Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-43980 2025-08-05 MEDIUM 6.5 An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN. They enable the SSH service by default with the credentials of root/admin. The GUI doesn't offer a way…
CVE-2025-43978 2025-08-05 HIGH 7.4 Jointelli 5G CPE 21H01 firmware JY_21H01_A3_v1.36 devices allow (blind) OS command injection. Multiple endpoints are vulnerable, including /ubus/?flag=set_WPS_pin and /ubus/?flag=netAppStar1 and /ubus/?flag=set_wifi_cfgs. This allows an authenticated attacker to…
CVE-2025-46658 2025-08-05 CRITICAL 9.8 An issue was discovered in ExonautWeb in 4C Strategies Exonaut 21.6. There are verbose error messages.
CVE-2025-43979 2025-08-05 HIGH 7.4 An issue was discovered on FIRSTNUM JC21A-04 devices through 2.01ME/FN that allows authenticated attackers to execute arbitrary OS system commands with root privileges via crafted payloads to the…
CVE-2025-54874 2025-08-05 N/A 0.0 OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG 2.5.3 and earlier, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream…
CVE-2025-50707 2025-08-05 CRITICAL 9.8 An issue in thinkphp3 v.3.2.5 allows a remote attacker to execute arbitrary code via the index.php component
CVE-2025-50706 2025-08-05 CRITICAL 9.8 An issue in thinkphp v.5.1 allows a remote attacker to execute arbitrary code via the routecheck function
CVE-2025-47152 2025-08-05 MEDIUM 6.5 An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChange Editor 10.6.0.396. By using a specially crafted EMF file, an attacker could exploit this…
CVE-2025-46958 2025-08-05 MEDIUM 5.4 Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious…
CVE-2025-44964 2025-08-05 LOW 3.9 A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
CVE-2025-2611 2025-08-05 N/A 0.0 The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server.…
CVE-2025-29745 2025-08-05 HIGH 7.5 A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S…
CVE-2025-27931 2025-08-05 MEDIUM 6.5 An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to…
CVE-2025-52078 2025-08-05 MEDIUM 6.5 File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload…
CVE-2025-51541 2025-08-05 N/A 0.0 A stored cross-site scripting (XSS) vulnerability exists in the Shopware 6 installation interface at /recovery/install/database-configuration/. The c_database_schema field fails to properly sanitize user-supplied input before rendering it in…
CVE-2025-50592 2025-08-05 MEDIUM 5.4 Cross site scripting vulnerability in seacms before 13.2 via the vid parameter to Upload/js/player/dmplayer/player.
CVE-2014-125113 2025-08-05 N/A 0.0 An unrestricted file upload vulnerability exists in Dell (acquired by Quest) KACE K1000 System Management Appliance version 5.0 - 5.3, 5.4 prior to 5.4.76849, and 5.5 prior to…
CVE-2013-10070 2025-08-05 N/A 0.0 PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this…
CVE-2013-10068 2025-08-05 N/A 0.0 Foxit Reader Plugin version 2.2.1.530, bundled with Foxit Reader 5.4.4.11281, contains a stack-based buffer overflow vulnerability in the npFoxitReaderPlugin.dll module. When a PDF file is loaded from a…
CVE-2013-10066 2025-08-05 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication.…
CVE-2013-10065 2025-08-05 N/A 0.0 A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in…
CVE-2013-10064 2025-08-05 N/A 0.0 A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due…
CVE-2012-10035 2025-08-05 N/A 0.0 Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote…
CVE-2012-10032 2025-08-05 N/A 0.0 Maxthon3 versions prior to 3.3 are vulnerable to cross context scripting (XCS) via the about:history page. The browser’s trusted zone improperly handles injected script content, allowing attackers to…
CVE-2012-10031 2025-08-05 N/A 0.0 BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted…
CVE-2012-10028 2025-08-05 N/A 0.0 Netwin SurgeFTP version 23c8 and prior contains a vulnerability in its web-based administrative console that allows authenticated users to execute arbitrary system commands via crafted POST requests to…
CVE-2012-10026 2025-08-05 N/A 0.0 The WordPress plugin Asset-Manager version 2.0 and below contains an unauthenticated arbitrary file upload vulnerability in upload.php. The endpoint fails to properly validate and restrict uploaded file types,…
CVE-2012-10025 2025-08-05 N/A 0.0 The WordPress plugin Advanced Custom Fields (ACF) version 3.5.1 and below contains a remote file inclusion (RFI) vulnerability in core/actions/export.php. When the PHP configuration directive allow_url_include is enabled…
CVE-2012-10024 2025-08-05 N/A 0.0 XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HTTP Basic Authentication, the…
CVE-2025-45512 2025-08-05 MEDIUM 6.5 A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot (U-Boot) v1.1.3 allows attackers to install crafted firmware files, leading to arbitrary code execution.
