Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-45768 2025-07-31 HIGH 7.0 pyjwt v2.10.1 was discovered to contain weak encryption.
CVE-2025-23289 2025-07-31 MEDIUM 5.5 NVIDIA Omniverse Launcher for Windows and Linux contains a vulnerability in the launcher logs, where a user could cause sensitive information to be written to the log files…
CVE-2025-45770 2025-07-31 HIGH 7.0 jwt v5.4.3 was discovered to contain weak encryption.
CVE-2025-45769 2025-07-31 HIGH 7.3 php-jwt v6.11.0 was discovered to contain weak encryption.
CVE-2025-8286 2025-07-31 CRITICAL 9.8 Güralp FMUS series seismic monitoring devices expose an unauthenticated Telnet-based command line interface that could allow an attacker to modify hardware configurations, manipulate data, or factory reset the device.
CVE-2025-50867 2025-07-31 MEDIUM 6.5 A SQL Injection vulnerability exists in the takeassessment2.php endpoint of the CloudClassroom-PHP-Project 1.0, where the Q5 POST parameter is directly embedded in SQL statements without sanitization.
CVE-2025-50850 2025-07-31 HIGH 8.6 An issue was discovered in CS Cart 4.18.3 allows the vendor login functionality lacks essential security controls such as CAPTCHA verification and rate limiting. This allows an attacker…
CVE-2025-51569 2025-07-31 MEDIUM 6.1 A cross-site scripting (XSS) vulnerability exists in the LB-Link BL-CPE300M 01.01.02P42U14_06 router's web interface. The /goform/goform_get_cmd_process endpoint fails to sanitize user input in the cmd parameter before reflecting…
CVE-2025-50572 2025-07-31 HIGH 8.8 An issue was discovered in Archer Technology RSA Archer 6.11.00204.10014 allowing attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and…
CVE-2025-50848 2025-07-31 MEDIUM 6.1 A file upload vulnerability was discovered in CS Cart 4.18.3, allows attackers to execute arbitrary code. CS Cart 4.18.3 allows unrestricted upload of HTML files, which are rendered…
CVE-2025-50847 2025-07-31 MEDIUM 6.5 Cross Site Request Forgery (CSRF) vulnerability in CS Cart 4.18.3, allows attackers to add products to a user's comparison list via a crafted HTTP request.
CVE-2025-50270 2025-07-31 MEDIUM 6.1 A stored Cross Site Scripting (xss) vulnerability in the "content management" feature in AnQiCMS v.3.4.11 allows a remote attacker to execute arbitrary code via a crafted script to…
CVE-2025-37112 2025-07-31 MEDIUM 6.0 A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized…
CVE-2025-37111 2025-07-31 MEDIUM 6.0 A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized…
CVE-2025-37110 2025-07-31 MEDIUM 6.0 A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to…
CVE-2025-37109 2025-07-31 LOW 3.5 Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
CVE-2025-37108 2025-07-31 LOW 3.5 Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product
CVE-2025-29557 2025-07-31 MEDIUM 5.4 ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control in the MailConfiguration API endpoint, where users with operator-level privileges can issue an HTTP request to retrieve…
CVE-2025-26064 2025-07-31 HIGH 7.3 A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the…
CVE-2025-26063 2025-07-31 CRITICAL 9.8 An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a…
CVE-2025-26062 2025-07-31 CRITICAL 9.8 An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current…
CVE-2025-29556 2025-07-31 HIGH 7.3 ExaGrid EX10 6.3 - 7.0.1.P08 is vulnerable to Incorrect Access Control. Since version 6.3, ExaGrid enforces restrictions preventing users with the Admin role from creating or modifying users…
CVE-2024-34328 2025-07-31 MEDIUM 6.3 An open redirect in Sielox AnyWare v2.1.2 allows attackers to execute a man-in-the-middle attack via a crafted URL.
CVE-2024-34327 2025-07-31 MEDIUM 6.5 Sielox AnyWare v2.1.2 was discovered to contain a SQL injection vulnerability via the email address field of the password reset form.
CVE-2025-51503 2025-07-31 HIGH 7.6 A Stored Cross-Site Scripting (XSS) vulnerability in Microweber CMS 2.0 allows attackers to inject malicious scripts into user profile fields, leading to arbitrary JavaScript execution in admin browsers.
