Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2013-10038 2025-07-31 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers…
CVE-2013-10037 2025-07-31 N/A 0.0 An OS command injection vulnerability exists in WebTester version 5.x via the install2.php installation script. The parameters cpusername, cppassword, and cpdomain are passed directly to shell commands without…
CVE-2013-10036 2025-07-31 N/A 0.0 A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly…
CVE-2013-10035 2025-07-31 N/A 0.0 A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints,…
CVE-2013-10034 2025-07-31 N/A 0.0 An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted…
CVE-2013-10033 2025-07-31 N/A 0.0 An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter,…
CVE-2012-10021 2025-07-31 N/A 0.0 A stack-based buffer overflow vulnerability exists in D-Link DIR-605L Wireless N300 Cloud Router firmware versions 1.12 and 1.13 via the getAuthCode() function. The flaw arises from unsafe usage…
CVE-2011-10008 2025-07-31 N/A 0.0 A stack-based buffer overflow vulnerability exists in MPlayer Lite r33064 due to improper bounds checking when handling M3U playlist files containing long http:// URL entries. An attacker can…
CVE-2025-8407 2025-07-31 HIGH 7.3 A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of…
CVE-2025-7738 2025-07-31 MEDIUM 4.4 A flaw was found in Ansible Automation Platform (AAP) where the Gateway API returns the client secret for certain GitHub Enterprise authenticators in clear text. This vulnerability affects…
CVE-2025-54589 2025-07-31 MEDIUM 6.3 Copyparty is a portable file server. In versions 1.18.6 and below, when accessing the recent uploads page at `/?ru`, users can filter the results using an input field…
CVE-2025-8213 2025-07-31 HIGH 7.2 The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions…
CVE-2025-8401 2025-07-31 MEDIUM 4.3 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data'…
CVE-2025-8382 2025-07-31 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Campcodes Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/edit_room.php. The manipulation of…
CVE-2025-8381 2025-07-31 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Campcodes Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /add_reserve.php. The…
CVE-2025-8151 2025-07-31 MEDIUM 4.3 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function.…
CVE-2025-8068 2025-07-31 MEDIUM 4.3 The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to an improper capability check on the…
CVE-2025-8380 2025-07-31 LOW 3.5 A vulnerability classified as problematic was found in Campcodes Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/add_query_account.php. The manipulation of the argument…
CVE-2025-8379 2025-07-31 MEDIUM 4.7 A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the…
CVE-2025-8378 2025-07-31 HIGH 7.3 A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file…
CVE-2025-8376 2025-07-31 HIGH 7.3 A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company…
CVE-2025-41688 2025-07-31 HIGH 7.2 A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox.
CVE-2025-40980 2025-07-31 N/A 0.0 A Stored Cross Site Scripting vulnerability has been found in UltimatePOS by UltimateFosters. This vulnerability is due to the lack of proper validation of user inputs via ‘/products//edit’,…
CVE-2025-2813 2025-07-31 HIGH 7.5 An unauthenticated remote attacker can cause a Denial of Service by sending a large number of requests to the http service on port 80.
CVE-2025-8375 2025-07-31 HIGH 7.3 A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of…
CVE-2025-8374 2025-07-31 HIGH 7.3 A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the…
CVE-2025-8192 2025-07-31 N/A 0.0 There exists a TOCTOU race condition in TvSettings AppRestrictionsFragment.java that lead to start of attacker supplied activity in Settings’ context, i.e. system-uid context, thus lead to launchAnyWhere. The…
CVE-2025-24854 2025-07-31 MEDIUM 6.1 A carefully crafted request using the Image plugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser…
CVE-2025-24853 2025-07-31 HIGH 7.5 A carefully crafted request when creating a header link using the wiki markup syntax, which could allow the attacker to execute javascript in the victim's browser and get…
CVE-2025-8373 2025-07-31 HIGH 7.3 A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the…
CVE-2025-8372 2025-07-31 HIGH 7.3 A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation…
CVE-2025-7205 2025-07-31 MEDIUM 5.4 The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the donor notes parameter in all versions up to, and…
CVE-2025-54757 2025-07-31 MEDIUM 6.5 Multiple versions of PowerCMS allow unrestricted upload of dangerous files. If a product administrator accesses a malicious file uploaded by a product user, an arbitrary script may be…
CVE-2025-54752 2025-07-31 MEDIUM 6.5 Multiple versions of PowerCMS improperly neutralize formula elements in a CSV file. If a product user creates a malformed entry and a victim user downloads it as a…
CVE-2025-46359 2025-07-31 HIGH 7.2 A path traversal issue exists in backup and restore feature of multiple versions of PowerCMS. A product administrator may execute arbitrary code by restoring a crafted backup file.
CVE-2025-41396 2025-07-31 MEDIUM 5.4 A path traversal issue exists in file uploading feature of multiple versions of PowerCMS. Arbitrary files may be overwritten by a product user.
CVE-2025-41391 2025-07-31 MEDIUM 5.4 Stored cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product user accesses a malicious page, an arbitrary script may be executed on the browser.
CVE-2025-36563 2025-07-31 MEDIUM 6.1 Reflected cross-site scripting vulnerability exists in multiple versions of PowerCMS. If a product administrator accesses a crafted URL, an arbitrary script may be executed on the browser.
CVE-2025-8371 2025-07-31 HIGH 7.3 A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The…
CVE-2025-8370 2025-07-31 MEDIUM 4.3 A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9. Affected is an unknown function of the file /intranet/educar_escolaridade_lst.php. The manipulation of the argument descricao…
CVE-2025-8369 2025-07-31 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9. This issue affects some unknown processing of the file /intranet/educar_avaliacao_desempenho_lst.php. The manipulation of the…
CVE-2025-8368 2025-07-31 MEDIUM 4.3 A vulnerability classified as problematic was found in Portabilis i-Educar 2.9. This vulnerability affects unknown code of the file /intranet/pesquisa_pessoa_lst.php. The manipulation of the argument campo_busca/cpf leads to…
CVE-2025-53558 2025-07-31 HIGH 8.8 ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the…
CVE-2025-8367 2025-07-31 MEDIUM 4.3 A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionario_vinculo_lst.php. The manipulation of the argument nome leads…
CVE-2025-8366 2025-07-31 MEDIUM 4.3 A vulnerability was found in Portabilis i-Educar 2.9. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /intranet/educar_servidor_lst.php. The manipulation…
CVE-2025-7847 2025-07-31 HIGH 8.8 The AI Engine plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the rest_simpleFileUpload() function in versions 2.9.3 and 2.9.4. This…
CVE-2025-5720 2025-07-31 MEDIUM 6.4 The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to…
CVE-2025-8365 2025-07-31 LOW 3.5 A vulnerability was found in Portabilis i-Educar 2.10. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file atendidos_cad.php. The manipulation…
CVE-2025-8348 2025-07-31 HIGH 7.3 A vulnerability has been found in Kehua Charging Pile Cloud Platform 1.0 and classified as critical. This vulnerability affects unknown code of the file /home. The manipulation leads…
CVE-2025-8347 2025-07-31 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Kehua Charging Pile Cloud Platform 1.0. This affects an unknown part of the file /sys/task/findAllTask. The manipulation leads…
« Anterior Página 951 de 4306 Siguiente »