Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-6634 2025-08-06 HIGH 7.8 A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute…
CVE-2025-6633 2025-08-06 HIGH 8.3 A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash,…
CVE-2025-6632 2025-08-06 MEDIUM 5.3 A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause…
CVE-2025-54879 2025-08-06 MEDIUM 5.3 Mastodon is a free, open-source social network server based on ActivityPub Mastodon which facilitates LDAP configuration for authentication. In versions 3.1.5 through 4.2.24, 4.3.0 through 4.3.11 and 4.4.0…
CVE-2025-54571 2025-08-06 N/A 0.0 ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In versions 2.9.11 and below, an attacker can override the HTTP…
CVE-2025-54125 2025-08-06 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions…
CVE-2025-54124 2025-08-06 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions…
CVE-2025-51054 2025-08-06 MEDIUM 6.5 Vedo Suite 2024.17 is vulnerable to Incorrect Access Control, which allows remote attackers to obtain a valid high privilege JWT token without prior authentication via sending an empty…
CVE-2025-51053 2025-08-06 MEDIUM 6.1 A Cross-site scripting (XSS) vulnerability in /api_vedo/ in Vedo Suite version 2024.17 allows remote attackers to inject arbitrary Javascript or HTML code and potentially trigger code execution in…
CVE-2025-51052 2025-08-06 MEDIUM 6.5 A path traversal vulnerability in Vedo Suite 2024.17 allows remote authenticated attackers to read arbitrary filesystem files by exploiting an unsanitized 'file_get_contents()' function call in '/api_vedo/template'.
CVE-2025-46660 2025-08-06 MEDIUM 5.3 An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
CVE-2024-55402 2025-08-06 MEDIUM 5.3 4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
CVE-2024-55399 2025-08-06 MEDIUM 6.5 4C Strategies Exonaut before v21.6.2.1-1 was discovered to contain a Server-Side Request Forgery (SSRF).
CVE-2025-46659 2025-08-06 HIGH 7.5 An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. Information disclosure can occur via an external HTTPS request.
CVE-2024-8244 2025-08-06 MEDIUM 6.5 The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where…
CVE-2025-32430 2025-08-06 N/A 0.0 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-3 through 16.4.7, 16.5.0-rc-1 through 16.10.5 and 17.0.0-rc-1 through…
CVE-2024-55398 2025-08-06 MEDIUM 6.5 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
CVE-2025-54872 2025-08-06 N/A 0.0 onion-site-template is a complete, scalable tor hidden service self-hosting sample. Versions which include commit 3196bd89 contain a baked-in tor image if the secrets were copied from an existing…
CVE-2025-54869 2025-08-06 N/A 0.0 FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any…
CVE-2025-54801 2025-08-06 N/A 0.0 Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key…
CVE-2025-54594 2025-08-06 CRITICAL 9.1 react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pull_request_target event trigger,…
CVE-2025-8573 2025-08-05 N/A 0.0 Concrete CMS versions 9 through 9.4.2 are vulnerable to Stored XSS from Home Folder on Members Dashboard page.  Version 8 was not affected. A rogue admin could set up…
CVE-2025-8571 2025-08-05 N/A 0.0 Concrete CMS 9 to 9.4.2 and versions below 8.5.21 are vulnerable to Reflected Cross-Site Scripting (XSS) in the Conversation Messages Dashboard Page. Unsanitized input could cause theft of session…
CVE-2025-51624 2025-08-06 HIGH 7.6 Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0.
CVE-2025-45766 2025-08-06 HIGH 7.0 poco v1.14.1-release was discovered to contain weak encryption.
CVE-2025-38747 2025-08-06 HIGH 7.8 Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading…
CVE-2025-38746 2025-08-06 LOW 3.5 Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit…
CVE-2025-8667 2025-08-06 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to…
CVE-2025-8665 2025-08-06 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in agno-agi agno up to 1.7.5. This issue affects the function MCPTools/MultiMCPTools in the library libs/agno/agno/tools/mcp.py of the…
CVE-2025-8419 2025-08-06 MEDIUM 6.5 A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64…
CVE-2025-30127 2025-08-06 CRITICAL 9.8 An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes,…
CVE-2025-20332 2025-08-06 MEDIUM 4.3 A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. This vulnerability…
CVE-2025-20331 2025-08-06 MEDIUM 5.4 A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user…
CVE-2025-20215 2025-08-06 MEDIUM 5.4 A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted…
CVE-2025-53786 2025-08-06 HIGH 8.0 On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving…
CVE-2025-51532 2025-08-06 HIGH 7.5 Incorrect access control in Sage DPW v2024.12.003 allows unauthorized attackers to access the built-in Database Monitor via a crafted request. This is fixed in Halbjahresversion 2024_12_004.
CVE-2025-51531 2025-08-06 MEDIUM 6.1 A reflected cross-site scripting (XSS) vulnerability in Sage DPW v2024.12.003 allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injcting a crafted payload…
CVE-2025-48394 2025-08-06 MEDIUM 4.7 An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security…
CVE-2025-48393 2025-08-06 MEDIUM 5.7 The server identity check mechanism for firmware upgrade performed via command shell is insecurely implemented potentially allowing an attacker to perform a Man-in-the-middle attack. This security issue has…
CVE-2025-51308 2025-08-06 MEDIUM 5.3 In Gatling Enterprise versions below 1.25.0, a low-privileged user that does not hold the role "admin" could perform a REST API call on read-only endpoints, allowing him to…
CVE-2025-51306 2025-08-06 MEDIUM 6.5 In Gatling Enterprise versions below 1.25.0, a user logging-out can still use his session token to continue using the application without expiration, due to incorrect session management.
CVE-2025-51040 2025-08-06 HIGH 7.5 Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4,…
CVE-2025-50234 2025-08-06 MEDIUM 6.5 MCCMS v2.7.0 has an SSRF vulnerability located in the index() method of the sys\apps\controllers\api\Gf.php file, where the pic parameter is processed. The pic parameter is decrypted using the…
CVE-2025-50233 2025-08-06 MEDIUM 6.5 A vulnerability in QCMS version 6.0.5 allows authenticated users to read arbitrary files from the server due to insufficient validation of the "Name" parameter in the backend template…
CVE-2025-36020 2025-08-06 MEDIUM 5.9 IBM Guardium Data Protection could allow a remote attacker to obtain sensitive information due to cleartext transmission of sensitive credential information.
CVE-2025-2028 2025-08-06 MEDIUM 6.5 Lack of TLS validation when downloading a CSV file including mapping from IPs to countries used ONLY for displaying country flags in logs
CVE-2024-52885 2025-08-06 MEDIUM 5.0 The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to…
CVE-2025-8616 2025-08-06 N/A 0.0 A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on…
CVE-2025-3354 2025-08-06 HIGH 8.1 IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer…
CVE-2025-3320 2025-08-06 HIGH 8.1 IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer…
« Anterior Página 937 de 4305 Siguiente »