Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54767 2025-07-29 MEDIUM 6.5 An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
CVE-2025-54766 2025-07-29 MEDIUM 5.3 An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used…
CVE-2025-54765 2025-07-29 MEDIUM 5.3 An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used…
CVE-2024-42645 2025-07-29 N/A 0.0 An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).
CVE-2024-42644 2025-07-29 N/A 0.0 FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0.
CVE-2025-7458 2025-07-29 N/A 0.0 An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial…
CVE-2025-6175 2025-07-29 HIGH 7.2 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.
CVE-2025-6060 2025-07-29 MEDIUM 5.4 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS).This issue affects Geodi: before GEODI Setup 9.0.146.
CVE-2025-41241 2025-07-29 MEDIUM 4.4 VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API calls for guest OS customisation may trigger this vulnerability…
CVE-2025-40686 2025-07-29 N/A 0.0 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a…
CVE-2025-40685 2025-07-29 N/A 0.0 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a…
CVE-2025-40684 2025-07-29 N/A 0.0 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a…
CVE-2025-40683 2025-07-29 N/A 0.0 Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a…
CVE-2025-40682 2025-07-29 N/A 0.0 SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in…
CVE-2025-5587 2025-07-29 MEDIUM 6.4 The Appzend theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘progressbarLayout’ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization…
CVE-2025-8216 2025-07-29 MEDIUM 6.4 The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient…
CVE-2025-8196 2025-07-29 MEDIUM 6.4 The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions up to, and including, 1.3.8 due…
CVE-2025-7689 2025-07-29 HIGH 8.8 The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes…
CVE-2025-6730 2025-07-29 MEDIUM 4.3 The Bonanza – WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in…
CVE-2025-6692 2025-07-29 MEDIUM 6.4 The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘instance’ parameter in all versions up to, and including, 10.3 due to insufficient input…
CVE-2025-6681 2025-07-29 MEDIUM 6.4 The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘width’ parameter in all versions up to, and including, 1.0.1 due to insufficient input…
CVE-2025-26400 2025-07-29 MEDIUM 5.3 SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is…
CVE-2025-53082 2025-07-29 MEDIUM 6.1 An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private…
CVE-2025-53081 2025-07-29 MEDIUM 6.4 An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private…
CVE-2025-6495 2025-07-29 HIGH 7.5 The Bricks theme for WordPress is vulnerable to blind SQL Injection via the ‘p’ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on…
CVE-2025-53649 2025-07-29 MEDIUM 5.1 "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may…
CVE-2025-53080 2025-07-29 HIGH 7.1 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the…
CVE-2025-53079 2025-07-29 MEDIUM 4.9 Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
CVE-2025-53078 2025-07-29 HIGH 8.0 Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
CVE-2025-53077 2025-07-29 MEDIUM 6.5 An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing…
CVE-2025-4566 2025-07-29 MEDIUM 6.4 The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text…
CVE-2025-4370 2025-07-29 MEDIUM 5.3 The Brizy – Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in…
CVE-2025-3075 2025-07-29 MEDIUM 6.4 The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions…
CVE-2025-7811 2025-07-29 MEDIUM 6.4 The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to…
CVE-2025-7810 2025-07-29 MEDIUM 5.4 The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to…
CVE-2025-7809 2025-07-29 MEDIUM 6.4 The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to…
CVE-2025-54429 2025-07-28 N/A 0.0 Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally…
CVE-2025-54428 2025-07-28 CRITICAL 9.8 RevelaCode is an AI-powered faith-tech project that decodes biblical verses, prophecies and global events into accessible language. In versions below 1.0.1, a valid MongoDB Atlas URI with embedded…
CVE-2025-54427 2025-07-28 N/A 0.0 Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it.…
CVE-2025-54426 2025-07-28 N/A 0.0 Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto…
CVE-2025-54423 2025-07-28 MEDIUM 5.4 copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser…
CVE-2025-54419 2025-07-28 CRITICAL 10.0 A SAML library not dependent on any frameworks that runs in Node. In version 5.0.1, Node-SAML loads the assertion from the (unsigned) original response document. This is different…
CVE-2025-50486 2025-07-28 HIGH 7.1 Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-50485 2025-07-28 HIGH 7.1 Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
CVE-2025-29534 2025-07-28 HIGH 8.8 An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue…
CVE-2025-8283 2025-07-28 LOW 3.7 A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers…
CVE-2025-50487 2025-07-28 HIGH 7.1 Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack.
CVE-2025-50484 2025-07-28 HIGH 7.1 Improper session invalidation in the component /crm/change-password.php of PHPGurukul Small CRM v3.0 allows attackers to execute a session hijacking attack.
CVE-2025-54299 2025-07-28 N/A 0.0 A stored XSS vulnerability in No Boss Testimonials component 1.0.0-3.0.0 and 4.0.0-4.0.2 for Joomla was discovered.
CVE-2025-54298 2025-07-28 N/A 0.0 A stored XSS vulnerability in CommentBox component 1.0.0-1.1.0 for Joomla was discovered.
« Anterior Página 957 de 4306 Siguiente »