Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-54058 2025-07-17 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6…
CVE-2025-47189 2025-07-17 MEDIUM 6.1 Netwrix Directory Manager through 2025-05-01 allows XSS.
CVE-2025-53946 2025-07-17 N/A 0.0 WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.5…
CVE-2025-53941 2025-07-17 MEDIUM 6.1 Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable…
CVE-2025-53928 2025-07-17 MEDIUM 4.6 MaxKB is an open-source AI assistant for enterprise. Prior to versions 1.10.9-lts and 2.0.0, a Remote Command Execution vulnerability exists in the MCP call. Versions 1.10.9-lts and 2.0.0…
CVE-2025-53927 2025-07-17 MEDIUM 4.6 MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files…
CVE-2025-53909 2025-07-17 CRITICAL 9.1 mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system…
CVE-2025-51630 2025-07-17 CRITICAL 9.8 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a buffer overflow via the ePort parameter in the function setIpPortFilterRules.
CVE-2025-40924 2025-07-17 MEDIUM 6.5 Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely. The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the…
CVE-2025-1713 2025-07-17 HIGH 7.5 When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock,…
CVE-2025-5346 2025-07-17 N/A 0.0 Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json"…
CVE-2025-5345 2025-07-17 N/A 0.0 Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and…
CVE-2025-5344 2025-07-17 N/A 0.0 Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global…
CVE-2025-3415 2025-07-17 MEDIUM 4.3 Grafana is an open-source platform for monitoring and observability. The Grafana Alerting DingDing integration was not properly protected and could be exposed to users with Viewer permission. Fixed…
CVE-2025-4302 2025-07-17 MEDIUM 5.3 The Stop User Enumeration WordPress plugin before version 1.7.3 blocks REST API /wp-json/wp/v2/users/ requests for non-authorized users. However, this can be bypassed by URL-encoding the API path.
CVE-2025-7735 2025-07-17 HIGH 7.5 The Hospital Information System developed by UNIMAX has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-7712 2025-07-17 CRITICAL 9.1 The Madara - Core plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wp_manga_delete_zip() function in all versions up to,…
CVE-2025-7729 2025-07-17 LOW 3.5 A vulnerability classified as problematic was found in Scada-LTS up to 2.7.8.1. Affected by this vulnerability is an unknown functionality of the file usersProfiles.shtm. The manipulation of the…
CVE-2025-7728 2025-07-17 LOW 3.5 A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. Affected is an unknown function of the file users.shtm. The manipulation of the argument Username…
CVE-2025-5396 2025-07-17 CRITICAL 9.8 The Bears Backup plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.0. This is due to the bbackup_ajax_handle() function not…
CVE-2025-34132 2025-07-16 N/A 0.0 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service…
CVE-2025-34130 2025-07-16 N/A 0.0 An unauthenticated arbitrary file read exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the /z/zbin/net_html.cgi endpoint. This vulnerability allows attackers to read…
CVE-2025-34129 2025-07-16 N/A 0.0 A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 due to insufficient sanitization of the FTP and NTP Server fields…
CVE-2025-34128 2025-07-16 N/A 0.0 A buffer overflow vulnerability exists in the X360 VideoPlayer ActiveX control (VideoPlayer.ocx) version 2.6 when handling overly long arguments to the ConvertFile() method. An attacker can exploit this…
CVE-2025-34127 2025-07-16 N/A 0.0 A stack-based buffer overflow exists in Achat v0.150 in its default configuration. By sending a specially crafted message to the UDP port 9256, an attacker can overwrite the…
CVE-2025-34126 2025-07-16 N/A 0.0 A path traversal vulnerability exists in RIPS Scanner version 0.54. The vulnerability allows remote attackers to read arbitrary files on the system with the privileges of the web…
CVE-2025-34125 2025-07-16 N/A 0.0 An unauthenticated command injection vulnerability exists in the cookie handling process of the lighttpd web server on D-Link DSP-W110A1 firmware version 1.05B01. This occurs when specially crafted cookie…
CVE-2025-34124 2025-07-16 N/A 0.0 A buffer overflow vulnerability exists in Heroes of Might and Magic III Complete 4.0.0.0, HD Mod 3.808 build 9, and Demo 1.0.0.0 via malicious .h3m map files that…
CVE-2025-52933 2025-07-17 N/A 0.0 Rejected reason: 3rd party vulnerability
CVE-2024-12498 2025-07-16 N/A 0.0 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-7703 2025-07-16 MEDIUM 6.8 Authentication vulnerability in the mobile application(tech.palm.id)may lead to the risk of information leakage.
