Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-4049 2025-07-21 N/A 0.0 Use of hard-coded, the same among all vulnerable installations SQLite credentials vulnerability in SIGNUM-NET FARA allows to read and manipulate local-stored database.This issue affects FARA: through 5.0.80.34.
CVE-2025-7921 2025-07-21 CRITICAL 9.8 Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code.
CVE-2025-7920 2025-07-21 MEDIUM 6.1 WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-7919 2025-07-21 MEDIUM 6.5 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-7344 2025-07-21 HIGH 8.8 The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API.
CVE-2025-7343 2025-07-21 CRITICAL 9.8 The SFT developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-24938 2025-07-21 N/A 0.0 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application…
CVE-2025-24937 2025-07-21 N/A 0.0 File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of…
CVE-2025-7918 2025-07-21 CRITICAL 9.8 WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2025-7917 2025-07-21 HIGH 7.2 WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling…
CVE-2025-24936 2025-07-21 N/A 0.0 The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and…
CVE-2025-0664 2025-07-21 N/A 0.0 A locally authenticated, privileged user can craft a malicious OpenSSL configuration file, potentially leading the agent to load an arbitrary local library. This may impair endpoint defenses and…
CVE-2025-7916 2025-07-21 CRITICAL 9.8 WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized contents.
CVE-2025-54352 2025-07-21 LOW 3.7 WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.
CVE-2025-7915 2025-07-21 HIGH 7.3 A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login…
CVE-2025-7914 2025-07-21 HIGH 8.8 A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads…
CVE-2025-7913 2025-07-21 HIGH 8.8 A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748_B20211015. Affected is the function updateWifiInfo of the component MQTT Service. The manipulation of the argument…
CVE-2025-53771 2025-07-20 MEDIUM 6.3 Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2025-53770 2025-07-20 CRITICAL 9.8 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists…
CVE-2025-7912 2025-07-20 HIGH 8.8 A vulnerability, which was classified as critical, has been found in TOTOLINK T6 4.1.5cu.748_B20211015. This issue affects the function recvSlaveUpgstatus of the component MQTT Service. The manipulation of…
CVE-2025-54319 2025-07-20 MEDIUM 6.3 An issue was discovered in Westermo WeOS 5 (5.24 through 5.24.4). A threat actor potentially can gain unauthorized access to sensitive information via system logging information (syslog verbose…
CVE-2025-7906 2025-07-20 MEDIUM 6.3 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the…
CVE-2025-7905 2025-07-20 MEDIUM 6.3 A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the…
CVE-2025-54317 2025-07-20 HIGH 8.4 An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to…
CVE-2025-54316 2025-07-20 MEDIUM 4.9 An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads…
CVE-2025-49087 2025-07-20 MEDIUM 4.0 In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is…
CVE-2025-47917 2025-07-20 HIGH 8.9 Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that…
CVE-2025-48965 2025-07-20 MEDIUM 4.0 Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero.
CVE-2025-7904 2025-07-20 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the…
CVE-2025-7903 2025-07-20 MEDIUM 4.3 A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The…
CVE-2025-7902 2025-07-20 LOW 3.5 A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross…
CVE-2025-7901 2025-07-20 MEDIUM 4.3 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the…
CVE-2025-7897 2025-07-20 HIGH 7.3 A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the…
CVE-2025-7896 2025-07-20 MEDIUM 6.3 A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The…
CVE-2025-7895 2025-07-20 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File…
CVE-2025-46385 2025-07-20 HIGH 8.6 CWE-918 Server-Side Request Forgery (SSRF)
CVE-2025-46384 2025-07-20 HIGH 8.8 CWE-434 Unrestricted Upload of File with Dangerous Type
CVE-2025-46383 2025-07-20 MEDIUM 6.1 CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
CVE-2025-46382 2025-07-20 MEDIUM 5.3 CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-7894 2025-07-20 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Onyx up to 0.29.1. This issue affects the function generate_simple_sql of the file backend/onyx/agents/agent_search/kb_search/nodes/a3_generate_simple_sql.py of the component…
CVE-2025-7893 2025-07-20 MEDIUM 5.3 A vulnerability classified as problematic was found in Foresight News App up to 2.6.4 on Android. This vulnerability affects unknown code of the file AndroidManifest.xml of the component…
CVE-2025-7892 2025-07-20 MEDIUM 5.3 A vulnerability classified as problematic has been found in IDnow App up to 9.6.0 on Android. This affects an unknown part of the file AndroidManifest.xml of the component…
CVE-2025-7891 2025-07-20 MEDIUM 5.3 A vulnerability was found in InstantBits Web Video Cast App up to 5.12.4 on Android. It has been rated as problematic. Affected by this issue is some unknown…
CVE-2025-7890 2025-07-20 MEDIUM 5.3 A vulnerability was found in Dunamu StockPlus App up to 7.62.10 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of…
CVE-2025-7889 2025-07-20 MEDIUM 5.3 A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file…
CVE-2025-7888 2025-07-20 MEDIUM 6.3 A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey…
CVE-2025-7887 2025-07-20 MEDIUM 4.3 A vulnerability has been found in Zavy86 WikiDocs up to 1.0.78 and classified as problematic. This vulnerability affects unknown code of the file template.inc.php. The manipulation of the…
CVE-2025-7886 2025-07-20 HIGH 7.3 A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the…
CVE-2025-7885 2025-07-20 MEDIUM 4.3 A vulnerability, which was classified as problematic, has been found in Huashengdun WebSSH up to 1.6.2. Affected by this issue is some unknown functionality of the component Login…
CVE-2025-7884 2025-07-20 LOW 3.3 A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipulation…
« Anterior Página 978 de 4307 Siguiente »