Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50722 2025-08-25 CRITICAL 9.8 Insecure Permissions vulnerability in sparkshop v.1.1.7 allows a remote attacker to execute arbitrary code via the Common.php component
CVE-2025-29421 2025-08-25 N/A 0.0 PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
CVE-2025-9409 2025-08-25 MEDIUM 4.3 A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results…
CVE-2025-55574 2025-08-25 MEDIUM 6.1 Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code
CVE-2025-55409 2025-08-25 HIGH 8.8 FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code.
CVE-2025-55301 2025-08-25 MEDIUM 6.7 The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username…
CVE-2025-53119 2025-08-25 HIGH 7.5 An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.
CVE-2025-53118 2025-08-25 CRITICAL 9.8 An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the…
CVE-2025-3478 2025-08-25 N/A 0.0 A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
CVE-2025-29523 2025-08-25 HIGH 7.2 D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function.
CVE-2025-5302 2025-08-25 HIGH 8.6 A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply…
CVE-2025-56216 2025-08-25 HIGH 8.5 phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVE-2025-56215 2025-08-25 N/A 0.0 phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
CVE-2025-56214 2025-08-25 N/A 0.0 phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
CVE-2025-56212 2025-08-25 N/A 0.0 phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
CVE-2025-53510 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow…
CVE-2025-53085 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the PSD RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .psd…
CVE-2025-52930 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp…
CVE-2025-52456 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow…
CVE-2025-51281 2025-08-25 HIGH 7.0 D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows authenticated attackers to cause a Denial…
CVE-2025-50900 2025-08-25 N/A 0.0 An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain…
CVE-2025-50129 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .tga…
CVE-2025-46407 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the BMPv3 Palette Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow…
CVE-2025-44179 2025-08-25 N/A 0.0 Hitron CGNF-TWN 3.1.1.43-TWN-pre3 contains a command injection vulnerability in the telnet service. The issue arises due to improper input validation within the telnet command handling mechanism. An attacker…
CVE-2025-44178 2025-08-25 MEDIUM 6.5 DASAN GPON ONU H660WM H660WMR210825 is susceptible to improper access control under its default settings. Attackers can exploit this vulnerability to gain unauthorized access to sensitive information and…
CVE-2025-35984 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the PCX Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decoding the image data from a specially crafted .pcx…
CVE-2025-32468 2025-08-25 HIGH 8.8 A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow…
CVE-2025-29525 2025-08-25 N/A 0.0 DASAN GPON ONU H660WM OS version H660WMR210825 Hardware version DS-E5-583-A1 was discovered to contain insecure default credentials in the modem's control panel.
CVE-2025-29524 2025-08-25 N/A 0.0 Incorrect access control in the component /cgi-bin/system_diagnostic_main.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information.
CVE-2025-29522 2025-08-25 N/A 0.0 D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function.
CVE-2025-29521 2025-08-25 N/A 0.0 Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack.
CVE-2025-29520 2025-08-25 N/A 0.0 Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate…
CVE-2025-29519 2025-08-25 N/A 0.0 A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.
CVE-2024-46413 2025-08-25 N/A 0.0 Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
CVE-2024-46412 2025-08-25 N/A 0.0 Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
CVE-2025-54494 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54493 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54492 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54491 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54490 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54489 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54488 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54487 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54486 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54485 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54484 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54483 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54482 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54481 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
CVE-2025-54480 2025-08-25 CRITICAL 9.8 A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead…
« Anterior Página 889 de 4304 Siguiente »