Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2025-50124 2025-07-11 MEDIUM 6.9 CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a…
CVE-2025-50123 2025-07-11 HIGH 7.2 CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote command execution by a privileged account when the server is accessed via a…
CVE-2025-50122 2025-07-11 HIGH 8.3 CWE-331: Insufficient Entropy vulnerability exists that could cause root password discovery when the password generation algorithm is reverse engineered with access to installation or upgrade artifacts.
CVE-2025-50121 2025-07-11 CRITICAL 10.0 CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause unauthenticated remote code execution when a malicious folder is…
CVE-2025-3933 2025-07-11 MEDIUM 5.3 A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the DonutProcessor class's `token2json()` method. This vulnerability affects versions 4.50.3…
CVE-2025-6851 2025-07-11 HIGH 7.2 The Broken Link Notifier plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3.0 via the ajax_blinks() function which ultimately calls…
CVE-2025-6838 2025-07-11 MEDIUM 4.1 The Broken Link Notifier plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 1.3.0 via broken links that are later exported. This…
CVE-2025-6438 2025-07-11 MEDIUM 6.8 CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause manipulation of SOAP API calls and XML external entities injection resulting in unauthorized file access…
CVE-2025-7442 2025-07-11 HIGH 7.5 The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions…
CVE-2025-6745 2025-07-11 MEDIUM 5.3 The WoodMart plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 8.2.5 via the woodmart_get_posts_by_query() function due to insufficient restrictions on which…
CVE-2025-6068 2025-07-11 MEDIUM 6.4 The FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption-title` & `data-caption-description` HTML attributes…
CVE-2025-5530 2025-07-11 MEDIUM 6.4 The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shortcode_btn' shortcode in all versions up to, and including, 6.4.6…
CVE-2025-4593 2025-07-11 MEDIUM 6.5 The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.2 via the 'rp_user_data' shortcode. This…
CVE-2025-6716 2025-07-11 MEDIUM 6.4 The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to…
CVE-2025-5992 2025-07-11 N/A 0.0 When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC…
CVE-2025-5392 2025-07-11 CRITICAL 9.8 The GB Forms DB plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.0.2 via the gbfdb_talk_to_front() function. This is due…
CVE-2025-5028 2025-07-11 N/A 0.0 Installation file of ESET security products on Windows allow an attacker to misuse to delete an arbitrary file without having the permissions to do so.
CVE-2025-30026 2025-07-11 N/A 0.0 The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required.
CVE-2025-30025 2025-07-11 N/A 0.0 The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.
CVE-2025-30024 2025-07-11 MEDIUM 6.8 The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.
CVE-2025-30023 2025-07-11 CRITICAL 9.0 The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.
CVE-2025-2942 2025-07-11 N/A 0.0 The Order Delivery Date WordPress plugin before 12.6.0 discloses arbitrary post title (such as from draft and private posts) via an unauthenticated AJAX action, allowing attackers to retrieve…
CVE-2025-7401 2025-07-11 CRITICAL 9.8 The Premium Age Verification / Restriction for WordPress plugin for WordPress is vulnerable to arbitrary file read and write due to the existence of an insufficiently protected remote…
CVE-2025-53852 2025-07-11 N/A 0.0 Rejected reason: Not used
CVE-2025-53851 2025-07-11 N/A 0.0 Rejected reason: Not used
CVE-2025-53850 2025-07-11 N/A 0.0 Rejected reason: Not used
CVE-2025-53849 2025-07-11 N/A 0.0 Rejected reason: Not used
CVE-2025-53848 2025-07-11 N/A 0.0 Rejected reason: Not used
CVE-2025-5241 2025-07-11 MEDIUM 5.3 Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly…
CVE-2025-53515 2025-07-11 HIGH 8.8 A vulnerability exists in Advantech iView that allows for SQL injection and remote code execution through NetworkServlet.archiveTrap(). This issue requires an authenticated attacker with at least user-level privileges.…
CVE-2025-53509 2025-07-11 MEDIUM 6.5 A vulnerability exists in Advantech iView that allows for argument injection in the NetworkServlet.restoreDatabase(). This issue requires an authenticated attacker with at least user-level privileges. An input parameter…
CVE-2025-53471 2025-07-11 MEDIUM 5.1 Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data…
CVE-2025-53397 2025-07-11 MEDIUM 5.4 A vulnerability exists in Advantech iView versions prior to 5.7.05 build 7057, which could allow a reflected cross-site scripting (XSS) attack. By exploiting this flaw, an attacker could…
CVE-2025-52579 2025-07-11 CRITICAL 9.4 Emerson ValveLink Products store sensitive information in cleartext in memory. The sensitive memory might be saved to disk, stored in a core dump, or remain uncleared if the…
CVE-2025-52459 2025-07-11 MEDIUM 6.5 A vulnerability exists in Advantech iView that allows for argument injection in NetworkServlet.backupDatabase(). This issue requires an authenticated attacker with at least user-level privileges. Certain parameters can be…
CVE-2025-50109 2025-07-11 HIGH 7.7 Emerson ValveLink Products store sensitive information in cleartext within a resource that might be accessible to another control sphere.
CVE-2025-48496 2025-07-11 MEDIUM 5.1 Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended…
CVE-2025-46358 2025-07-11 HIGH 7.7 Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CVE-2025-31267 2025-07-10 N/A 0.0 An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may…
CVE-2025-1727 2025-07-10 HIGH 8.1 The protocol used for remote linking over RF for End-of-Train and Head-of-Train (also known as a FRED) relies on a BCH checksum for packet creation. It is possible…
CVE-2025-7417 2025-07-10 HIGH 8.8 A vulnerability has been found in Tenda O3V2 1.0.0.12(3880) and classified as critical. Affected by this vulnerability is the function fromNetToolGet of the file /goform/setPingInfo of the component…
CVE-2025-7416 2025-07-10 HIGH 8.8 A vulnerability, which was classified as critical, was found in Tenda O3V2 1.0.0.12(3880). Affected is the function fromSysToolTime of the file /goform/setSysTimeInfo of the component httpd. The manipulation…
CVE-2025-6392 2025-07-10 N/A 0.0 Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit…
CVE-2025-53637 2025-07-10 MEDIUM 4.1 Meshtastic is an open source mesh networking solution. The main_matrix.yml GitHub Action is triggered by the pull_request_target event, which has extensive permissions, and can be initiated by an…
CVE-2025-24798 2025-07-10 MEDIUM 4.3 Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains want_response==true causes a crash. This can lead…
CVE-2025-7415 2025-07-10 MEDIUM 6.3 A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd.…
CVE-2025-7414 2025-07-10 MEDIUM 6.3 A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of…
CVE-2025-6390 2025-07-10 N/A 0.0 Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the…
CVE-2025-53629 2025-07-10 HIGH 7.5 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.23.0, incoming requests using Transfer-Encoding: chunked in the header can allocate memory arbitrarily in the server,…
CVE-2025-53628 2025-07-10 N/A 0.0 cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.20.1, cpp-httplib does not have a limit for a unique line, permitting an attacker to explore…
« Anterior Página 998 de 4307 Siguiente »