Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8732 2025-08-08 LOW 3.3 A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads…
CVE-2025-8393 2025-08-08 HIGH 7.3 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in…
CVE-2025-8284 2025-08-08 CRITICAL 9.8 By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control…
CVE-2025-53520 2025-08-08 HIGH 8.8 The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center (remote, cloud-connected interface) or via a…
CVE-2025-50468 2025-08-08 MEDIUM 6.5 OpenMetadata
CVE-2025-50467 2025-08-08 MEDIUM 6.5 OpenMetadata
CVE-2025-50466 2025-08-08 HIGH 7.1 OpenMetadata
CVE-2025-50465 2025-08-08 HIGH 7.1 OpenMetadata
CVE-2025-47872 2025-08-08 MEDIUM 5.8 The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database.…
CVE-2025-46414 2025-08-08 HIGH 8.1 The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access…
CVE-2025-8731 2025-08-08 CRITICAL 9.8 A vulnerability was found in TRENDnet TI-G160i, TI-PG102i and TPL-430AP up to 20250724. It has been classified as critical. This affects an unknown part of the component SSH…
CVE-2025-8356 2025-08-08 CRITICAL 9.8 In Xerox FreeFlow Core version 8.0.4, an attacker can exploit a Path Traversal vulnerability to access unauthorized files on the server. This can lead to Remote Code Execution…
CVE-2025-8355 2025-08-08 HIGH 7.5 In Xerox FreeFlow Core version 8.0.4, improper handling of XML input allows injection of external entities. An attacker can craft malicious XML containing references to internal URLs, this…
CVE-2025-52586 2025-08-08 MEDIUM 6.9 The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to…
CVE-2025-4576 2025-08-08 N/A 0.0 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,…
CVE-2025-8730 2025-08-08 CRITICAL 9.8 A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The…
CVE-2025-36119 2025-08-08 HIGH 7.1 IBM i 7.3, 7.4, 7.5, and 7.6 is affected by an authenticated user obtaining elevated privileges with IBM Digital Certificate Manager for i (DCM) due to a web…
CVE-2025-36023 2025-08-08 MEDIUM 6.5 IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due…
CVE-2020-9322 2025-08-08 HIGH 8.8 The /users endpoint in Statamic Core before 2.11.8 allows XSS to add an administrator user. This can be exploited via CSRF. Stored XSS can occur via a JavaScript…
CVE-2025-8729 2025-08-08 MEDIUM 6.3 A vulnerability has been found in MigoXLab LMeterX 1.2.0 and classified as critical. Affected by this vulnerability is the function process_cert_files of the file backend/service/upload_service.py. The manipulation of…
CVE-2025-8749 2025-08-08 MEDIUM 6.5 Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots (MiR) Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot…
CVE-2025-8088 2025-08-08 N/A 0.0 A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the…
CVE-2025-8748 2025-08-08 HIGH 8.8 MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of…
CVE-2025-53606 2025-08-08 CRITICAL 9.8 Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue.
CVE-2025-48913 2025-08-08 CRITICAL 9.8 If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is…
CVE-2025-6572 2025-08-08 MEDIUM 5.9 The OpenStreetMap for Gutenberg and WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.2.0 does not validate and escape some of its block options before outputting them…
CVE-2025-54959 2025-08-08 MEDIUM 4.3 Powered BLUE Server versions 0.20130927 and prior contain a path traversal vulnerability. If this vulnerability is exploited, an arbitrary file in the affected product may be disclosed.
CVE-2025-54958 2025-08-08 MEDIUM 6.3 Powered BLUE 870 versions 0.20130927 and prior contain an OS command injection vulnerability. If this vulnerability is exploited, arbitrary OS commands may be executed on the affected product.
CVE-2025-54940 2025-08-08 LOW 3.4 An HTML injection vulnerability exists in WordPress plugin "Advanced Custom Fields" prior to 6.4.3. If this vulnerability is exploited, crafted HTML code may be rendered and page display…
CVE-2024-58257 2025-08-08 MEDIUM 5.7 EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
CVE-2024-58256 2025-08-08 MEDIUM 4.5 EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
CVE-2024-58255 2025-08-08 MEDIUM 5.0 EnzoH has an OS command injection vulnerability. Successful exploitation of this vulnerability may lead to arbitrary command execution.
CVE-2025-8708 2025-08-08 MEDIUM 5.0 A vulnerability was found in Antabot White-Jotter 0.22. It has been declared as critical. This vulnerability affects the function CookieRememberMeManager of the file ShiroConfiguration.java of the component com.gm.wj.config.ShiroConfiguration.…
CVE-2025-8707 2025-08-08 MEDIUM 5.3 A vulnerability was found in Huuge Box App 1.0.3 on Android. It has been classified as problematic. This affects an unknown part of the file AndroidManifest.xml of the…
CVE-2025-8706 2025-08-08 MEDIUM 6.3 A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the…
CVE-2025-8705 2025-08-08 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEAS_HomePage/GetTargetConfig of…
CVE-2025-8704 2025-08-08 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file…
CVE-2025-8703 2025-08-08 MEDIUM 6.3 A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEAS_HomePage/GetAreaTrendChartData of the component…
CVE-2025-54887 2025-08-08 CRITICAL 9.1 jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced,…
CVE-2025-54886 2025-08-08 HIGH 8.4 skops is a Python library which helps users share and ship their scikit-learn based models. In versions 0.12.0 and below, the Card.get_model does not contain any logic to…
CVE-2025-54793 2025-08-08 N/A 0.0 Astro is a web framework for content-driven websites. In versions 5.2.0 through 5.12.7, there is an Open Redirect vulnerability in the trailing slash redirection logic when handling paths…
CVE-2025-8702 2025-08-08 MEDIUM 6.3 A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the…
CVE-2025-54952 2025-08-08 CRITICAL 9.8 An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This…
CVE-2025-54368 2025-08-08 N/A 0.0 uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries…
CVE-2025-54951 2025-08-07 N/A 0.0 A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable…
CVE-2025-54950 2025-08-07 N/A 0.0 An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue…
CVE-2025-54949 2025-08-07 N/A 0.0 A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit…
CVE-2025-30405 2025-08-07 N/A 0.0 An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other…
CVE-2025-30404 2025-08-07 N/A 0.0 An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior…
CVE-2025-54787 2025-08-07 LOW 3.7 SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the…
« Anterior Página 934 de 4305 Siguiente »