Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-8171 2025-07-25 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation…
CVE-2025-8101 2025-07-25 N/A 0.0 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before…
CVE-2025-8170 2025-07-25 HIGH 8.8 A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The…
CVE-2025-8169 2025-07-25 HIGH 8.8 A vulnerability classified as critical has been found in D-Link DIR-513 1.10. This affects the function formSetWanPPTPcallback of the file /goform/formSetWanPPTPpath of the component HTTP POST Request Handler.…
CVE-2025-8166 2025-07-25 HIGH 7.3 A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component…
CVE-2025-52455 2025-07-25 MEDIUM 5.3 Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (EPS Server modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12,…
CVE-2025-52454 2025-07-25 MEDIUM 5.3 Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before…
CVE-2025-52453 2025-07-25 HIGH 8.2 Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Data Source modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before…
CVE-2025-52452 2025-07-25 HIGH 8.5 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal.…
CVE-2025-45960 2025-07-25 MEDIUM 6.1 Cross Site Scripting vulnerability in tawk.to Live Chat v.1.6.1 allows a remote attacker to execute arbitrary code via the web application stores and displays user-supplied input without proper…
CVE-2025-45893 2025-07-25 MEDIUM 6.1 OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via SVG file uploads used in blog posts. The vulnerability arises because SVG files uploaded through…
CVE-2025-45892 2025-07-25 MEDIUM 6.1 OpenCart version 4.1.0.4 is vulnerable to a Stored Cross-Site Scripting (XSS) attack via the blog editor. The vulnerability arises because input in the blog's editor is not properly…
CVE-2025-45406 2025-07-25 MEDIUM 6.1 A stored cross-site scripting (XSS) vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbar_time parameter.
CVE-2025-29630 2025-07-25 HIGH 8.1 An issue in Gardyn 4 allows a remote attacker with the corresponding ssh private key can gain remote root access to affected devices
CVE-2025-45467 2025-07-25 HIGH 7.1 Unitree Go1
CVE-2025-44608 2025-07-25 MEDIUM 6.5 CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
CVE-2025-29628 2025-07-25 HIGH 8.1 An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via a request
CVE-2024-48730 2025-07-25 MEDIUM 6.5 An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any restrictions on the authentication attempts performed by an…
CVE-2024-48729 2025-07-25 HIGH 7.1 An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component
CVE-2025-8197 2025-07-25 MEDIUM 5.5 A global buffer overflow vulnerability was found in the soup_header_name_to_string function in Libsoup. The `soup_header_name_to_string` function does not validate the `name` parameter passed in, and directly accesses `soup_header_name_strings[name]`.…
CVE-2025-8168 2025-07-25 HIGH 8.8 A vulnerability was found in D-Link DIR-513 1.10. It has been rated as critical. Affected by this issue is the function websAspInit of the file /goform/formSetWanPPPoE. The manipulation…
CVE-2025-8167 2025-07-25 LOW 3.5 A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php.…
CVE-2025-46198 2025-07-25 HIGH 8.8 Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element
CVE-2025-30135 2025-07-25 CRITICAL 9.4 An issue was discovered on IROAD Dashcam FX2 devices. Dumping Files Over HTTP and RTSP Without Authentication can occur. It lacks authentication controls on its HTTP and RTSP…
CVE-2025-52449 2025-07-25 HIGH 8.5 Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Extensible Protocol Service modules) allows Alternative Execution Due to Deceptive Filenames (RCE). This…
CVE-2025-52447 2025-07-25 HIGH 8.1 Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (set-initial-sql tabdoc command modules) allows Interface Manipulation (data access to the production database cluster). This…
CVE-2025-8165 2025-07-25 MEDIUM 6.3 A vulnerability was found in code-projects Food Review System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/approve_reservation.php. The manipulation of the…
CVE-2025-52448 2025-07-25 HIGH 8.1 Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api modules) allows Interface Manipulation (data access to the production database cluster). This issue…
CVE-2025-52446 2025-07-25 HIGH 8.0 Authorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows Interface Manipulation (data access to the production database cluster).This issue affects…
CVE-2025-34139 2025-07-25 N/A 0.0 A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform…
CVE-2025-29631 2025-07-25 CRITICAL 9.8 An issue in Gardyn 4 allows a remote attacker execute arbitrary code
CVE-2025-34138 2025-07-25 N/A 0.0 A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow remote code execution or unauthorized access to information. This vulnerability affects all Experience Platform…
CVE-2025-29629 2025-07-25 HIGH 8.8 An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component
CVE-2025-8164 2025-07-25 MEDIUM 6.3 A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the…
CVE-2025-8163 2025-07-25 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the…
CVE-2025-5449 2025-07-25 MEDIUM 4.3 A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow…
CVE-2025-46199 2025-07-25 CRITICAL 9.8 Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields
CVE-2025-8162 2025-07-25 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list.…
CVE-2025-8161 2025-07-25 MEDIUM 6.3 A vulnerability classified as critical was found in deerwms deer-wms-2 up to 3.3. Affected by this vulnerability is an unknown functionality of the file /system/role/export. The manipulation of…
CVE-2025-54596 2025-07-25 MEDIUM 4.3 Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
CVE-2025-36728 2025-07-25 MEDIUM 6.3 Cross-Site Request Forgery (CSRF) vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.11.
CVE-2025-36727 2025-07-25 HIGH 8.3 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Simplehelp.This issue affects Simplehelp: before 5.5.12.
CVE-2023-53155 2025-07-25 HIGH 7.2 goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
CVE-2025-45466 2025-07-25 HIGH 8.8 Unitree Go1
CVE-2025-3873 2025-07-25 N/A 0.0 The following APIs for the Silcon Labs SiWx91x prior to vesion 3.4.0 failed to check the size of the output buffer of the caller which could lead to…
CVE-2025-3508 2025-07-25 N/A 0.0 Certain HP DesignJet products may be vulnerable to information disclosure though printer's web interface allowing unauthenticated users to view sensitive print job information.
CVE-2025-38467 2025-07-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a…
CVE-2025-38466 2025-07-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in…
CVE-2025-38465 2025-07-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in some places if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_alloc);…
CVE-2025-38464 2025-07-25 N/A 0.0 In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr…
« Anterior Página 962 de 4306 Siguiente »