Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-52914 2025-08-08 HIGH 8.8 A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due…
CVE-2025-47806 2025-08-07 MEDIUM 5.6 In GStreamer through 1.26.1, the subparse plugin's parse_subrip_time function may write data past the bounds of a stack buffer, leading to a crash.
CVE-2025-47219 2025-08-07 HIGH 8.1 In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_trak function may read past the end of a heap buffer while parsing an MP4 file, possibly leading to information disclosure.
CVE-2025-8701 2025-08-07 MEDIUM 6.3 A vulnerability was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of…
CVE-2025-50675 2025-08-07 HIGH 7.8 GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute…
CVE-2025-26513 2025-08-07 HIGH 7.0 The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate…
CVE-2023-41530 2025-08-07 CRITICAL 9.8 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-41528 2025-08-07 CRITICAL 9.8 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in contact.php via the txtname, txtphone, and txtmail parameters.
CVE-2023-41527 2025-08-07 CRITICAL 9.8 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the password2 parameter in func.php.
CVE-2023-41526 2025-08-07 CRITICAL 9.8 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
CVE-2023-41525 2025-08-07 CRITICAL 9.8 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php.
CVE-2025-55135 2025-08-07 MEDIUM 6.4 In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this…
CVE-2025-55134 2025-08-07 MEDIUM 6.4 In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via tag in client/agora/public/js/editorManager.js.
CVE-2025-55133 2025-08-07 MEDIUM 6.4 In Agora Foundation Agora fall23-Alpha1 before b087490, there is XSS via topicName in client/agora/public/js/editorManager.js.
CVE-2025-8698 2025-08-07 LOW 3.3 A vulnerability was found in Open5GS up to 2.7.5. It has been classified as problematic. Affected is the function amf_nsmf_pdusession_handle_release_sm_context of the file src/amf/nsmf-handler.c of the component AMF…
CVE-2025-53792 2025-08-07 CRITICAL 9.1 Azure Portal Elevation of Privilege Vulnerability
CVE-2025-53787 2025-08-07 HIGH 8.2 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53774 2025-08-07 MEDIUM 6.5 Microsoft 365 Copilot BizChat Information Disclosure Vulnerability
CVE-2025-53767 2025-08-07 CRITICAL 10.0 Azure OpenAI Elevation of Privilege Vulnerability
CVE-2025-45765 2025-08-07 N/A 0.0 ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent versions of…
CVE-2025-48709 2025-08-07 N/A 0.0 An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database…
CVE-2025-47808 2025-08-07 MEDIUM 5.6 In GStreamer through 1.26.1, the subparse plugin's tmplayer_parse_line function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVE-2025-47807 2025-08-07 N/A 0.0 In GStreamer through 1.26.1, the subparse plugin's subrip_unescape_formatting function may dereference a NULL pointer while parsing a subtitle file, leading to a crash.
CVE-2025-47183 2025-08-07 N/A 0.0 In GStreamer through 1.26.1, the isomp4 plugin's qtdemux_parse_tree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure.
CVE-2025-8697 2025-08-07 MEDIUM 6.3 A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os…
CVE-2025-7195 2025-08-07 MEDIUM 5.2 Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup,…
CVE-2025-55077 2025-08-07 HIGH 7.4 Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the…
CVE-2025-51533 2025-08-07 MEDIUM 5.3 An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
CVE-2025-50692 2025-08-07 N/A 0.0 FoxCMS
CVE-2025-51629 2025-08-07 HIGH 8.8 A cross-site scripting (XSS) vulnerability in the PdfViewer component of Agenzia Impresa Eccobook 2.81.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload…
CVE-2023-41532 2025-08-07 HIGH 8.8 Hospital Management System v4 was discovered to contain a SQL injection vulnerability via the doctor_contact parameter in doctorsearch.php.
CVE-2023-41531 2025-08-07 HIGH 8.8 Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func3.php via the username1 and password2 parameters.
CVE-2023-41529 2025-08-07 MEDIUM 6.1 Hospital Management System v4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in func2.php via the fname and lname parameters.
CVE-2023-41524 2025-08-07 N/A 0.0 Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the username parameter at index.php.
CVE-2023-41523 2025-08-07 N/A 0.0 Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php.
CVE-2023-41522 2025-08-07 N/A 0.0 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters.
CVE-2023-41521 2025-08-07 HIGH 8.8 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createSessionTerm.php via the id, termId, and sessionName parameters.
CVE-2023-41520 2025-08-07 HIGH 8.8 Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createClassArms.php via the classId and classArmName parameters.
CVE-2023-41519 2025-08-07 MEDIUM 6.1 Student Attendance Management System v1 was discovered to contain a cross-site scripting (XSS) vulnerability via the sessionName parameter at createSessionTerm.php.
CVE-2023-40992 2025-08-07 MEDIUM 6.5 Hospital Management System 4 is vulnerable to a SQL injection in /Hospital-Management-System-master/func.php via the password2 parameter.
CVE-2025-55138 2025-08-07 HIGH 7.4 LinkJoin through 882f196 mishandles token ownership in password reset.
CVE-2025-55137 2025-08-07 HIGH 7.4 LinkJoin through 882f196 mishandles lacks type checking in password reset.
CVE-2025-54397 2025-08-07 MEDIUM 4.3 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
CVE-2025-54396 2025-08-07 MEDIUM 5.4 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
CVE-2025-54395 2025-08-07 MEDIUM 6.1 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
CVE-2025-54394 2025-08-07 MEDIUM 5.3 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
CVE-2025-54393 2025-08-07 MEDIUM 5.4 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
CVE-2025-54392 2025-08-07 MEDIUM 6.1 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
CVE-2025-34152 2025-08-07 N/A 0.0 An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint. The input is…
CVE-2025-34151 2025-08-07 N/A 0.0 A command injection vulnerability exists in the 'passwd' parameter of the PPPoE setup process on the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02). The input is passed…
« Anterior Página 935 de 4305 Siguiente »