Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50586 2025-07-18 MEDIUM 6.5 StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).
CVE-2025-45157 2025-07-18 MEDIUM 6.5 Insecure permissions in Splashin iOS v2.0 allow unauthorized attackers to access location data for specific users.
CVE-2025-45156 2025-07-18 MEDIUM 5.3 Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users.
CVE-2025-46000 2025-07-18 MEDIUM 6.5 An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2025-46002 2025-07-18 MEDIUM 6.5 An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
CVE-2025-33014 2025-07-18 MEDIUM 5.4 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote…
CVE-2025-7754 2025-07-17 MEDIUM 6.3 A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /xray_form.php. The manipulation…
CVE-2025-7753 2025-07-17 HIGH 7.3 A vulnerability was found in code-projects Online Appointment Booking System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adddoctor.php. The manipulation…
CVE-2025-7752 2025-07-17 HIGH 7.3 A vulnerability was found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/deletedoctor.php. The…
CVE-2025-7751 2025-07-17 HIGH 7.3 A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php.…
CVE-2025-7750 2025-07-17 HIGH 7.3 A vulnerability, which was classified as critical, was found in code-projects Online Appointment Booking System 1.0. Affected is an unknown function of the file /admin/adddoctorclinic.php. The manipulation of…
CVE-2025-7797 2025-07-18 MEDIUM 5.3 A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gf_dash_download_init_segment of the file src/media_tools/dash_client.c. The…
CVE-2025-7796 2025-07-18 HIGH 8.8 A vulnerability, which was classified as critical, was found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserAdd of the file /goform/PPTPDClient. The manipulation of the argument Username…
CVE-2025-7795 2025-07-18 HIGH 8.8 A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. Affected by this issue is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation…
CVE-2025-53901 2025-07-18 LOW 3.5 Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to…
CVE-2025-7794 2025-07-18 HIGH 8.8 A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument…
CVE-2025-7793 2025-07-18 HIGH 8.8 A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary. The manipulation of the argument webSiteId leads…
CVE-2025-7792 2025-07-18 HIGH 8.8 A vulnerability was found in Tenda FH451 1.0.0.9. It has been rated as critical. This issue affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the…
CVE-2025-7783 2025-07-18 N/A 0.0 Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0…
CVE-2025-53762 2025-07-18 HIGH 8.7 Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
CVE-2025-49747 2025-07-18 CRITICAL 9.9 Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-49746 2025-07-18 CRITICAL 9.9 Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47995 2025-07-18 MEDIUM 6.5 Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVE-2025-47158 2025-07-18 CRITICAL 9.0 Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-7791 2025-07-18 LOW 3.5 A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The…
CVE-2025-7790 2025-07-18 HIGH 8.8 A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request…
CVE-2025-7789 2025-07-18 LOW 3.7 A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the…
CVE-2025-54079 2025-07-18 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6…
CVE-2025-54078 2025-07-18 MEDIUM 6.5 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior…
CVE-2025-54077 2025-07-18 MEDIUM 6.5 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior…
CVE-2025-54076 2025-07-18 MEDIUM 6.5 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior…
CVE-2025-54075 2025-07-18 HIGH 8.3 MDC is a tool to take regular Markdown and write documents interacting deeply with a Vue component. Prior to version 0.17.2, a remote script-inclusion / stored cross-site scripting…
CVE-2025-54073 2025-07-18 HIGH 7.5 mcp-package-docs is an MCP (Model Context Protocol) server that provides LLMs with efficient access to package documentation across multiple programming languages and language server protocol (LSP) capabilities. A…
CVE-2025-54059 2025-07-18 MEDIUM 4.4 melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file…
CVE-2025-53945 2025-07-18 HIGH 7.0 apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set…
CVE-2025-53888 2025-07-18 N/A 0.0 RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and…
CVE-2025-7788 2025-07-18 MEDIUM 6.3 A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The…
CVE-2025-7787 2025-07-18 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to…
CVE-2025-7762 2025-07-17 HIGH 8.8 A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP…
CVE-2025-7759 2025-07-17 MEDIUM 6.3 A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor…
CVE-2025-7758 2025-07-17 HIGH 8.8 A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi…
CVE-2025-7757 2025-07-17 HIGH 7.3 A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of…
CVE-2025-7756 2025-07-17 MEDIUM 4.3 A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible…
CVE-2025-46732 2025-07-18 MEDIUM 5.4 OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL `NotificationLineNotificationMarkReadMutation` and `NotificationLineNotificationDeleteMutation` mutations…
CVE-2025-50240 2025-07-17 CRITICAL 9.8 nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin.
CVE-2025-7786 2025-07-18 LOW 3.5 A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the…
CVE-2025-7785 2025-07-18 MEDIUM 4.3 A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument…
CVE-2025-7784 2025-07-18 MEDIUM 6.5 A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their…
CVE-2025-7767 2025-07-18 LOW 3.5 A vulnerability, which was classified as problematic, has been found in PHPGurukul Art Gallery Management System 1.1. Affected by this issue is some unknown functionality of the file…
CVE-2025-7765 2025-07-17 HIGH 7.3 A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation…
« Anterior Página 981 de 4307 Siguiente »