Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50902 2025-08-20 HIGH 8.8 Cross Site Request Forgery (CSRF) vulnerability in old-peanut Open-Shop (aka old-peanut/wechat_applet__open_source) thru 1.0.0 allows attackers to gain sensitive information via crafted HTTP Post message.
CVE-2025-50904 2025-08-20 CRITICAL 9.8 There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
CVE-2025-27213 2025-08-21 MEDIUM 4.9 An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge (ADB) and make unsupported changes…
CVE-2025-24285 2025-08-21 CRITICAL 9.8 Multiple Improper Input Validation vulnerabilities in UniFi Connect EV Station Lite may allow a Command Injection by a malicious actor with network access to the UniFi Connect EV…
CVE-2024-57155 2025-08-20 CRITICAL 9.8 Incorrect access control in radar v1.0.8 allows attackers to bypass authentication and access sensitive APIs without a token.
CVE-2024-57154 2025-08-20 CRITICAL 9.8 Incorrect access control in dts-shop v0.0.1-SNAPSHOT allows attackers to bypass authentication via sending a crafted payload to /admin/auth/index.
CVE-2025-28041 2025-08-20 HIGH 8.6 Incorrect access control in the doFilter function of itranswarp up to 2.19 allows attackers to access sensitive components without authentication.
CVE-2024-57152 2025-08-20 HIGH 7.5 Incorrect access control in the preHandle function of my-site v1.0.2 allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class
CVE-2024-53495 2025-08-20 HIGH 7.5 Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
CVE-2025-5115 2025-08-20 N/A 0.0 In Eclipse Jetty, versions
CVE-2025-8064 2025-08-21 MEDIUM 6.4 The Bible SuperSearch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘selector_height’ parameter in all versions up to, and including, 6.0.1 due to insufficient input…
CVE-2025-8895 2025-08-21 CRITICAL 9.8 The WP Webhooks plugin for WordPress is vulnerable to arbitrary file copy due to missing validation of user-supplied input in all versions up to, and including, 3.3.5. This…
CVE-2025-8023 2025-08-21 MEDIUM 6.8 Mattermost versions 10.8.x
CVE-2025-53971 2025-08-21 LOW 3.8 Mattermost versions 10.5.x
CVE-2025-49810 2025-08-21 LOW 3.5 Mattermost versions 10.5.x
CVE-2025-49222 2025-08-21 MEDIUM 6.8 Mattermost versions 10.8.x
CVE-2025-47870 2025-08-21 MEDIUM 4.3 Mattermost versions 10.8.x
CVE-2025-47700 2025-08-21 LOW 3.5 Mattermost Server versions 10.5.x
CVE-2025-36530 2025-08-21 MEDIUM 6.8 Mattermost versions 10.9.x
CVE-2025-8607 2025-08-21 MEDIUM 6.4 The SlingBlocks – Gutenberg Blocks by FunnelKit (Formerly WooFunnels) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown block's attributes in all versions up…
CVE-2025-8592 2025-08-21 HIGH 8.1 The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation…
CVE-2025-7390 2025-08-21 CRITICAL 9.1 A malicious client can bypass the client certificate trust check of an opc.https server when the server endpoint is configured to allow only secure communication.
CVE-2025-7221 2025-08-21 MEDIUM 4.3 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the give_update_payment_status() function…
CVE-2025-53505 2025-08-21 MEDIUM 4.3 Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a path traversal vulnerability. If this vulnerability is exploited, information on the server hosting…
CVE-2025-53504 2025-08-21 MEDIUM 5.4 Group-Office versions prior to 6.8.119 and prior to 25.0.20 provided by Intermesh BV contain a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be…
CVE-2025-57832 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57831 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57830 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57829 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57828 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57827 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57826 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57825 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-57824 2025-08-21 N/A 0.0 Rejected reason: Not used
CVE-2025-48355 2025-08-21 MEDIUM 5.3 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ProveSource LTD ProveSource Social Proof allows Retrieve Embedded Sensitive Data.This issue affects ProveSource Social Proof: from…
CVE-2025-54363 2025-08-20 N/A 0.0 Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module (issue 1 of 2).
CVE-2025-57749 2025-08-20 MEDIUM 6.5 n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access…
CVE-2025-20131 2025-08-20 MEDIUM 4.9 A vulnerability in the GUI of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This…
CVE-2025-9246 2025-08-20 HIGH 8.8 A flaw has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Impacted is the function check_port_conflict of the file /goform/check_port_conflict. Executing manipulation of the…
CVE-2025-9245 2025-08-20 HIGH 8.8 A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This issue affects the function WPSSTAPINEnr of the file /goform/WPSSTAPINEnr. Performing manipulation of the…
CVE-2025-9244 2025-08-20 MEDIUM 6.3 A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaticRoute of the file /goform/addStaticRoute. Such manipulation…
CVE-2025-9241 2025-08-20 MEDIUM 6.3 A weakness has been identified in elunez eladmin up to 2.7. This affects the function exportUser. This manipulation causes csv injection. The attack may be initiated remotely. The…
CVE-2025-43757 2025-08-20 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13,…
CVE-2025-9240 2025-08-20 MEDIUM 4.3 A security flaw has been discovered in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file /auth/info. The manipulation results in…
CVE-2025-43746 2025-08-20 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13,…
CVE-2025-9239 2025-08-20 LOW 3.7 A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler.…
CVE-2025-9238 2025-08-20 HIGH 7.3 A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the…
CVE-2025-9237 2025-08-20 LOW 3.5 A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of…
CVE-2025-9236 2025-08-20 MEDIUM 6.3 A vulnerability has been found in Portabilis i-Diario up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usàrio Page. Such…
CVE-2025-55746 2025-08-20 CRITICAL 9.3 Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows…
« Anterior Página 898 de 4304 Siguiente »