Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-7225 2025-07-21 HIGH 7.8 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction…
CVE-2025-7224 2025-07-21 HIGH 7.8 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction…
CVE-2025-7223 2025-07-21 HIGH 7.8 INVT HMITool VPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction…
CVE-2025-7222 2025-07-21 HIGH 7.8 Luxion KeyShot 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction…
CVE-2025-54121 2025-07-21 MEDIUM 5.3 Starlette is a lightweight ASGI (Asynchronous Server Gateway Interface) framework/toolkit, designed for building async web services in Python. In versions 0.47.1 and below, when parsing a multi-part form…
CVE-2025-54071 2025-07-21 N/A 0.0 RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. In versions 4.0.0-beta.3 and below, an authenticated arbitrary…
CVE-2025-7935 2025-07-21 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. Affected is the function SysLogController of the file platform-admin/src/main/java/com/platform/controller/SysLogController.java. The manipulation of the…
CVE-2025-7934 2025-07-21 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in fuyang_lipengjun platform up to ca9aceff6902feb7b0b6bf510842aea88430796a. This issue affects the function queryPage of the file platform-schedule/src/main/java/com/platform/controller/ScheduleJobController.java. The manipulation…
CVE-2025-51403 2025-07-21 MEDIUM 6.5 A stored cross-site scripting (XSS) vulnerability in the department assignment editing module of of Live Helper Chat v4.60 allows attackers to execute arbitrary web scripts or HTML via…
CVE-2025-36106 2025-07-21 MEDIUM 6.5 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to view and modify information coming to and from the application which could then be used…
CVE-2025-36062 2025-07-21 MEDIUM 5.9 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could be vulnerable to information exposure due to the use of unencrypted network traffic.
CVE-2025-36057 2025-07-21 MEDIUM 5.2 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 is vulnerable to authentication bypass by using the Local Authentication Framework library which is not needed as biometric authentication is…
CVE-2020-26799 2025-07-21 CRITICAL 9.8 A reflected cross-site scripting (XSS) vulnerability was discovered in index.php on Luxcal 4.5.2 which allows an unauthenticated attacker to steal other users' data.
CVE-2025-7962 2025-07-21 N/A 0.0 In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages.
CVE-2025-7933 2025-07-21 HIGH 7.3 A vulnerability classified as critical was found in Campcodes Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/settings_update.php of the component Setting Handler.…
CVE-2025-52575 2025-07-21 MEDIUM 6.5 EspoCRM is an Open Source CRM (Customer Relationship Management) software. EspoCRM versions 9.1.6 and earlier are vulnerable to blind LDAP Injection when LDAP authentication is enabled. A remote,…
CVE-2025-44652 2025-07-21 N/A 0.0 In Netgear RAX30 V1.0.10.94_3, the USERLIMIT_GLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected.
CVE-2025-36846 2025-07-21 CRITICAL 9.8 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The application exposes a /_internal/pc/vpro.php localhost endpoint to unauthenticated users that is vulnerable to OS Command Injection. The…
CVE-2025-36845 2025-07-21 HIGH 8.6 An issue was discovered in Eveo URVE Web Manager 27.02.2025. The endpoint /_internal/redirect.php allows for Server-Side Request Forgery (SSRF). The endpoint takes a URL as input, sends a…
CVE-2025-36107 2025-07-21 MEDIUM 5.9 IBM Cognos Analytics Mobile (iOS) 1.1.0 through 1.1.22 could allow malicious actors to obtain sensitive information due to the cleartext transmission of data.
CVE-2025-7932 2025-07-21 MEDIUM 6.3 A vulnerability classified as critical has been found in D-Link DIR‑817L up to 1.04B01. This affects the function lxmldbc_system of the file ssdpcgi. The manipulation leads to command…
CVE-2025-7931 2025-07-21 HIGH 7.3 A vulnerability was found in code-projects Church Donation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /members/admin_pic.php.…
CVE-2025-54082 2025-07-21 N/A 0.0 marshmallow-packages/nova-tiptap is a rich text editor for Laravel Nova based on tiptap. Prior to 5.7.0, a vulnerability was discovered in the marshmallow-packages/nova-tiptap Laravel Nova package that allows unauthenticated…
CVE-2025-44653 2025-07-21 N/A 0.0 In H3C GR2200 MiniGR1A0V100R016, the USERLIMIT_GLOBAL option is set to 0 in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected.
CVE-2025-36603 2025-07-21 MEDIUM 4.2 Dell AppSync, version(s) 4.6.0.0, contains an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to…
CVE-2025-32744 2025-07-21 MEDIUM 6.6 Dell AppSync, version(s) 4.6.0.0, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to…
CVE-2025-30477 2025-07-21 MEDIUM 4.4 Dell PowerScale OneFS, versions prior to 9.11.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. A high privileged attacker with remote access could potentially exploit…
CVE-2025-7930 2025-07-21 HIGH 7.3 A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php.…
CVE-2025-7929 2025-07-21 HIGH 7.3 A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /members/edit_Members.php. The manipulation of…
CVE-2025-52374 2025-07-21 N/A 0.0 Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin…
CVE-2025-52373 2025-07-21 N/A 0.0 Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.
CVE-2025-52372 2025-07-21 N/A 0.0 An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.
CVE-2025-44658 2025-07-21 N/A 0.0 In Netgear RAX30 V1.0.10.94, a PHP-FPM misconfiguration vulnerability is caused by not following the specification to only limit FPM to .php extensions. An attacker may exploit this by…
CVE-2025-44657 2025-07-21 N/A 0.0 In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or…
CVE-2025-44655 2025-07-21 N/A 0.0 In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chroot_local_user option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation,…
CVE-2025-44651 2025-07-21 N/A 0.0 In TRENDnet TPL-430AP FW1.0, the USERLIMIT_GLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected.
CVE-2025-44650 2025-07-21 N/A 0.0 In Netgear R7000 V1.3.1.64_10.1.36 and EAX80 V1.0.1.70_1.0.2, the USERLIMIT_GLOBAL option is set to 0 in the bftpd.conf configuration file. This can cause DoS attacks when unlimited users are…
CVE-2025-44647 2025-07-21 N/A 0.0 In TRENDnet TEW-WLC100P 2.03b03, the i_dont_care_about_security_and_use_aggressive_mode_psk option is enabled in the strongSwan configuration file, so that IKE Responders are allowed to use IKEv1 Aggressive Mode with Pre-Shared Keys…
CVE-2025-54362 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54361 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54360 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54359 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54358 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54357 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54356 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54355 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-54354 2025-07-22 N/A 0.0 Rejected reason: Not used
CVE-2025-6235 2025-07-21 N/A 0.0 In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the affected application. The issue stems from improper handling of user-supplied input…
CVE-2025-46117 2025-07-21 HIGH 8.8 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script `.ap_debug.sh` invoked from…
CVE-2025-46116 2025-07-21 HIGH 8.8 An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase…
« Anterior Página 976 de 4307 Siguiente »