Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

CVE ID	Publicado	Severidad	CVSS	Descripción
CVE-2025-9338	2025-11-06	N/A	0.0	A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process,…
CVE-2025-12560	2025-11-06	MEDIUM	5.3	The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 8.6.0 via the getFullContent()…
CVE-2025-61994	2025-11-06	MEDIUM	5.4	Cross-site scripting vulnerability exists in GROWI prior to v7.2.10. If a malicious user creates a page containing crafted contents, an arbitrary script may be executed on the web…
CVE-2025-12563	2025-11-06	MEDIUM	4.3	The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to limited file upload due to an incorrect capability check on theuploadVideo() function in all…
CVE-2025-11271	2025-11-06	MEDIUM	5.3	The Easy Digital Downloads plugin for WordPress is vulnerable to Order Manipulation in all versions up to, and including, 3.5.2 due to an order verification bypass. The verification…
CVE-2025-10691	2025-11-06	MEDIUM	4.3	The Easy Email Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect…
CVE-2025-10683	2025-11-06	MEDIUM	4.9	The Easy Email Subscription plugin for WordPress is vulnerable to SQL Injection via the 'uid' parameter in all versions up to, and including, 1.3 due to insufficient escaping…
CVE-2025-64171	2025-11-06	N/A	0.0	MARIN3R is a lightweight, CRD based envoy control plane for kubernetes. In versions 0.13.3 and below, there is a cross-namespace secret access vulnerability in the project's DiscoveryServiceCertificate which…
CVE-2025-64164	2025-11-06	N/A	0.0	Dataease is an open source data visualization analysis tool. In versions 2.10.14 and below, DataEase did not properly filter when establishing JDBC connections to Oracle, resulting in a…
CVE-2025-64163	2025-11-06	N/A	0.0	DataEase is an open source data visualization analysis tool. In versions 2.10.14 and below, the vendor added a blacklist to filter ldap:// and ldaps://. However, omission of protection…
CVE-2025-64114	2025-11-06	MEDIUM	6.5	ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - #151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against…
CVE-2025-62596	2025-11-06	N/A	0.0	Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during…
CVE-2025-62161	2025-11-06	N/A	0.0	Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes…
CVE-2025-55278	2025-11-05	HIGH	8.1	Improper authentication in the API authentication middleware of HCL DevOps Loop allows authentication tokens to be accepted without proper validation of their expiration and cryptographic signature. As a…
CVE-2025-12779	2025-11-05	HIGH	8.8	Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local…
CVE-2025-63585	2025-11-05	N/A	0.0	OSSN (Open Source Social Network) 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter.
CVE-2025-60784	2025-11-05	MEDIUM	6.5	A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a…
CVE-2025-63418	2025-11-05	MEDIUM	6.1	A DOM-based Cross-Site Scripting (XSS) vulnerability in the SelfBest platform 2023.3 allows attackers to execute arbitrary JavaScript in the context of a logged-in user's session by injecting payloads…
CVE-2025-63417	2025-11-05	HIGH	7.2	A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated attackers to inject arbitrary web scripts or HTML via the chat…
CVE-2025-55342	2025-11-05	MEDIUM	5.3	Quipux 4.0.1 through e1774ac allows enumeration of usernames, and accessing the Ecuadorean identification number for all registered users via the Administracion/usuarios/cambiar_password_olvido_validar.php txt_login parameter.
CVE-2025-55341	2025-11-05	MEDIUM	6.5	Cross Site Scripting vulnerability in Quipux 4.0.1 through e1774ac allows anexos/anexos_nuevo.php asocImgRad.
CVE-2025-64480	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64479	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64478	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64477	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64476	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64475	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64474	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64473	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-64472	2025-11-06	N/A	0.0	Rejected reason: Not used
CVE-2025-47151	2025-11-05	CRITICAL	9.8	A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An…
CVE-2025-46784	2025-11-05	HIGH	7.5	A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a memory depletion, resulting in denial…
CVE-2025-46705	2025-11-05	HIGH	7.5	A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML assertion response can lead to a denial of…
CVE-2025-46404	2025-11-05	HIGH	7.5	A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality of Entr'ouvert Lasso 2.5.1. A specially crafted SAML response can lead to a denial of service. An attacker…
CVE-2025-63334	2025-11-05	CRITICAL	9.8	PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 contains an unauthenticated remote code execution vulnerability in the submit_opacity.php component. The application fails to sanitize user input in the opacityValue POST…
CVE-2025-56231	2025-11-05	CRITICAL	9.1	Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.
CVE-2025-59716	2025-11-05	MEDIUM	5.3	ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an…
CVE-2025-63248	2025-11-05	HIGH	7.5	DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other…
CVE-2025-61304	2025-11-05	CRITICAL	9.8	OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted ip address.
CVE-2025-55343	2025-11-05	CRITICAL	9.9	Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txt_depe_codi, busqueda/busqueda.php txt_usua_codi, anexos_lista.php radi_temp, Administracion/listas/formArea_ajax.php codDepe, Administracion/listas/formDepeHijo_ajax.php codDepe, Administracion/listas/formDepePadre_ajax.php codInst, asociar_documentos/asociar_borrar_referencia.php radi_nume, asociar_documentos/asociar_documento_buscar_query.php…
CVE-2025-57244	2025-11-05	MEDIUM	5.4	OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user account creation interface. The Name field accepts script tags and the Email field is…
CVE-2025-12745	2025-11-05	MEDIUM	5.3	A weakness has been identified in QuickJS up to eb2c89087def1829ed99630cb14b549d7a98408c. This affects the function js_array_buffer_slice of the file quickjs.c. This manipulation causes buffer over-read. The attack is restricted…
CVE-2025-10853	2025-11-05	MEDIUM	5.2	A reflected cross-site scripting (XSS) vulnerability exists in the management console of multiple WSO2 products due to improper output encoding. By tampering with specific parameters, a malicious actor…
CVE-2025-6027	2025-11-05	MEDIUM	6.3	The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated…
CVE-2025-63416	2025-11-05	CRITICAL	9.1	exclusively-hosted-service A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute arbitrary JavaScript in the…
CVE-2025-62722	2025-11-04	N/A	0.0	LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functionality contains a Stored Cross-Site Scripting (XSS) vulnerability that allows…
CVE-2025-62721	2025-11-04	N/A	0.0	LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints in the FeedController class fail to implement proper authorization checks,…
CVE-2025-62720	2025-11-04	N/A	0.0	LinkAce is a self-hosted archive to collect website links. Versions 2.3.1 and below allow any authenticated user to export the entire database of links from all users in…
CVE-2025-62719	2025-11-04	N/A	0.0	LinkAce is a self-hosted archive to collect website links. In versions 2.3.0 and below, the htmlKeywordsFromUrl function in the FetchController class accepts user-provided URLs and makes HTTP requests…
CVE-2025-5770	2025-11-05	MEDIUM	6.1	A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoints of multiple WSO2 products due to a lack of output encoding. A malicious actor can inject arbitrary…

« Anterior Página 9 de 3627 Siguiente »