 and 23.x before 23.04.4 allows information disclosure if the experimental HTML bulk export is used via the administration interface or via the CLI, and the…
CVE-2025-9417 2025-08-25 MEDIUM 6.3 A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes…
CVE-2025-9416 2025-08-25 LOW 2.4 A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The…
CVE-2025-3456 2025-08-25 LOW 3.8 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the…
CVE-2025-9415 2025-08-25 MEDIUM 6.3 A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload.…
CVE-2025-9414 2025-08-25 MEDIUM 4.7 A vulnerability was found in kalcaddle kodbox 1.61. Affected by this vulnerability is an unknown functionality of the file /?explorer/upload/serverDownload of the component Download from Link Handler. Performing…
CVE-2025-9413 2025-08-25 MEDIUM 6.3 A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/system_router.go. This manipulation of the argument orderByColumn/isAsc causes sql…
CVE-2025-9412 2025-08-25 MEDIUM 6.3 A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql…
CVE-2025-57811 2025-08-25 N/A 0.0 Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI…
CVE-2025-57802 2025-08-25 N/A 0.0 Airlink's Daemon interfaces with Docker and the Panel to provide secure access for controlling instances via the Panel. In version 1.0.0, an attacker with access to the affected…
CVE-2025-50383 2025-08-25 N/A 0.0 alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.
CVE-2025-9411 2025-08-25 MEDIUM 6.3 A security vulnerability has been detected in lostvip-com ruoyi-go up to 2.1. The impacted element is the function SelectPageList of the file modules/system/service/LoginInforService.go. The manipulation of the argument…
CVE-2025-9410 2025-08-25 MEDIUM 6.3 A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn…
CVE-2025-6737 2025-08-25 HIGH 7.2 Securden’s Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server…
CVE-2025-57773 2025-08-25 N/A 0.0 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly…
CVE-2025-57772 2025-08-25 N/A 0.0 DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL…
CVE-2025-57760 2025-08-25 HIGH 8.8 Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can…
CVE-2025-53120 2025-08-25 CRITICAL 9.4 A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the server’s configuration and web root directories, achieving remote code…
« Anterior Página 888 de 4304 Siguiente »