CVE-2025-51385 2025-07-31 LOW 3.5 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the yyxz_dlink_asp function via the id parameter.
CVE-2025-51384 2025-07-31 LOW 3.5 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_net_asp function via the remot_ip parameter.
CVE-2025-51383 2025-07-31 LOW 3.5 D-LINK DI-8200 16.07.26A1 is vulnerable to Buffer Overflow in the ipsec_road_asp function via the host_ip parameter.
CVE-2025-8426 2025-07-31 CRITICAL 9.4 Marvell QConvergeConsole compressConfigFiles Directory Traversal Information Disclosure and Denial-of-Service Vulnerability. This vulnerability allows remote attackers to disclose sensitive information or to create a denial-of-service condition on affected installations…
CVE-2025-54834 2025-07-31 MEDIUM 5.3 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are…
CVE-2025-54833 2025-07-31 MEDIUM 5.3 OPEXUS FOIAXpress Public Access Link (PAL) version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords.
CVE-2025-54832 2025-07-31 MEDIUM 4.3 OPEXUS FOIAXpress Public Access Link (PAL), version v11.1.0, allows an authenticated user to add entries to the list of states and territories.
CVE-2025-8409 2025-07-31 HIGH 7.3 A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation…
CVE-2025-52203 2025-07-31 HIGH 7.6 A stored cross-site scripting (XSS) vulnerability exists in DevaslanPHP project-management v1.2.4. The vulnerability resides in the Ticket Name field, which fails to properly sanitize user-supplied input. An authenticated…
CVE-2025-46809 2025-07-31 MEDIUM 5.7 A Insertion of Sensitive Information into Log File vulnerability in SUSE Multi Linux Manager exposes the HTTP proxy credentials. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image…
CVE-2025-8408 2025-07-31 HIGH 7.3 A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument…
CVE-2025-52289 2025-07-31 HIGH 8.0 A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status…
CVE-2025-50849 2025-07-31 HIGH 8.0 CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request.…
CVE-2025-50475 2025-07-31 CRITICAL 9.8 An OS command injection vulnerability exists in Russound MBX-PRE-D67F firmware version 3.1.6, allowing unauthenticated attackers to execute arbitrary commands as root via crafted input to the hostname parameter…
CVE-2025-34146 2025-07-31 N/A 0.0 A prototype pollution vulnerability exists in @nyariv/sandboxjs versions
CVE-2014-125126 2025-07-31 N/A 0.0 An unrestricted file upload vulnerability exists in Simple E-Document versions 3.0 to 3.1 that allows an unauthenticated attacker to bypass authentication by sending a specific cookie header (access=3)…
CVE-2014-125125 2025-07-31 N/A 0.0 A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads…
CVE-2014-125124 2025-07-31 N/A 0.0 An unauthenticated remote command execution vulnerability exists in Pandora FMS versions up to and including 5.0RC1 via the Anyterm web interface, which listens on TCP port 8023. The…
CVE-2014-125123 2025-07-31 N/A 0.0 An unauthenticated SQL injection vulnerability exists in the Kloxo web hosting control panel (developed by LXCenter) prior to version 6.1.12. The flaw resides in the login-name parameter passed…
CVE-2014-125122 2025-07-31 N/A 0.0 A stack-based buffer overflow vulnerability exists in the tmUnblock.cgi endpoint of the Linksys WRT120N wireless router. The vulnerability is triggered by sending a specially crafted HTTP POST request…
CVE-2014-125121 2025-07-31 N/A 0.0 Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private…
CVE-2013-10043 2025-07-31 N/A 0.0 A vulnerability exists in OAstium VoIP PBX astium-confweb-2.1-25399 and earlier, where improper input validation in the logon.php script allows an attacker to bypass authentication via SQL injection. Once…
CVE-2013-10042 2025-07-31 N/A 0.0 A stack-based buffer overflow vulnerability exists in freeFTPd version 1.0.10 and earlier in the handling of the FTP PASS command. When an attacker sends a specially crafted password…
CVE-2013-10040 2025-07-31 N/A 0.0 ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP…
CVE-2013-10039 2025-07-31 N/A 0.0 A command injection vulnerability exists in GestioIP 3.0 commit ac67be and earlier in ip_checkhost.cgi. Crafted input to the 'ip' parameter allows attackers to execute arbitrary shell commands on…
« Anterior Página 950 de 4306 Siguiente »