CVE-2025-34123 2025-07-16 N/A 0.0 A stack-based buffer overflow vulnerability exists in VideoCharge Studio 2.12.3.685 when processing a specially crafted .VSC configuration file. The issue occurs due to improper handling of user-supplied data…
CVE-2025-34121 2025-07-16 N/A 0.0 An unauthenticated arbitrary file upload vulnerability exists in Idera Up.Time Monitoring Station versions up to and including 7.2. The `wizards/post2file.php` script accepts arbitrary POST parameters, allowing attackers to…
CVE-2025-40919 2025-07-16 MEDIUM 6.5 Authen::DigestMD5 versions 0.01 through 0.02 for Perl generate the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and…
CVE-2025-40918 2025-07-16 MEDIUM 6.5 Authen::SASL::Perl::DIGEST_MD5 versions 2.04 through 2.1800 for Perl generates the cnonce insecurely. The cnonce (client nonce) is generated from an MD5 hash of the PID, the epoch time and…
CVE-2025-40913 2025-07-16 MEDIUM 6.5 Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow. Net::Dropbear embeds a version of the libtommath library that is susceptible to…
CVE-2025-40923 2025-07-16 HIGH 7.3 Plack-Middleware-Session before version 0.35 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time,…
CVE-2025-34120 2025-07-16 N/A 0.0 An unauthenticated file download vulnerability exists in LimeSurvey versions from 2.0+ up to and including 2.06+ Build 151014. The application fails to validate serialized input to the admin…
CVE-2025-34119 2025-07-16 N/A 0.0 A remote file disclosure vulnerability exists in EasyCafe Server 2.2.14, exploitable by unauthenticated remote attackers via TCP port 831. The server listens for a custom protocol where opcode…
CVE-2025-34118 2025-07-16 N/A 0.0 A path traversal vulnerability exists in Linknat VOS Manager versions prior to 2.1.9.07, including VOS2009 and early VOS3000 builds, that allows unauthenticated remote attackers to read arbitrary files…
CVE-2025-34117 2025-07-16 N/A 0.0 A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor…
CVE-2025-32874 2025-07-16 HIGH 7.4 An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic…
CVE-2025-32353 2025-07-16 MEDIUM 4.8 Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
CVE-2025-27465 2025-07-16 MEDIUM 6.5 Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception,…
CVE-2024-42912 2025-07-16 MEDIUM 5.4 A cross-site scripting (XSS) vulnerability in META-INF Kft. Email This Issue (Data Center) before 9.13.0-GA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted…
CVE-2025-6983 2025-07-16 N/A 0.0 A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer…
CVE-2025-6982 2025-07-16 N/A 0.0 Use of Hard-coded Credentials in TP-Link Archer C50 V3(
CVE-2025-53908 2025-07-16 N/A 0.0 RomM is a self-hosted rom manager and player. Versions prior to 3.10.3 and 4.0.0-beta.3 have an authenticated path traversal vulnerability in the `/api/raw` endpoint. Anyone running the latest…
CVE-2025-6977 2025-07-16 MEDIUM 6.1 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘pm_get_messenger_notification’ function in all versions up to, and including,…
CVE-2025-2799 2025-07-16 MEDIUM 4.4 The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions…
« Anterior Página 984 de 4307 Siguiente »