CVE-2025-46094 2025-08-04 LOW 3.8 LiquidFiles before 4.1.2 allows directory traversal by configuring the pathname of a local executable file as an Actionscript.
CVE-2025-46093 2025-08-04 CRITICAL 9.9 LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 (setuid and setgid), which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature…
CVE-2025-8534 2025-08-05 LOW 2.5 A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PS_Lvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to…
CVE-2025-8530 2025-08-04 MEDIUM 5.3 A vulnerability, which was classified as problematic, has been found in elunez eladmin up to 2.7. Affected by this issue is some unknown functionality of the file eladmin-system\src\main\resources\config\application-prod.yml…
CVE-2025-8526 2025-08-04 MEDIUM 6.3 A vulnerability was found in Exrick xboot up to 3.3.4. It has been declared as critical. This vulnerability affects the function Upload of the file xboot-fast/src/main/java/cn/exrick/xboot/modules/base/controller/common/UploadController.java. The manipulation…
CVE-2025-8525 2025-08-04 MEDIUM 5.3 A vulnerability was found in Exrick xboot up to 3.3.4. It has been classified as problematic. This affects an unknown part of the component Spring Boot Admin/Spring Actuator.…
CVE-2025-8521 2025-08-04 LOW 2.4 A vulnerability, which was classified as problematic, has been found in givanz Vvveb up to 1.0.5. This issue affects some unknown processing of the file /vadmin123/index.php?module=settings/post-types of the…
CVE-2025-8535 2025-08-05 LOW 3.5 A vulnerability, which was classified as problematic, has been found in cronoh NanoVault up to 1.2.1. This issue affects the function executeJavaScript of the file /main.js of the…
CVE-2025-54871 2025-08-05 MEDIUM 5.5 Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy…
CVE-2025-54804 2025-08-05 MEDIUM 6.5 Russh is a Rust SSH client & server library. In versions 0.54.0 and below, the channel window adjust message of the SSH protocol is used to track the…
CVE-2025-54803 2025-08-05 N/A 0.0 js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. In versions below 1.0.2, a prototype pollution vulnerability in js-toml allows a remote attacker…
CVE-2025-54802 2025-08-05 CRITICAL 9.8 pyLoad is the free and open-source Download Manager written in pure Python. In versions 0.5.0b3.dev89 and below, there is an opportunity for path traversal in pyLoad-ng CNL Blueprint…
CVE-2025-53395 2025-08-04 HIGH 7.7 Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the…
CVE-2025-50754 2025-08-04 CRITICAL 9.6 Unisite CMS version 5.0 contains a stored Cross-Site Scripting (XSS) vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel…
CVE-2025-53394 2025-08-04 HIGH 7.7 Paramount Macrium Reflect through 2025-06-26 allows attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx or .mrbax backup file and a renamed executable placed in…
CVE-2025-51390 2025-08-04 CRITICAL 9.8 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a command injection vulnerability via the pin parameter in the setWiFiWpsConfig function.
CVE-2025-51534 2025-08-04 HIGH 8.1 A cross-site scripting (XSS) vulnerability in Austrian Archaeological Institute (AI) OpenAtlas v8.11.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the…
CVE-2025-7033 2025-08-05 N/A 0.0 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space.…
CVE-2025-7032 2025-08-05 N/A 0.0 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space.…
CVE-2025-7025 2025-08-05 N/A 0.0 A memory abuse issue exists in the Rockwell Automation Arena® Simulation. A custom file can force Arena Simulation to read and write past the end of memory space.…
« Anterior Página 942 de 4305 Siguiente »